From patchwork Wed Apr 15 16:06:23 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
X-Patchwork-Id: 461582
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 2E57F1401DE
	for <patchwork-incoming@ozlabs.org>;
	Thu, 16 Apr 2015 02:07:15 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=neutral
	reason="verification failed; unprotected key/testing"
	header.d=obsidianresearch.com header.i=@obsidianresearch.com
	header.b=YtoCCG4w; dkim-adsp=none (unprotected policy);
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932101AbbDOQHL (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Wed, 15 Apr 2015 12:07:11 -0400
Received: from quartz.orcorp.ca ([184.70.90.242]:51561 "EHLO
	quartz.orcorp.ca"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754295AbbDOQHG (ORCPT <rfc822;netdev@vger.kernel.org>);
	Wed, 15 Apr 2015 12:07:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=obsidianresearch.com; s=rsa1;
	h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date;
	bh=rnwmsTdVI2FwWMrKBOWUay+wZE2vdT98oFFs+17wrjc=;
	b=YtoCCG4w0kO33J507OlaT7g2CmaOz4qL8xLJWVpJ3Pjh/GJcy4Ca1MY5tYHllKm4qdL+Pt5z4+NaGzd9tmk1xqnMzXKCTz4AoM9RK1j5sQcWkGch0ICsW0k6kU+Yk2W0Q8PwYm4S+seBdqVadC6hbXBSE+zPkepHI7dtRgwpcf8=;
Received: from [10.0.0.183] (helo=jggl.edm.orcorp.ca)
	by quartz.orcorp.ca with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.84) (envelope-from <jgunthorpe@obsidianresearch.com>)
	id 1YiPpY-0004QP-5Z; Wed, 15 Apr 2015 10:06:24 -0600
Received: from jgg by jggl.edm.orcorp.ca with local (Exim 4.82)
	(envelope-from <jgunthorpe@obsidianresearch.com>)
	id 1YiPpX-00083k-VW; Wed, 15 Apr 2015 10:06:24 -0600
Date: Wed, 15 Apr 2015 10:06:23 -0600
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Erez Shitrit <erezsh@dev.mellanox.co.il>
Cc: Honggang Li <honli@redhat.com>, Roland Dreier <roland@kernel.org>,
	sean.hefty@intel.com, hal.rosenstock@gmail.com, kaber@trash.net,
	davem@davemloft.net, Alex Estrin <alex.estrin@intel.com>,
	Doug Ledford <dledford@redhat.com>, edumazet@google.com,
	Erez Shitrit <erezsh@mellanox.com>, nicolas.dichtel@6wind.com,
	maheshb@google.com, jbenc@redhat.com, ebiederm@xmission.com,
	elfring@users.sourceforge.net, f.fainelli@gmail.com,
	linux@roeck-us.net, andrew@lunn.ch, sfeldma@gmail.com,
	alexander.h.duyck@intel.com,
	"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL
	pointer dereference in ipoib_get_iflink
Message-ID: <20150415160623.GA4653@obsidianresearch.com>
References: <1429024817-21561-1-git-send-email-honli@redhat.com>
	<1429024817-21561-2-git-send-email-honli@redhat.com>
	<CAAk-MO-O9sjHQvDfCEuzJJPvUMXJTuRaCzrCkB0xc1DUfK8Aew@mail.gmail.com>
	<20150414204133.GJ7682@obsidianresearch.com>
	<552E026A.4020200@dev.mellanox.co.il>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <552E026A.4020200@dev.mellanox.co.il>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.183
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote:
> >>+       /* parent interface */
> >>+       if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags))
> >>+               return dev->ifindex;
> >>+
> >>+       /* child/vlan interface */
> >>+       if (!priv->parent)
> >>+               return -1;

> >Like was said for other drivers, I can't see how parent can be null
> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if.

> It can, at least for ipoib child interface (AKA "vlan"), you can't
> control the call for that ndo and it can be called before the parent
> was set.

If the ndo can be called before the netdev private structures are fully
prepared then we have another bug, and returning -1 or 0 is not the right
answer anyhow.

For safety, fold this into your patch.
---
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
index 9fad7b5ac8b9..e62b007adf5d 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
        /* MTU will be reset when mcast join happens */
        priv->dev->mtu   = IPOIB_UD_MTU(priv->max_ib_mtu);
        priv->mcast_mtu  = priv->admin_mtu = priv->dev->mtu;
+       priv->parent = ppriv->dev;
        set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags);
 
        result = ipoib_set_dev_features(priv, ppriv->ca);
@@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
                goto register_failed;
        }
 
-       priv->parent = ppriv->dev;
-
        ipoib_create_debug_files(priv->dev);
 
        /* RTNL childs don't need proprietary sysfs entries */