[lustre-devel] [PATCH 01/15] lnet: o2iblnd: Avoid NULL md deref

James Simmons jsimmons at infradead.org
Thu Oct 27 07:05:28 PDT 2022 

From: Chris Horn <chris.horn at hpe.com>

struct lnet_msg::msg_md is NULL when a router is forwarding a
REPLY. ko2iblnd attempts to access this pointer on the receive path.
This causes a panic.

Fixes: 4c95c6b6c7 (" lnet: Replace msg_rdma_force with a new md_flag LNET_MD_FLAG_GPU.")
HPE-bug-id: LUS-11269
WC-bug-id: https://jira.whamcloud.com/browse/LU-16211
Lustre-commit: f792297212387c2ff ("LU-16211 o2iblnd: Avoid NULL md deref")
Signed-off-by: Chris Horn <chris.horn at hpe.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/48777
Reviewed-by: Serguei Smirnov <ssmirnov at whamcloud.com>
Reviewed-by: James Simmons <jsimmons at infradead.org>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
 net/lnet/klnds/o2iblnd/o2iblnd_cb.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/lnet/klnds/o2iblnd/o2iblnd_cb.c b/net/lnet/klnds/o2iblnd/o2iblnd_cb.c
index 6f04096..3e3be065 100644
--- a/net/lnet/klnds/o2iblnd/o2iblnd_cb.c
+++ b/net/lnet/klnds/o2iblnd/o2iblnd_cb.c
@@ -1738,7 +1738,7 @@ static int kiblnd_map_tx(struct lnet_ni *ni, struct kib_tx *tx,
 	struct bio_vec *kiov = lntmsg->msg_kiov;
 	unsigned int offset = lntmsg->msg_offset;
 	unsigned int nob = lntmsg->msg_len;
-	struct lnet_libmd *payload_md = lntmsg->msg_md;
+	struct lnet_libmd *msg_md = lntmsg->msg_md;
 	struct kib_tx *tx;
 	int rc;
 
@@ -1749,7 +1749,7 @@ static int kiblnd_map_tx(struct lnet_ni *ni, struct kib_tx *tx,
 		goto failed_0;
 	}
 
-	tx->tx_gpu = !!(payload_md->md_flags & LNET_MD_FLAG_GPU);
+	tx->tx_gpu = msg_md ? (msg_md->md_flags & LNET_MD_FLAG_GPU) : 0;
 	if (!nob)
 		rc = 0;
 	else
@@ -1847,7 +1847,7 @@ static int kiblnd_map_tx(struct lnet_ni *ni, struct kib_tx *tx,
 	case IBLND_MSG_PUT_REQ: {
 		struct kib_msg *txmsg;
 		struct kib_rdma_desc *rd;
-		struct lnet_libmd *payload_md = lntmsg->msg_md;
+		struct lnet_libmd *msg_md = lntmsg->msg_md;
 
 		ibprm_cookie = rxmsg->ibm_u.putreq.ibprm_cookie;
 
@@ -1867,7 +1867,8 @@ static int kiblnd_map_tx(struct lnet_ni *ni, struct kib_tx *tx,
 			break;
 		}
 
-		tx->tx_gpu = !!(payload_md->md_flags & LNET_MD_FLAG_GPU);
+		tx->tx_gpu = msg_md ? (msg_md->md_flags & LNET_MD_FLAG_GPU) : 0;
+
 		txmsg = tx->tx_msg;
 		rd = &txmsg->ibm_u.putack.ibpam_rd;
 		rc = kiblnd_setup_rd_kiov(ni, tx, rd,
-- 
1.8.3.1

More information about the lustre-devel mailing list