git: 6244b53e1658 - main - ibcore: Allow passing NULL-pointers to ib_umem_release()

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Hans Petter Selasky <hselasky_at_FreeBSD.org>
Date: Mon, 02 May 2022 11:12:04 UTC

The branch main has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=6244b53e16583308488e16b1680b0a94d3cac92e

commit 6244b53e16583308488e16b1680b0a94d3cac92e
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-05-02 11:10:09 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-05-02 11:11:06 +0000

    ibcore: Allow passing NULL-pointers to ib_umem_release()
    
    FreeBSD commit b633e08c705fe43180567eae26923d6f6f98c8d9 removed the
    NULL-checks from the mlx4ib-driver.
    
    This fixes the following NULL-pointer panic when unloading mlx4ib:
    ib_umem_release()
    mlx4_ib_destroy_qp()
    ib_destroy_qp_user()
    ipoib_transport_dev_cleanup()
    ipoib_dev_cleanup()
    ipoib_remove_one()
    ib_unregister_client()
    ipoib_cleanup_module()
    linker_file_sysuninit()
    linker_file_unload()
    kern_kldunload()
    amd64_syscall()
    
    Linux commit:
    836a0fbb3e76f704ad65ddfb57f00725245e509b
    
    MFC after:      1 week
    Submitted by:   dandan@lysator.liu.se
    Sponsored by:   Lysator ACS
    Sponsored by:   NVIDIA Networking
---
 sys/ofed/drivers/infiniband/core/ib_umem.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/ofed/drivers/infiniband/core/ib_umem.c b/sys/ofed/drivers/infiniband/core/ib_umem.c
index 48df27522a50..889908eed688 100644
--- a/sys/ofed/drivers/infiniband/core/ib_umem.c
+++ b/sys/ofed/drivers/infiniband/core/ib_umem.c
@@ -248,11 +248,13 @@ static void ib_umem_account(struct work_struct *work)
  */
 void ib_umem_release(struct ib_umem *umem)
 {
-	struct ib_ucontext *context = umem->context;
 	struct mm_struct *mm;
 	struct task_struct *task;
 	unsigned long diff;
 
+	if (!umem)
+		return;
+
 	if (umem->odp_data) {
 		ib_umem_odp_release(umem);
 		return;
@@ -279,7 +281,7 @@ void ib_umem_release(struct ib_umem *umem)
 	 * up here and not be able to take the mmap_sem.  In that case
 	 * we defer the vm_locked accounting to the system workqueue.
 	 */
-	if (context->closing) {
+	if (umem->context->closing) {
 		if (!down_write_trylock(&mm->mmap_sem)) {
 			INIT_WORK(&umem->work, ib_umem_account);
 			umem->mm   = mm;