From f792297212387c2ff1b1dd6ead1e2d451a375ade Mon Sep 17 00:00:00 2001 From: Chris Horn Date: Mon, 3 Oct 2022 15:34:11 -0600 Subject: [PATCH] LU-16211 o2iblnd: Avoid NULL md deref struct lnet_msg::msg_md is NULL when a router is forwarding a REPLY. ko2iblnd attempts to access this pointer on the receive path. This causes a panic. Test-Parameters: trivial Fixes: 959304eac7 ("LU-15189 lnet: fix memory mapping.") HPE-bug-id: LUS-11269 Signed-off-by: Chris Horn Change-Id: I0c1dbb1e0bcd3c17b278f358755d465f7bbbb2b0 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/48777 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Serguei Smirnov Reviewed-by: James Simmons Reviewed-by: Oleg Drokin --- lnet/klnds/o2iblnd/o2iblnd_cb.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lnet/klnds/o2iblnd/o2iblnd_cb.c b/lnet/klnds/o2iblnd/o2iblnd_cb.c index a18b1b78..ff6819c 100644 --- a/lnet/klnds/o2iblnd/o2iblnd_cb.c +++ b/lnet/klnds/o2iblnd/o2iblnd_cb.c @@ -1840,7 +1840,7 @@ kiblnd_reply(struct lnet_ni *ni, struct kib_rx *rx, struct lnet_msg *lntmsg) struct bio_vec *kiov = lntmsg->msg_kiov; unsigned int offset = lntmsg->msg_offset; unsigned int nob = lntmsg->msg_len; - struct lnet_libmd *payload_md = lntmsg->msg_md; + struct lnet_libmd *msg_md = lntmsg->msg_md; struct kib_tx *tx; int rc; @@ -1851,7 +1851,9 @@ kiblnd_reply(struct lnet_ni *ni, struct kib_rx *rx, struct lnet_msg *lntmsg) goto failed_0; } - tx->tx_gpu = !!(payload_md->md_flags & LNET_MD_FLAG_GPU); + + tx->tx_gpu = msg_md ? (msg_md->md_flags & LNET_MD_FLAG_GPU) : 0; + if (nob == 0) rc = 0; else @@ -1883,8 +1885,8 @@ kiblnd_reply(struct lnet_ni *ni, struct kib_rx *rx, struct lnet_msg *lntmsg) tx->tx_lntmsg[0] = lntmsg; } - kiblnd_queue_tx(tx, rx->rx_conn); - return; + kiblnd_queue_tx(tx, rx->rx_conn); + return; failed_1: @@ -1949,7 +1951,7 @@ kiblnd_recv(struct lnet_ni *ni, void *private, struct lnet_msg *lntmsg, case IBLND_MSG_PUT_REQ: { struct kib_msg *txmsg; struct kib_rdma_desc *rd; - struct lnet_libmd *payload_md = lntmsg->msg_md; + struct lnet_libmd *msg_md = lntmsg->msg_md; ibprm_cookie = rxmsg->ibm_u.putreq.ibprm_cookie; if (mlen == 0) { @@ -1968,7 +1970,8 @@ kiblnd_recv(struct lnet_ni *ni, void *private, struct lnet_msg *lntmsg, break; } - tx->tx_gpu = !!(payload_md->md_flags & LNET_MD_FLAG_GPU); + tx->tx_gpu = msg_md ? (msg_md->md_flags & LNET_MD_FLAG_GPU) : 0; + txmsg = tx->tx_msg; rd = &txmsg->ibm_u.putack.ibpam_rd; rc = kiblnd_setup_rd_kiov(ni, tx, rd, -- 1.8.3.1