From 1024c8ba9bc32b3d56ae1595fb28b329b309c68f Mon Sep 17 00:00:00 2001
From: Arjun Vynipadath <arjun@chelsio.com>
Date: Wed, 11 Jul 2018 11:02:18 +0530
Subject: [PATCH] ib_core: Fix NULL pointer dereference while registering
 netdevice

Fixes the below NULL pointer dereference seen when loading ib_core

BUG: unable to handle kernel paging request at 0000000000007130
IP: [<ffffffffc0bca438>] netdevice_event+0x48/0x380 [ib_core]
PGD 800000009b5c4067 PUD d2f03067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: ib_core(OE+) macsec vsock_diag vsock sctp_diag sctp tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter devlink sunrpc csiostor cxgb3(OE) intel_powerclamp coretemp kvm_intel kvm irqbypass mdio gpio_ich compat(OE) iTCO_wdt iTCO_vendor_support scsi_transport_fc ppdev sg pcspkr scsi_tgt i2c_i801 lpc_ich tpm_infineon parport_pc parport i7core_edac ioatdma shpchp dca acpi_cpufreq ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic crct10dif_common mgag200 i2c_algo_bit drm_kms_helper
 syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ata_generic pata_acpi drm ata_piix libata crc32c_intel e1000e mptsas serio_raw scsi_transport_sas mptscsih i2c_core mptbase ptp pps_core floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: cxgb4]
CPU: 2 PID: 7402 Comm: insmod Kdump: loaded Tainted: G          IOE  ------------   3.10.0-862.el7.x86_64 #1
Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0        07/29/10
task: ffff8a598b5d0fd0 ti: ffff8a59cedc0000 task.ti: ffff8a59cedc0000
RIP: 0010:[<ffffffffc0bca438>]  [<ffffffffc0bca438>] netdevice_event+0x48/0x380 [ib_core]
RSP: 0018:ffff8a59cedc3c18  EFLAGS: 00010246
RAX: 0000000000000045 RBX: 0000000000006f6c RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8a5a1f293938 RDI: ffff8a5a1f293938
RBP: ffff8a59cedc3c98 R08: 000000000000000a R09: 0000000000000000
R10: 0000000000000494 R11: ffff8a59cedc3916 R12: ffff8a5a1cfef000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffa22fc9c8
FS:  00007fe58c4f2740(0000) GS:ffff8a5a1f280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000007130 CR3: 00000000d04ba000 CR4: 00000000000007e0
Call Trace:
 [<ffffffffc0bca3f0>] ? is_eth_port_inactive_slave+0x40/0x40 [ib_core]
 [<ffffffffa1be5cd8>] __register_netdevice_notifier+0xa8/0x200
 [<ffffffffc0bf9000>] ? 0xffffffffc0bf8fff
 [<ffffffffa1be5e43>] register_netdevice_notifier+0x13/0x20
 [<ffffffffc0bf9261>] roce_gid_mgmt_init+0x51/0x5c [ib_core]
 [<ffffffffc0bf9192>] ib_cache_setup+0x9/0xb [ib_core]
 [<ffffffffc0bf913f>] __init_backport+0x13f/0x189 [ib_core]
 [<ffffffffa160210a>] do_one_initcall+0xba/0x240
 [<ffffffffa170f5ac>] load_module+0x272c/0x2bc0
 [<ffffffffa19767a0>] ? ddebug_proc_write+0xf0/0xf0
 [<ffffffffa170b1e3>] ? copy_module_from_fd.isra.43+0x53/0x150
 [<ffffffffa170fbf6>] SyS_finit_module+0xa6/0xd0
 [<ffffffffa1d1f7d5>] system_call_fastpath+0x1c/0x21
 [<ffffffffa1d1f721>] ? system_call_after_swapgs+0xae/0x146
Code: 89 e6 53 48 83 ec 68 48 8b 1a 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 89 da f3 48 ab 48 c7 c7 70 37 be c0 e8 69 d7 13 e1 <66> 83 bb c4 01 00 00 01 74 26 31 c0 48 8b 5d e0 65 48 33 1c 25
RIP  [<ffffffffc0bca438>] netdevice_event+0x48/0x380 [ib_core]
 RSP <ffff8a59cedc3c18>
CR2: 0000000000007130
---
 patches/0002-BACKPORT-ib_core.patch | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/patches/0002-BACKPORT-ib_core.patch b/patches/0002-BACKPORT-ib_core.patch
index a3a509c..d730acc 100644
--- a/patches/0002-BACKPORT-ib_core.patch
+++ b/patches/0002-BACKPORT-ib_core.patch
@@ -14,7 +14,7 @@ Signed-off-by: Vladimir Sokolovsky <vlad@mellanox.com>
  drivers/infiniband/core/netlink.c       |  29 +++++++
  drivers/infiniband/core/nldev.c         |  25 ++++++
  drivers/infiniband/core/restrack.c      |   4 +
- drivers/infiniband/core/roce_gid_mgmt.c |  31 +++++++
+ drivers/infiniband/core/roce_gid_mgmt.c |  35 ++++++++
  drivers/infiniband/core/sa_query.c      |  47 ++++++++++
  drivers/infiniband/core/ucm.c           |  16 ++++
  drivers/infiniband/core/ucma.c          |  15 ++++
@@ -26,7 +26,7 @@ Signed-off-by: Vladimir Sokolovsky <vlad@mellanox.com>
  include/rdma/ib_verbs.h                 | 147 ++++++++++++++++++++++++++++++++
  include/rdma/rdma_netlink.h             |   4 +
  include/rdma/restrack.h                 |   2 +
- 23 files changed, 689 insertions(+), 1 deletion(-)
+ 23 files changed, 693 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
 index xxxxxxx..xxxxxxx xxxxxx
@@ -925,6 +925,18 @@ index xxxxxxx..xxxxxxx xxxxxx
  		break;
  
  	default:
+@@ -763,7 +794,11 @@ int __init roce_gid_mgmt_init(void)
+ 	 * last to make sure we will not miss any IP add/del
+ 	 * callbacks.
+ 	 */
++#ifdef HAVE_REGISTER_NETDEVICE_NOTIFIER_RH
++	register_netdevice_notifier_rh(&nb_netdevice);
++#else
+ 	register_netdevice_notifier(&nb_netdevice);
++#endif
+ 
+ 	return 0;
+ }
 diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c
 index xxxxxxx..xxxxxxx xxxxxx
 --- a/drivers/infiniband/core/sa_query.c
-- 
2.46.0