net/rds: Fix order of intitialization in rds_ib_add_one.

gerd-rausch · Somasundaram Krishnasamy · commit 544cd2fbb98e · 2018-01-25T12:09:56.000-08:00
As the linked list rds_ibdev->ipaddr_list is traversed inside rds_ib_dev_free, in case there was an error, when it wasn't initialized yet. Symptom (stack trace): --------%<--------%<--------%<--------%<--------%<--------%<-------- [ 82.847543] NULL pointer dereference at (null) [ 82.913786] IP: [<ffffffffa0619190>] rds_ib_dev_free+0x30/0x80 [rds_rdma] [ 82.995353] PGD 0 [ 83.019782] Oops: 0000 [#1] SMP [ 83.058783] Modules linked in: rds_rdma rds ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm mlx4_vnic ext3 jbd mbcache vhost_net macvtap macvlan vhost tun kvm_intel kvm uinput iTCO_wdt iTCO_vendor_support mlx4_ib ib_sa mlx4_en pcspkr ib_mad mlx4_core sb_edac edac_core i2c_i801 lpc_ich mfd_core shpchp sg ipmi_ssif i2c_core ipmi_si ipmi_msghandler ioatdma mlx5_ib ib_core ib_addr ipv6 mlx5_core ixgbe dca ptp pps_core vxlan udp_tunnel ip6_udp_tunnel mdio ext4 jbd2 mbcache2 sd_mod ahci libahci usb_storage mpt3sas scsi_transport_sas raid_class dm_mirror dm_region_hash dm_log dm_mod [ 83.701325] CPU: 0 PID: 2337 Comm: kworker/u64:4 Not tainted 4.1.12-116.el6uek.x86_64 #2 [ 83.798584] Hardware name: Oracle Corporation SUN SERVER X4-2 /ASSY,MOTHERBOARD,1U , BIOS 25010601 09/18/2013 [ 83.926011] Workqueue: krdsd rds_ib_dev_free [rds_rdma] [ 83.988901] task: ffff8808568b3800 ti: ffff8808482a4000 task.ti: ffff8808482a4000 [ 84.078890] RIP: 0010:[<ffffffffa0619190>] [<ffffffffa0619190>] rds_ib_dev_free+0x30/0x80 [rds_rdma] [ 84.189861] RSP: 0018:ffff8808482a7db8 EFLAGS: 00010207 [ 84.253607] RAX: 0000000000000000 RBX: ffff88085bd90910 RCX: 000000000001475f [ 84.339213] RDX: 000000000001475e RSI: ffff880fe23e5480 RDI: ffff88085bd90998 [ 84.424808] RBP: ffff8808482a7dd8 R08: 000000000001aac0 R09: ffff88085f407980 [ 84.510419] R10: ffffffffa02c91de R11: 0000000000000000 R12: 0000000000000000 [ 84.596108] R13: ffff88085bd90010 R14: ffff88085bd90000 R15: 0000000000000000 [ 84.681718] FS: 0000000000000000(0000) GS:ffff88085fa00000(0000) knlGS:0000000000000000 [ 84.779052] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.848008] CR2: 0000000000000000 CR3: 0000000001ad2000 CR4: 00000000001406f0 [ 84.933634] Stack: [ 84.957936] ffff88085bd90910 ffff880849baeb40 ffff88085f411c00 ffff880858e4bd00 [ 85.047271] ffff8808482a7e38 ffffffff810a0b99 ffff8808568b3800 ffff88085bd90918 [ 85.136717] ffff88085f411c00 ffff880858e4bd05 ffff880849baeb70 ffff880849baeb40 [ 85.226058] Call Trace: [ 85.255507] [<ffffffff810a0b99>] process_one_work+0x159/0x4c0 [ 85.325505] [<ffffffff810a1750>] worker_thread+0x120/0x490 [ 85.392397] [<ffffffff816eaf4b>] ? __schedule+0x30b/0x860 [ 85.458320] [<ffffffff810a1630>] ? maybe_create_worker+0x120/0x120 [ 85.533531] [<ffffffff810a1630>] ? maybe_create_worker+0x120/0x120 [ 85.608835] [<ffffffff810a721e>] kthread+0xce/0xf0 [ 85.667475] [<ffffffff810a7150>] ? kthread_freezable_should_stop+0x70/0x70 [ 85.750999] [<ffffffff816f0b62>] ret_from_fork+0x42/0x70 [ 85.815803] [<ffffffff810a7150>] ? kthread_freezable_should_stop+0x70/0x70 [ 85.899427] Code: 56 41 55 41 54 53 0f 1f 44 00 00 4c 8d b7 f0 f6 ff ff 48 89 fb 4c 89 f7 4d 8d 6e 10 e8 fa fe ff ff 4c 8b a3 00 f7 ff ff 4d 39 ec <49> 8b 1c 24 4c 89 e7 75 0a eb 23 0f 1f 44 00 00 48 89 c3 e8 28 [ 86.132682] RIP [<ffffffffa0619190>] rds_ib_dev_free+0x30/0x80 [rds_rdma] [ 86.215275] RSP <ffff8808482a7db8> [ 86.257186] CR2: 0000000000000000 [ 86.297024] ---[ end trace 2270f77f147b4c93 ]--- [ 86.357704] Kernel panic - not syncing: Fatal exception --------%<--------%<--------%<--------%<--------%<--------%<-------- Orabug: 27195622 Orabug: 27364391 Signed-off-by: Gerd Rausch <gerd.rausch@oracle.com> Reviewed-by: Sudhakar Dindukurti <sudhakar.dindukurti@oracle.com> Reviewed-by: Håkon Bugge <haakon.bugge@oracle.com> Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
diff --git a/net/rds/ib.c b/net/rds/ib.c
@@ -2020,6 +2020,9 @@ void rds_ib_add_one(struct ib_device *device)
 	if (!rds_ibdev)
 		goto free_attr;
 
+	INIT_LIST_HEAD(&rds_ibdev->ipaddr_list);
+	INIT_LIST_HEAD(&rds_ibdev->conn_list);
+
 	atomic_set(&rds_ibdev->free_dev, 1);
 	mutex_init(&rds_ibdev->free_dev_lock);
 	spin_lock_init(&rds_ibdev->spinlock);
@@ -2103,9 +2106,6 @@ void rds_ib_add_one(struct ib_device *device)
 		goto put_dev;
 	}
 
-	INIT_LIST_HEAD(&rds_ibdev->ipaddr_list);
-	INIT_LIST_HEAD(&rds_ibdev->conn_list);
-
 	if (rds_ib_srq_init(rds_ibdev))
 		goto put_dev;
 
