IB/srp: Fix remove_one crash due to resource exhaustion
authorDotan Barak <dotanb@dev.mellanox.co.il>
Wed, 12 Jun 2013 13:20:36 +0000 (15:20 +0200)
committerRoland Dreier <roland@purestorage.com>
Thu, 27 Jun 2013 23:44:38 +0000 (16:44 -0700)
If the add_one callback fails during driver load no resources are
allocated so there isn't a need to release any resources. Trying
to clean the resource may lead to the following kernel panic:

    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP: [<ffffffffa0132331>] srp_remove_one+0x31/0x240 [ib_srp]
    RIP: 0010:[<ffffffffa0132331>]  [<ffffffffa0132331>] srp_remove_one+0x31/0x240 [ib_srp]
    Process rmmod (pid: 4562, threadinfo ffff8800dd738000, task ffff8801167e60c0)
    Call Trace:
     [<ffffffffa024500e>] ib_unregister_client+0x4e/0x120 [ib_core]
     [<ffffffffa01361bd>] srp_cleanup_module+0x15/0x71 [ib_srp]
     [<ffffffff810ac6a4>] sys_delete_module+0x194/0x260
     [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b

Signed-off-by: Dotan Barak <dotanb@dev.mellanox.co.il>
Reviewed-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Sebastian Riemer <sebastian.riemer@profitbricks.com>
Acked-by: David Dillow <dillowda@ornl.gov>
Signed-off-by: Roland Dreier <roland@purestorage.com>
drivers/infiniband/ulp/srp/ib_srp.c

index 7ccf3284dda3ae623d23f459fc2652c0ce734f5f..368d1606e16fddcee4efb84456461178b1282461 100644 (file)
@@ -2507,6 +2507,8 @@ static void srp_remove_one(struct ib_device *device)
        struct srp_target_port *target;
 
        srp_dev = ib_get_client_data(device, &srp_client);
+       if (!srp_dev)
+               return;
 
        list_for_each_entry_safe(host, tmp_host, &srp_dev->dev_list, list) {
                device_unregister(&host->dev);