[openib-general] [PATCH][SDP] fix panic when cat'ing /proc/net/sdp/conn_main

Tom Duffy tduffy at sun.com
Mon Apr 25 10:09:00 PDT 2005


If you start up a something like ./ttcp.aio.x -r -l 65536 -a 20 with no
SM running on your subnet, and then cat /proc/net/sdp/conn_main, you
will panic:

Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP:
<ffffffff882af935>{:ib_sdp:sdp_proc_dump_conn_main+469}
PGD 33943067 PUD 338ad067 PMD 0
Oops: 0000 [1] SMP
CPU 0
Modules linked in: ib_sdp ib_cm ib_ipoib ib_sa md5 ipv6 parport_pc lp parport autofs4 nfs lockd rfcomm l2cap bluetooth pcmcia yenta_socket rsrc_nonstatic pcmcia_core sunrpc ext3 jbd dm_mod video container button battery ac ohci_hcd i2c_amd756 i2c_core ib_mthca ib_mad ib_core tg3 floppy xfs exportfs mptscsih mptbase sd_mod scsi_mod
Pid: 5548, comm: cat Not tainted 2.6.11.7openib
RIP: 0010:[<ffffffff882af935>] <ffffffff882af935>{:ib_sdp:sdp_proc_dump_conn_main+469}
RSP: 0018:ffff8100778cbd78  EFLAGS: 00010056
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff882c24f0 RDI: ffff810033f9418a
RBP: 000000000000018a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: ffff81003a9219c0 R12: 0000000000000000
R13: ffff810033f94000 R14: 0000000000000400 R15: ffff8100778cbe98
FS:  00002aaaaaad4b00(0000) GS:ffffffff8047dc00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 000000003385d000 CR4: 00000000000006e0
Process cat (pid: 5548, threadinfo ffff8100778ca000, task ffff81007f3bcf50)
Stack: ffff8100778cbddc ffff81003b402010 ffff81003bbfb9b0 ffff81003bb6a940
       ffff81003bb6a940 0000000000000292 0000000000000292 ffffffff8016be89
       ffff8100000015a5 0000000000000000
Call Trace:<ffffffff8016be89>{do_no_page+729} <ffffffff882a8b25>{:ib_sdp:sdp_proc_read_parse+37}
       <ffffffff801b7093>{proc_file_read+227} <ffffffff8017d725>{vfs_read+229}
       <ffffffff8017da33>{sys_read+83} <ffffffff8010e3da>{system_call+126}

After this patch:

[root at sins-stinger-10 ~]# cat /proc/net/sdp/conn_main
dst address:port src address:port  ID  comm_id  pid      dst guid         src guid     dlid slid dqpn   sqpn   data sent buff'd data rcvd_buff'd   data written      data read     src_serv snk_serv
---------------- ---------------- ---- -------- ---- ---------------- ---------------- ---- ---- ------ ------ ---------------- ---------------- ---------------- ---------------- -------- --------
00.00.00.00:0000 00.00.00.00:1389 0000 00000000 155a 0000000000000000 0000000000000000 0000 0000 000000 000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000 00000000

Signed-off-by: Tom Duffy <tduffy at sun.com>

Index: linux-2.6.11-openib/drivers/infiniband/ulp/sdp/sdp_conn.c
===================================================================
--- linux-2.6.11-openib/drivers/infiniband/ulp/sdp/sdp_conn.c	(revision 2207)
+++ linux-2.6.11-openib/drivers/infiniband/ulp/sdp/sdp_conn.c	(working copy)
@@ -1384,7 +1384,7 @@ int sdp_proc_dump_conn_main(char *buffer
 				  ((conn->src_addr >> 24) & 0xff),
 				  conn->src_port, 
 				  conn->hashent,
-				  conn->cm_id->local_id,
+				  conn->cm_id ? conn->cm_id->local_id : 0,
 				  conn->pid,
 				  (u32)((d_guid >> 32) & 0xffffffff),
 				  (u32)(d_guid & 0xffffffff),





More information about the general mailing list