From 6244b53e16583308488e16b1680b0a94d3cac92e Mon Sep 17 00:00:00 2001 From: Hans Petter Selasky Date: Mon, 2 May 2022 13:10:09 +0200 Subject: [PATCH] ibcore: Allow passing NULL-pointers to ib_umem_release() FreeBSD commit b633e08c705fe43180567eae26923d6f6f98c8d9 removed the NULL-checks from the mlx4ib-driver. This fixes the following NULL-pointer panic when unloading mlx4ib: ib_umem_release() mlx4_ib_destroy_qp() ib_destroy_qp_user() ipoib_transport_dev_cleanup() ipoib_dev_cleanup() ipoib_remove_one() ib_unregister_client() ipoib_cleanup_module() linker_file_sysuninit() linker_file_unload() kern_kldunload() amd64_syscall() Linux commit: 836a0fbb3e76f704ad65ddfb57f00725245e509b MFC after: 1 week Submitted by: dandan@lysator.liu.se Sponsored by: Lysator ACS Sponsored by: NVIDIA Networking --- sys/ofed/drivers/infiniband/core/ib_umem.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/ofed/drivers/infiniband/core/ib_umem.c b/sys/ofed/drivers/infiniband/core/ib_umem.c index 48df27522a50..889908eed688 100644 --- a/sys/ofed/drivers/infiniband/core/ib_umem.c +++ b/sys/ofed/drivers/infiniband/core/ib_umem.c @@ -248,11 +248,13 @@ static void ib_umem_account(struct work_struct *work) */ void ib_umem_release(struct ib_umem *umem) { - struct ib_ucontext *context = umem->context; struct mm_struct *mm; struct task_struct *task; unsigned long diff; + if (!umem) + return; + if (umem->odp_data) { ib_umem_odp_release(umem); return; @@ -279,7 +281,7 @@ void ib_umem_release(struct ib_umem *umem) * up here and not be able to take the mmap_sem. In that case * we defer the vm_locked accounting to the system workqueue. */ - if (context->closing) { + if (umem->context->closing) { if (!down_write_trylock(&mm->mmap_sem)) { INIT_WORK(&umem->work, ib_umem_account); umem->mm = mm;