[for-next,0/3] RDMA/rxe: Fix error path code in rxe_create_qp

Message ID	20230619202110.45680-1-rpearsonhpe@gmail.com (mailing list archive)
Headers	show Return-Path: <linux-rdma-owner@vger.kernel.org> From: Bob Pearson <rpearsonhpe@gmail.com> To: jgg@nvidia.com, zyjzyj2000@gmail.com, linux-rdma@vger.kernel.org Cc: Bob Pearson <rpearsonhpe@gmail.com>, syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com Subject: [PATCH for-next 0/3] RDMA/rxe: Fix error path code in rxe_create_qp Date: Mon, 19 Jun 2023 15:21:08 -0500 Message-Id: <20230619202110.45680-1-rpearsonhpe@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	RDMA/rxe: Fix error path code in rxe_create_qp \| expand [for-next,0/3] RDMA/rxe: Fix error path code in rxe_create_qp [for-next,1/3] RDMA/rxe: Move work queue code to subroutines [for-next,2/3] RDMA/rxe: Fix unsafe drain work queue code [for-next,3/3] RDMA/rxe: Fix rxe_m-dify_srq

Message ID

20230619202110.45680-1-rpearsonhpe@gmail.com (mailing list archive)

Headers

From: Bob Pearson <rpearsonhpe@gmail.com>
To: jgg@nvidia.com, zyjzyj2000@gmail.com, linux-rdma@vger.kernel.org
Cc: Bob Pearson <rpearsonhpe@gmail.com>,
        syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com
Subject: [PATCH for-next 0/3] RDMA/rxe: Fix error path code in rxe_create_qp
Date: Mon, 19 Jun 2023 15:21:08 -0500
Message-Id: <20230619202110.45680-1-rpearsonhpe@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

RDMA/rxe: Fix error path code in rxe_create_qp | expand

Message

Bob Pearson June 19, 2023, 8:21 p.m. UTC

If a call to rxe_create_qp() fails in rxe_qp_from_init()
rxe_cleanup(qp) will be called. This code currently does not correctly
handle cases where not all qp resources are allocated and can seg
fault as reported below. The first two patches cleanup cases where
this happens. The third patch corrects an error in rxe_srq.c where
if caller requests a change in the srq size the correct new value
is not returned to caller.

Reported-by: syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@google.com/raw
Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c")
Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c")
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>

Bob Pearson (3):
  RDMA/rxe: Move work queue code to subroutines
  RDMA/rxe: Fix unsafe drain work queue code
  RDMA/rxe: Fix rxe_modify_srq

 drivers/infiniband/sw/rxe/rxe_comp.c |   4 +
 drivers/infiniband/sw/rxe/rxe_loc.h  |   6 -
 drivers/infiniband/sw/rxe/rxe_qp.c   | 163 ++++++++++++++++++---------
 drivers/infiniband/sw/rxe/rxe_resp.c |   4 +
 drivers/infiniband/sw/rxe/rxe_srq.c  |  55 +++++----
 5 files changed, 150 insertions(+), 82 deletions(-)


base-commit: 830f93f47068b1632cc127871fbf27e918efdf46

Comments

Zhu Yanjun June 19, 2023, 10:45 p.m. UTC | #1

On Tue, Jun 20, 2023 at 4:21 AM Bob Pearson <rpearsonhpe@gmail.com> wrote:
>
> If a call to rxe_create_qp() fails in rxe_qp_from_init()
> rxe_cleanup(qp) will be called. This code currently does not correctly
> handle cases where not all qp resources are allocated and can seg
> fault as reported below. The first two patches cleanup cases where
> this happens. The third patch corrects an error in rxe_srq.c where
> if caller requests a change in the srq size the correct new value
> is not returned to caller.
>
> Reported-by: syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@google.com/raw
> Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c")
> Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c")
> Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>

Can not apply these commits to Linux 6.4-rc7.

Zhu Yanjun

>
> Bob Pearson (3):
>   RDMA/rxe: Move work queue code to subroutines
>   RDMA/rxe: Fix unsafe drain work queue code
>   RDMA/rxe: Fix rxe_modify_srq
>
>  drivers/infiniband/sw/rxe/rxe_comp.c |   4 +
>  drivers/infiniband/sw/rxe/rxe_loc.h  |   6 -
>  drivers/infiniband/sw/rxe/rxe_qp.c   | 163 ++++++++++++++++++---------
>  drivers/infiniband/sw/rxe/rxe_resp.c |   4 +
>  drivers/infiniband/sw/rxe/rxe_srq.c  |  55 +++++----
>  5 files changed, 150 insertions(+), 82 deletions(-)
>
>
> base-commit: 830f93f47068b1632cc127871fbf27e918efdf46
> --
> 2.39.2
>

Bob Pearson June 20, 2023, 3:10 a.m. UTC | #2

On 6/19/23 17:45, Zhu Yanjun wrote:
> On Tue, Jun 20, 2023 at 4:21 AM Bob Pearson <rpearsonhpe@gmail.com> wrote:
>>
>> If a call to rxe_create_qp() fails in rxe_qp_from_init()
>> rxe_cleanup(qp) will be called. This code currently does not correctly
>> handle cases where not all qp resources are allocated and can seg
>> fault as reported below. The first two patches cleanup cases where
>> this happens. The third patch corrects an error in rxe_srq.c where
>> if caller requests a change in the srq size the correct new value
>> is not returned to caller.
>>
>> Reported-by: syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com
>> Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@google.com/raw
>> Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c")
>> Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c")
>> Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
> 
> Can not apply these commits to Linux 6.4-rc7.
> 
> Zhu Yanjun
> 
>>
>> Bob Pearson (3):
>>   RDMA/rxe: Move work queue code to subroutines
>>   RDMA/rxe: Fix unsafe drain work queue code
>>   RDMA/rxe: Fix rxe_modify_srq
>>
>>  drivers/infiniband/sw/rxe/rxe_comp.c |   4 +
>>  drivers/infiniband/sw/rxe/rxe_loc.h  |   6 -
>>  drivers/infiniband/sw/rxe/rxe_qp.c   | 163 ++++++++++++++++++---------
>>  drivers/infiniband/sw/rxe/rxe_resp.c |   4 +
>>  drivers/infiniband/sw/rxe/rxe_srq.c  |  55 +++++----
>>  5 files changed, 150 insertions(+), 82 deletions(-)
>>
>>
>> base-commit: 830f93f47068b1632cc127871fbf27e918efdf46
>> --
>> 2.39.2
>>

They applied to current for-next.