| Message ID | 20230620135519.9365-1-rpearsonhpe@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | RDMA/rxe: Fix error path code in rxe_create_qp | expand |
On Tue, Jun 20, 2023 at 08:55:17AM -0500, Bob Pearson wrote: > If a call to rxe_create_qp() fails in rxe_qp_from_init() > rxe_cleanup(qp) will be called. This code currently does not correctly > handle cases where not all qp resources are allocated and can seg > fault as reported below. The first two patches cleanup cases where > this happens. The third patch corrects an error in rxe_srq.c where > if caller requests a change in the srq size the correct new value > is not returned to caller. > > This patch series applies cleanly to the current for-next branch. > > Reported-by: syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@google.com/raw > Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c") > Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c") > Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> > --- > v2: Reverted a partially implemented change in patch 3/3 which was > incorrect. > > Bob Pearson (3): > RDMA/rxe: Move work queue code to subroutines > RDMA/rxe: Fix unsafe drain work queue code > RDMA/rxe: Fix rxe_m-dify_srq Applied to for-next, thanks Jason
If a call to rxe_create_qp() fails in rxe_qp_from_init() rxe_cleanup(qp) will be called. This code currently does not correctly handle cases where not all qp resources are allocated and can seg fault as reported below. The first two patches cleanup cases where this happens. The third patch corrects an error in rxe_srq.c where if caller requests a change in the srq size the correct new value is not returned to caller. This patch series applies cleanly to the current for-next branch. Reported-by: syzbot+2da1965168e7dbcba136@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@google.com/raw Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c") Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c") Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> --- v2: Reverted a partially implemented change in patch 3/3 which was incorrect. Bob Pearson (3): RDMA/rxe: Move work queue code to subroutines RDMA/rxe: Fix unsafe drain work queue code RDMA/rxe: Fix rxe_m-dify_srq drivers/infiniband/sw/rxe/rxe_comp.c | 4 + drivers/infiniband/sw/rxe/rxe_loc.h | 6 - drivers/infiniband/sw/rxe/rxe_qp.c | 163 ++++++++++++++++++--------- drivers/infiniband/sw/rxe/rxe_resp.c | 4 + drivers/infiniband/sw/rxe/rxe_srq.c | 60 ++++++---- 5 files changed, 152 insertions(+), 85 deletions(-) base-commit: 830f93f47068b1632cc127871fbf27e918efdf46