| Message ID | 20220822011615.805603-3-yanjun.zhu@linux.dev (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Fixes for syzbot problem | expand |
On 8/21/22 20:16, yanjun.zhu@linux.dev wrote: > From: Zhu Yanjun <yanjun.zhu@linux.dev> > > When sock_create_kern in the function rxe_qp_init_req fails, > qp->sk is set to NULL. > > Then the function rxe_create_qp will call rxe_qp_do_cleanup > to handle allocated resource. > > Before handling qp->sk, this variable should be checked. > > Fixes: 8700e3e7c485 ("Soft RoCE driver") > Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev> > --- > drivers/infiniband/sw/rxe/rxe_qp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c > index f10b461b9963..b229052ae91a 100644 > --- a/drivers/infiniband/sw/rxe/rxe_qp.c > +++ b/drivers/infiniband/sw/rxe/rxe_qp.c > @@ -835,8 +835,10 @@ static void rxe_qp_do_cleanup(struct work_struct *work) > > free_rd_atomic_resources(qp); > > - kernel_sock_shutdown(qp->sk, SHUT_RDWR); > - sock_release(qp->sk); > + if (qp->sk) { > + kernel_sock_shutdown(qp->sk, SHUT_RDWR); > + sock_release(qp->sk); > + } > } > > /* called when the last reference to the qp is dropped */ Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
On 23/08/2022 03:01, Bob Pearson wrote: > On 8/21/22 20:16, yanjun.zhu@linux.dev wrote: >> From: Zhu Yanjun <yanjun.zhu@linux.dev> >> >> When sock_create_kern in the function rxe_qp_init_req fails, >> qp->sk is set to NULL. >> >> Then the function rxe_create_qp will call rxe_qp_do_cleanup >> to handle allocated resource. >> >> Before handling qp->sk, this variable should be checked. >> >> Fixes: 8700e3e7c485 ("Soft RoCE driver") >> Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev> Reviewed-by: Li Zhijian <lizhijian@fujitsu.com> >> --- >> drivers/infiniband/sw/rxe/rxe_qp.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c >> index f10b461b9963..b229052ae91a 100644 >> --- a/drivers/infiniband/sw/rxe/rxe_qp.c >> +++ b/drivers/infiniband/sw/rxe/rxe_qp.c >> @@ -835,8 +835,10 @@ static void rxe_qp_do_cleanup(struct work_struct *work) >> >> free_rd_atomic_resources(qp); >> >> - kernel_sock_shutdown(qp->sk, SHUT_RDWR); >> - sock_release(qp->sk); >> + if (qp->sk) { >> + kernel_sock_shutdown(qp->sk, SHUT_RDWR); >> + sock_release(qp->sk); >> + } >> } >> >> /* called when the last reference to the qp is dropped */ > Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c index f10b461b9963..b229052ae91a 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -835,8 +835,10 @@ static void rxe_qp_do_cleanup(struct work_struct *work) free_rd_atomic_resources(qp); - kernel_sock_shutdown(qp->sk, SHUT_RDWR); - sock_release(qp->sk); + if (qp->sk) { + kernel_sock_shutdown(qp->sk, SHUT_RDWR); + sock_release(qp->sk); + } } /* called when the last reference to the qp is dropped */