| Message ID | 20220822011615.805603-2-yanjun.zhu@linux.dev (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Fixes for syzbot problem | expand |
On 8/21/22 20:16, yanjun.zhu@linux.dev wrote: > From: Zhu Yanjun <yanjun.zhu@linux.dev> > > When rxe_queue_init in the function rxe_qp_init_req fails, > both qp->req.task.func and qp->req.task.arg are not initialized. > > Because of creation of qp fails, the function rxe_create_qp will > call rxe_qp_do_cleanup to handle allocated resource. > > Before calling __rxe_do_task, both qp->req.task.func and > qp->req.task.arg should be checked. > > Fixes: 8700e3e7c485 ("Soft RoCE driver") > Reported-by: syzbot+ab99dc4c6e961eed8b8e@syzkaller.appspotmail.com > Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev> > --- > drivers/infiniband/sw/rxe/rxe_qp.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c > index 516bf9b95e48..f10b461b9963 100644 > --- a/drivers/infiniband/sw/rxe/rxe_qp.c > +++ b/drivers/infiniband/sw/rxe/rxe_qp.c > @@ -797,7 +797,9 @@ static void rxe_qp_do_cleanup(struct work_struct *work) > rxe_cleanup_task(&qp->comp.task); > > /* flush out any receive wr's or pending requests */ > - __rxe_do_task(&qp->req.task); > + if (qp->req.task.func && qp->req.task.arg) func would be enough since they get set together. But, this is still fine since not performance critical. > + __rxe_do_task(&qp->req.task); > + > if (qp->sq.queue) { > __rxe_do_task(&qp->comp.task); > __rxe_do_task(&qp->req.task); Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
On 23/08/2022 03:00, Bob Pearson wrote: > On 8/21/22 20:16, yanjun.zhu@linux.dev wrote: >> From: Zhu Yanjun <yanjun.zhu@linux.dev> >> >> When rxe_queue_init in the function rxe_qp_init_req fails, >> both qp->req.task.func and qp->req.task.arg are not initialized. >> >> Because of creation of qp fails, the function rxe_create_qp will >> call rxe_qp_do_cleanup to handle allocated resource. >> >> Before calling __rxe_do_task, both qp->req.task.func and >> qp->req.task.arg should be checked. >> >> Fixes: 8700e3e7c485 ("Soft RoCE driver") >> Reported-by: syzbot+ab99dc4c6e961eed8b8e@syzkaller.appspotmail.com >> Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev> >> --- >> drivers/infiniband/sw/rxe/rxe_qp.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c >> index 516bf9b95e48..f10b461b9963 100644 >> --- a/drivers/infiniband/sw/rxe/rxe_qp.c >> +++ b/drivers/infiniband/sw/rxe/rxe_qp.c >> @@ -797,7 +797,9 @@ static void rxe_qp_do_cleanup(struct work_struct *work) >> rxe_cleanup_task(&qp->comp.task); >> >> /* flush out any receive wr's or pending requests */ >> - __rxe_do_task(&qp->req.task); >> + if (qp->req.task.func && qp->req.task.arg) > func would be enough since they get set together. Agreed otherwise, looks good Reviewed-by: Li Zhijian <lizhijian@fujitsu.com> > But, this is still fine since not performance critical. >> + __rxe_do_task(&qp->req.task); >> + >> if (qp->sq.queue) { >> __rxe_do_task(&qp->comp.task); >> __rxe_do_task(&qp->req.task); > Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c index 516bf9b95e48..f10b461b9963 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -797,7 +797,9 @@ static void rxe_qp_do_cleanup(struct work_struct *work) rxe_cleanup_task(&qp->comp.task); /* flush out any receive wr's or pending requests */ - __rxe_do_task(&qp->req.task); + if (qp->req.task.func && qp->req.task.arg) + __rxe_do_task(&qp->req.task); + if (qp->sq.queue) { __rxe_do_task(&qp->comp.task); __rxe_do_task(&qp->req.task);