* [PATCH V2] IB/srp: Fix NULL deref at srp_destroy_qp()
@ 2017-05-11 15:52 Israel Rukshin
2017-05-11 16:06 ` Bart Van Assche
2017-06-01 22:10 ` Doug Ledford
0 siblings, 2 replies; 3+ messages in thread
From: Israel Rukshin @ 2017-05-11 15:52 UTC (permalink / raw)
To: linux-rdma; +Cc: Bart Van Assche, Max Gurtovoy, Israel Rukshin, stable
If srp_init_qp() fails at srp_create_ch_ib() then ch->send_cq
may be NULL.
Calling directly to ib_destroy_qp() is sufficient because
no work requests were posted on the created qp.
Fixes: 9294000d6d89 ("IB/srp: Drain the send queue before destroying a QP")
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Cc: <stable@vger.kernel.org>
---
v2 change:
-add Fixes to commit message
drivers/infiniband/ulp/srp/ib_srp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index def723a..4306285 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -575,7 +575,7 @@ static int srp_create_ch_ib(struct srp_rdma_ch *ch)
return 0;
err_qp:
- srp_destroy_qp(ch, qp);
+ ib_destroy_qp(qp);
err_send_cq:
ib_free_cq(send_cq);
--
2.4.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH V2] IB/srp: Fix NULL deref at srp_destroy_qp()
2017-05-11 15:52 [PATCH V2] IB/srp: Fix NULL deref at srp_destroy_qp() Israel Rukshin
@ 2017-05-11 16:06 ` Bart Van Assche
2017-06-01 22:10 ` Doug Ledford
1 sibling, 0 replies; 3+ messages in thread
From: Bart Van Assche @ 2017-05-11 16:06 UTC (permalink / raw)
To: israelr@mellanox.com, linux-rdma@vger.kernel.org
Cc: maxg@mellanox.com, stable@vger.kernel.org
On Thu, 2017-05-11 at 18:52 +0300, Israel Rukshin wrote:
> If srp_init_qp() fails at srp_create_ch_ib() then ch->send_cq
> may be NULL.
> Calling directly to ib_destroy_qp() is sufficient because
> no work requests were posted on the created qp.
Reviewed-by: Bart van Assche <bart.vanassche@sandisk.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH V2] IB/srp: Fix NULL deref at srp_destroy_qp()
2017-05-11 15:52 [PATCH V2] IB/srp: Fix NULL deref at srp_destroy_qp() Israel Rukshin
2017-05-11 16:06 ` Bart Van Assche
@ 2017-06-01 22:10 ` Doug Ledford
1 sibling, 0 replies; 3+ messages in thread
From: Doug Ledford @ 2017-06-01 22:10 UTC (permalink / raw)
To: Israel Rukshin, linux-rdma; +Cc: Bart Van Assche, Max Gurtovoy, stable
On Thu, 2017-05-11 at 18:52 +0300, Israel Rukshin wrote:
> If srp_init_qp() fails at srp_create_ch_ib() then ch->send_cq
> may be NULL.
> Calling directly to ib_destroy_qp() is sufficient because
> no work requests were posted on the created qp.
>
> Fixes: 9294000d6d89 ("IB/srp: Drain the send queue before destroying
> a QP")
> Signed-off-by: Israel Rukshin <israelr@mellanox.com>
> Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
> Cc: <stable@vger.kernel.org>
Thanks, applied.
--
Doug Ledford <dledford@redhat.com>
GPG KeyID: B826A3330E572FDD
Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-06-01 22:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-11 15:52 [PATCH V2] IB/srp: Fix NULL deref at srp_destroy_qp() Israel Rukshin
2017-05-11 16:06 ` Bart Van Assche
2017-06-01 22:10 ` Doug Ledford
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).