On Fri, Aug 20, 2021 at 07:15:09PM +0800, Xiao Yang wrote:
> 1) New index member of struct rxe_queue is introduced but not zeroed
> so the initial value of index may be random.
> 2) Current index is not masked off to index_mask.
> In such case, producer_addr() and consumer_addr() will get an invalid
> address by the random index and then accessing the invalid address
> triggers the following panic:
> "BUG: unable to handle page fault for address: ffff9ae2c07a1414"
>
> Fix the issue by using kzalloc() to zero out index member.
>
> Fixes: 5bcf5a59c41e ("RDMA/rxe: Protext kernel index from user space")
> Signed-off-by: Xiao Yang <yangx.jy@xxxxxxxxxxx>
> ---
> drivers/infiniband/sw/rxe/rxe_queue.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to for-rc, thanks
Jason
