On 23/08/2022 03:00, Bob Pearson wrote:
> On 8/21/22 20:16, yanjun.zhu@xxxxxxxxx wrote:
>> From: Zhu Yanjun <yanjun.zhu@xxxxxxxxx>
>>
>> When rxe_queue_init in the function rxe_qp_init_req fails,
>> both qp->req.task.func and qp->req.task.arg are not initialized.
>>
>> Because of creation of qp fails, the function rxe_create_qp will
>> call rxe_qp_do_cleanup to handle allocated resource.
>>
>> Before calling __rxe_do_task, both qp->req.task.func and
>> qp->req.task.arg should be checked.
>>
>> Fixes: 8700e3e7c485 ("Soft RoCE driver")
>> Reported-by: syzbot+ab99dc4c6e961eed8b8e@xxxxxxxxxxxxxxxxxxxxxxxxx
>> Signed-off-by: Zhu Yanjun <yanjun.zhu@xxxxxxxxx>
>> ---
>> drivers/infiniband/sw/rxe/rxe_qp.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
>> index 516bf9b95e48..f10b461b9963 100644
>> --- a/drivers/infiniband/sw/rxe/rxe_qp.c
>> +++ b/drivers/infiniband/sw/rxe/rxe_qp.c
>> @@ -797,7 +797,9 @@ static void rxe_qp_do_cleanup(struct work_struct *work)
>> rxe_cleanup_task(&qp->comp.task);
>>
>> /* flush out any receive wr's or pending requests */
>> - __rxe_do_task(&qp->req.task);
>> + if (qp->req.task.func && qp->req.task.arg)
> func would be enough since they get set together.
Agreed
otherwise, looks good
Reviewed-by: Li Zhijian <lizhijian@xxxxxxxxxxx>
> But, this is still fine since not performance critical.
>> + __rxe_do_task(&qp->req.task);
>> +
>> if (qp->sq.queue) {
>> __rxe_do_task(&qp->comp.task);
>> __rxe_do_task(&qp->req.task);
> Reviewed-by: Bob Pearson <rpearsonhpe@xxxxxxxxx>
