[PATCH for-next] RDMA/rxe: Fix double free in rxe_qp.c

Bob Pearson <rpearsonhpe@xxxxxxxxx> · Mon, 15 May 2023 15:10:57 -0500

A recent patch can cause a double spin_unlock_bh() in rxe_qp_to_attr()
at line 715 in rxe_qp.c. This patch corrects that behavior.

A newer patch from Guoqing Jiang recommends replacing all spin_lock
calls for qp->state_lock to spin_(un)lock_irqsave(restore)() since
apparently the blktests test suite can call the kernel verbs APIs
while in hard interrupt state. This patch needs to be applied first
and Guoqing's patch modified to accommodate this small change.

Fixes: f605f26ea196 ("RDMA/rxe: Protect QP state with qp->state_lock")
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Closes: https://lore.kernel.org/linux-rdma/27773078-40ce-414f-8b97-781954da9f25@kili.mountain/
Signed-off-by: Bob Pearson <rpearsonhpe@xxxxxxxxx>
---
 drivers/infiniband/sw/rxe/rxe_qp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index c5451a4488ca..245dd36638c7 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -712,8 +712,9 @@ int rxe_qp_to_attr(struct rxe_qp *qp, struct ib_qp_attr *attr, int mask)
 	if (qp->attr.sq_draining) {
 		spin_unlock_bh(&qp->state_lock);
 		cond_resched();
+	} else {
+		spin_unlock_bh(&qp->state_lock);
 	}
-	spin_unlock_bh(&qp->state_lock);
 
 	return 0;
 }
-- 
2.37.2







