On Tue, Jun 20, 2023 at 4:21 AM Bob Pearson <rpearsonhpe@xxxxxxxxx> wrote: > > If a call to rxe_create_qp() fails in rxe_qp_from_init() > rxe_cleanup(qp) will be called. This code currently does not correctly > handle cases where not all qp resources are allocated and can seg > fault as reported below. The first two patches cleanup cases where > this happens. The third patch corrects an error in rxe_srq.c where > if caller requests a change in the srq size the correct new value > is not returned to caller. > > Reported-by: syzbot+2da1965168e7dbcba136@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@xxxxxxxxxx/raw > Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c") > Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c") > Signed-off-by: Bob Pearson <rpearsonhpe@xxxxxxxxx> Can not apply these commits to Linux 6.4-rc7. Zhu Yanjun > > Bob Pearson (3): > RDMA/rxe: Move work queue code to subroutines > RDMA/rxe: Fix unsafe drain work queue code > RDMA/rxe: Fix rxe_modify_srq > > drivers/infiniband/sw/rxe/rxe_comp.c | 4 + > drivers/infiniband/sw/rxe/rxe_loc.h | 6 - > drivers/infiniband/sw/rxe/rxe_qp.c | 163 ++++++++++++++++++--------- > drivers/infiniband/sw/rxe/rxe_resp.c | 4 + > drivers/infiniband/sw/rxe/rxe_srq.c | 55 +++++---- > 5 files changed, 150 insertions(+), 82 deletions(-) > > > base-commit: 830f93f47068b1632cc127871fbf27e918efdf46 > -- > 2.39.2 >
