On 6/19/23 17:45, Zhu Yanjun wrote: > On Tue, Jun 20, 2023 at 4:21 AM Bob Pearson <rpearsonhpe@xxxxxxxxx> wrote: >> >> If a call to rxe_create_qp() fails in rxe_qp_from_init() >> rxe_cleanup(qp) will be called. This code currently does not correctly >> handle cases where not all qp resources are allocated and can seg >> fault as reported below. The first two patches cleanup cases where >> this happens. The third patch corrects an error in rxe_srq.c where >> if caller requests a change in the srq size the correct new value >> is not returned to caller. >> >> Reported-by: syzbot+2da1965168e7dbcba136@xxxxxxxxxxxxxxxxxxxxxxxxx >> Closes: https://lore.kernel.org/linux-rdma/00000000000012d89205fe7cfe00@xxxxxxxxxx/raw >> Fixes: 49dc9c1f0c7e ("RDMA/rxe: Cleanup reset state handling in rxe_resp.c") >> Fixes: fbdeb828a21f ("RDMA/rxe: Cleanup error state handling in rxe_comp.c") >> Signed-off-by: Bob Pearson <rpearsonhpe@xxxxxxxxx> > > Can not apply these commits to Linux 6.4-rc7. > > Zhu Yanjun > >> >> Bob Pearson (3): >> RDMA/rxe: Move work queue code to subroutines >> RDMA/rxe: Fix unsafe drain work queue code >> RDMA/rxe: Fix rxe_modify_srq >> >> drivers/infiniband/sw/rxe/rxe_comp.c | 4 + >> drivers/infiniband/sw/rxe/rxe_loc.h | 6 - >> drivers/infiniband/sw/rxe/rxe_qp.c | 163 ++++++++++++++++++--------- >> drivers/infiniband/sw/rxe/rxe_resp.c | 4 + >> drivers/infiniband/sw/rxe/rxe_srq.c | 55 +++++---- >> 5 files changed, 150 insertions(+), 82 deletions(-) >> >> >> base-commit: 830f93f47068b1632cc127871fbf27e918efdf46 >> -- >> 2.39.2 >> They applied to current for-next.
