On Tue, Dec 26, 2017 at 11:20:20AM +0200, Leon Romanovsky wrote:
> From: Nitzan Carmi <nitzanc@xxxxxxxxxxxx>
>
> ibmr.device is being set only after ib_alloc_mr() is
> (successfully) complete. Therefore, in case mlx5_core_create_mkey()
> return with error, the error flow calls mlx5_free_priv_descs()
> which uses ibmr.device (which doesn't exist yet), causing
> NULL dereference and gets the system into kernel panic.
>
> To fix this, the IB device should be given to mr struct in earlier
> stage (e.g. prior to calling mlx5_core_create_mkey()).
>
> Fixes: 8a187ee52b04 ("IB/mlx5: Support the new memory registration API")
> Signed-off-by: Max Gurtovoy <maxg@xxxxxxxxxxxx>
> Signed-off-by: Nitzan Carmi <nitzanc@xxxxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx>
> drivers/infiniband/hw/mlx5/mr.c | 1 +
> 1 file changed, 1 insertion(+)
Applied to for-rc, thanks
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
