On Thu, Jan 10, 2019 at 08:15:45AM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
>
> As part of audit process to update drivers to use rdma_restrack_add()
> ensure that QP objects is cleared before access. Such change fixes
> the crash observed with uninitialized non zero sgid attr accessed
> by ib_destroy_qp().
>
> CPU: 3 PID: 74 Comm: kworker/u16:1 Not tainted 4.19.10-300.fc29.x86_64
> Workqueue: ipoib_wq ipoib_cm_tx_reap [ib_ipoib]
> RIP: 0010:rdma_put_gid_attr+0x9/0x30 [ib_core]
> RSP: 0018:ffffb7ad819dbde8 EFLAGS: 00010202
> RAX: 0000000000000000 RBX: ffff8d1bdf5a2e00 RCX: 0000000000002699
> RDX: 206c656e72656af8 RSI: ffff8d1bf7ae6160 RDI: 206c656e72656b20
> RBP: 0000000000000000 R08: 0000000000026160 R09: ffffffffc06b45bf
> R10: ffffe849887da000 R11: 0000000000000002 R12: ffff8d1be30cb400
> R13: ffff8d1bdf681800 R14: ffff8d1be2272400 R15: ffff8d1be30ca000
> FS: 0000000000000000(0000) GS:ffff8d1bf7ac0000(0000)
> knlGS:0000000000000000
> Trace:
> ib_destroy_qp+0xc9/0x240 [ib_core]
> ipoib_cm_tx_reap+0x1f9/0x4e0 [ib_ipoib]
> process_one_work+0x1a1/0x3a0
> worker_thread+0x30/0x380
> ? pwq_unbound_release_workfn+0xd0/0xd0
> kthread+0x112/0x130
> ? kthread_create_worker_on_cpu+0x70/0x70
> ret_from_fork+0x22/0x40
>
> Reported-by: Alexander Murashkin <AlexanderMurashkin@xxxxxxx>
> Tested-by: Alexander Murashkin <AlexanderMurashkin@xxxxxxx>
> Fixes: 1a1f460ff151 ("RDMA: Hold the sgid_attr inside the struct ib_ah/qp")
> Signed-off-by: Parav Pandit <parav@xxxxxxxxxxxx>
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> ---
> Changes v0->v1:
> * Updated commit message per-Parav's request
> ---
> drivers/infiniband/hw/mthca/mthca_provider.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Applied to for-rc, thanks
Jason
