Hello everyone,
In function `iser_connect`, when call `rdma_create_id` fails, execution
goes to `id_failure` with `ib_conn->device` being NULL. Then
`iser_conn_release` calls `iser_free_ib_conn_res` with the second
argument being `true`. Function `iser_free_ib_conn_res` calls
`iser_free_rx_descriptors` *when `iser_conn->rx_descs` is not NULL*.
Function `iser_free_rx_descriptors` dereferences `ib_conn->device`.
So it seems that this error path is feasible when `rdma_create_id` in
`iser_connect` fails but with `iser_conn->rx_descs` not being NULL. Can
this scenario happen?
Please let me know if it makes sense.
Its slightly convoluted, but it can't happen.
iser_conn->rx_descs is allocated when binding the iscsi connection to
the iser connection which is only called if the endpoint connect
(ep_connect) call completed successfully.
Hope this helps.
