Yes, it makes sense. Thank you for your help.
Shaobo
On 2/26/19 2:25 PM, Sagi Grimberg wrote:
Hello everyone,
In function `iser_connect`, when call `rdma_create_id` fails, execution goes
to `id_failure` with `ib_conn->device` being NULL. Then `iser_conn_release`
calls `iser_free_ib_conn_res` with the second argument being `true`. Function
`iser_free_ib_conn_res` calls `iser_free_rx_descriptors` *when
`iser_conn->rx_descs` is not NULL*. Function `iser_free_rx_descriptors`
dereferences `ib_conn->device`.
So it seems that this error path is feasible when `rdma_create_id` in
`iser_connect` fails but with `iser_conn->rx_descs` not being NULL. Can this
scenario happen?
Please let me know if it makes sense.
Its slightly convoluted, but it can't happen.
iser_conn->rx_descs is allocated when binding the iscsi connection to
the iser connection which is only called if the endpoint connect
(ep_connect) call completed successfully.
Hope this helps.
