A failing call to ib_device_set_netdev() during device creation
caused system crash due to xa_destroy of uninitialized xarray
hit by device deallocation. Fixed by moving xarray initialization
before potential device deallocation.
Fixes: bdcf26bf9b3a (rdma/siw: network and RDMA core interface)
Reported-by: syzbot+2e80962bedd9559fe0b3@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Bernard Metzler <bmt@xxxxxxxxxxxxxx>
---
v1 -> v2:
- Fix here only potential system crash during failing device
creation, but not missing correct error propagation.
drivers/infiniband/sw/siw/siw_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_main.c b/drivers/infiniband/sw/siw/siw_main.c
index 96ed349c0939..5cd40fb9e20c 100644
--- a/drivers/infiniband/sw/siw/siw_main.c
+++ b/drivers/infiniband/sw/siw/siw_main.c
@@ -388,6 +388,9 @@ static struct siw_device *siw_device_create(struct net_device *netdev)
{ .max_segment_size = SZ_2G };
base_dev->num_comp_vectors = num_possible_cpus();
+ xa_init_flags(&sdev->qp_xa, XA_FLAGS_ALLOC1);
+ xa_init_flags(&sdev->mem_xa, XA_FLAGS_ALLOC1);
+
ib_set_device_ops(base_dev, &siw_device_ops);
rv = ib_device_set_netdev(base_dev, netdev, 1);
if (rv)
@@ -415,9 +418,6 @@ static struct siw_device *siw_device_create(struct net_device *netdev)
sdev->attrs.max_srq_wr = SIW_MAX_SRQ_WR;
sdev->attrs.max_srq_sge = SIW_MAX_SGE;
- xa_init_flags(&sdev->qp_xa, XA_FLAGS_ALLOC1);
- xa_init_flags(&sdev->mem_xa, XA_FLAGS_ALLOC1);
-
INIT_LIST_HEAD(&sdev->cep_list);
INIT_LIST_HEAD(&sdev->qp_list);
--
2.17.2
