On Fri, Jun 26, 2020 at 02:49:10PM -0300, Jason Gunthorpe wrote: > ib_unregister_device_queued() can only be used by drivers using the new > dealloc_device callback flow, and it has a safety WARN_ON to ensure > drivers are using it properly. > > However, if unregister and register are raced there is a special > destruction path that maintains the uniform error h andling semantic of "h andling" -> "handling" > 'caller does ib_dealloc_device() on failure'. This requires disabling the > dealloc_device callback which triggers the WARN_ON. > > Instead of using NULL to disable the callback use a special function > pointer so the WARN_ON does not trigger. > > Reported-by: syzbot+4088ed905e4ae2b0e13b@xxxxxxxxxxxxxxxxxxxxxxxxx > Suggested-by: Hillf Danton <hdanton@xxxxxxxx> > Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxx> > --- > drivers/infiniband/core/device.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > Thanks, Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
