]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dbab023)
RDMA/srp: Fix NULL deref at srp_destroy_qp()
authorIsrael Rukshin <israelr@mellanox.com>
Thu, 11 May 2017 15:52:36 +0000 (18:52 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 7 Jun 2017 10:10:12 +0000 (12:10 +0200)
commit 95c2ef50c726a51d580c35ae8dccd383abaa8701 upstream.

If srp_init_qp() fails at srp_create_ch_ib() then ch->send_cq
may be NULL.
Calling directly to ib_destroy_qp() is sufficient because
no work requests were posted on the created qp.

Fixes: 9294000d6d89 ("IB/srp: Drain the send queue before destroying a QP")
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Bart van Assche <bart.vanassche@sandisk.com>--
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/infiniband/ulp/srp/ib_srp.c patch | blob | blame | history

diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index cee46266f434850e6a9533615d812b4c610d5c13..f6b5e14a7eab0033755e5a19dada49337f5c0344 100644 (file)
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -570,7 +570,7 @@ static int srp_create_ch_ib(struct srp_rdma_ch *ch)
        return 0;
 
 err_qp:
-       srp_destroy_qp(ch, qp);
+       ib_destroy_qp(qp);
 
 err_send_cq:
        ib_free_cq(send_cq);
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git