Skip to content

Commit 9d9f59b

Browse files
Leon Romanovskyjgunthorpe
Leon Romanovsky
authored and
jgunthorpe
committed
RDMA/mthca: Clear QP objects during their allocation
As part of audit process to update drivers to use rdma_restrack_add() ensure that QP objects is cleared before access. Such change fixes the crash observed with uninitialized non zero sgid attr accessed by ib_destroy_qp(). CPU: 3 PID: 74 Comm: kworker/u16:1 Not tainted 4.19.10-300.fc29.x86_64 Workqueue: ipoib_wq ipoib_cm_tx_reap [ib_ipoib] RIP: 0010:rdma_put_gid_attr+0x9/0x30 [ib_core] RSP: 0018:ffffb7ad819dbde8 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8d1bdf5a2e00 RCX: 0000000000002699 RDX: 206c656e72656af8 RSI: ffff8d1bf7ae6160 RDI: 206c656e72656b20 RBP: 0000000000000000 R08: 0000000000026160 R09: ffffffffc06b45bf R10: ffffe849887da000 R11: 0000000000000002 R12: ffff8d1be30cb400 R13: ffff8d1bdf681800 R14: ffff8d1be2272400 R15: ffff8d1be30ca000 FS: 0000000000000000(0000) GS:ffff8d1bf7ac0000(0000) knlGS:0000000000000000 Trace: ib_destroy_qp+0xc9/0x240 [ib_core] ipoib_cm_tx_reap+0x1f9/0x4e0 [ib_ipoib] process_one_work+0x1a1/0x3a0 worker_thread+0x30/0x380 ? pwq_unbound_release_workfn+0xd0/0xd0 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x22/0x40 Reported-by: Alexander Murashkin <AlexanderMurashkin@msn.com> Tested-by: Alexander Murashkin <AlexanderMurashkin@msn.com> Fixes: 1a1f460 ("RDMA: Hold the sgid_attr inside the struct ib_ah/qp") Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
1 parent 6325e01 commit 9d9f59b

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

drivers/infiniband/hw/mthca/mthca_provider.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -534,7 +534,7 @@ static struct ib_qp *mthca_create_qp(struct ib_pd *pd,
534534
{
535535
struct mthca_ucontext *context;
536536

537-
qp = kmalloc(sizeof *qp, GFP_KERNEL);
537+
qp = kzalloc(sizeof(*qp), GFP_KERNEL);
538538
if (!qp)
539539
return ERR_PTR(-ENOMEM);
540540

@@ -600,7 +600,7 @@ static struct ib_qp *mthca_create_qp(struct ib_pd *pd,
600600
if (udata)
601601
return ERR_PTR(-EINVAL);
602602

603-
qp = kmalloc(sizeof (struct mthca_sqp), GFP_KERNEL);
603+
qp = kzalloc(sizeof(struct mthca_sqp), GFP_KERNEL);
604604
if (!qp)
605605
return ERR_PTR(-ENOMEM);
606606

0 commit comments

Comments
 (0)