diff options
author | Steve Wise <swise@opengridcomputing.com> | 2016-09-29 07:31:33 -0700 |
---|---|---|
committer | Doug Ledford <dledford@redhat.com> | 2016-10-07 16:54:39 -0400 |
commit | b6bc1c731f0b985e91f618561fc82c6e252dfaf4 (patch) | |
tree | 66642fe10b6c08bedb6873010c17346225f03bbd /drivers/infiniband/core | |
parent | 681cc3608355737c1effebc8145f95c8c3344bc3 (diff) |
IB/core: correctly handle rdma_rw_init_mrs() failure
Function ib_create_qp() was failing to return an error when
rdma_rw_init_mrs() fails, causing a crash further down in ib_create_qp()
when trying to dereferece the qp pointer which was actually a negative
errno.
The crash:
crash> log|grep BUG
[ 136.458121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
crash> bt
PID: 3736 TASK: ffff8808543215c0 CPU: 2 COMMAND: "kworker/u64:2"
#0 [ffff88084d323340] machine_kexec at ffffffff8105fbb0
#1 [ffff88084d3233b0] __crash_kexec at ffffffff81116758
#2 [ffff88084d323480] crash_kexec at ffffffff8111682d
#3 [ffff88084d3234b0] oops_end at ffffffff81032bd6
#4 [ffff88084d3234e0] no_context at ffffffff8106e431
#5 [ffff88084d323530] __bad_area_nosemaphore at ffffffff8106e610
#6 [ffff88084d323590] bad_area_nosemaphore at ffffffff8106e6f4
#7 [ffff88084d3235a0] __do_page_fault at ffffffff8106ebdc
#8 [ffff88084d323620] do_page_fault at ffffffff8106f057
#9 [ffff88084d323660] page_fault at ffffffff816e3148
[exception RIP: ib_create_qp+427]
RIP: ffffffffa02554fb RSP: ffff88084d323718 RFLAGS: 00010246
RAX: 0000000000000004 RBX: fffffffffffffff4 RCX: 000000018020001f
RDX: ffff880830997fc0 RSI: 0000000000000001 RDI: ffff88085f407200
RBP: ffff88084d323778 R8: 0000000000000001 R9: ffffea0020bae210
R10: ffffea0020bae218 R11: 0000000000000001 R12: ffff88084d3237c8
R13: 00000000fffffff4 R14: ffff880859fa5000 R15: ffff88082eb89800
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#10 [ffff88084d323780] rdma_create_qp at ffffffffa0782681 [rdma_cm]
#11 [ffff88084d3237b0] nvmet_rdma_create_queue_ib at ffffffffa07c43f3 [nvmet_rdma]
#12 [ffff88084d323860] nvmet_rdma_alloc_queue at ffffffffa07c5ba9 [nvmet_rdma]
#13 [ffff88084d323900] nvmet_rdma_queue_connect at ffffffffa07c5c96 [nvmet_rdma]
#14 [ffff88084d323980] nvmet_rdma_cm_handler at ffffffffa07c6450 [nvmet_rdma]
#15 [ffff88084d3239b0] iw_conn_req_handler at ffffffffa0787480 [rdma_cm]
#16 [ffff88084d323a60] cm_conn_req_handler at ffffffffa0775f06 [iw_cm]
#17 [ffff88084d323ab0] process_event at ffffffffa0776019 [iw_cm]
#18 [ffff88084d323af0] cm_work_handler at ffffffffa0776170 [iw_cm]
#19 [ffff88084d323cb0] process_one_work at ffffffff810a1483
#20 [ffff88084d323d90] worker_thread at ffffffff810a211d
#21 [ffff88084d323ec0] kthread at ffffffff810a6c5c
#22 [ffff88084d323f50] ret_from_fork at ffffffff816e1ebf
Fixes: 632bc3f65081 ("IB/core, RDMA RW API: Do not exceed QP SGE send limit")
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Cc: stable@vger.kernel.org
Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Diffstat (limited to 'drivers/infiniband/core')
-rw-r--r-- | drivers/infiniband/core/verbs.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c index 1c6b2a4f50d4..83687646da68 100644 --- a/drivers/infiniband/core/verbs.c +++ b/drivers/infiniband/core/verbs.c @@ -843,7 +843,7 @@ struct ib_qp *ib_create_qp(struct ib_pd *pd, if (ret) { pr_err("failed to init MR pool ret= %d\n", ret); ib_destroy_qp(qp); - qp = ERR_PTR(ret); + return ERR_PTR(ret); } } |