RDMA/srp: Fix NULL deref at srp_destroy_qp() · 95c2ef50c7 - Gogs: Go Git Service GfA electronic

RDMA/srp: Fix NULL deref at srp_destroy_qp()

If srp_init_qp() fails at srp_create_ch_ib() then ch->send_cq
may be NULL.
Calling directly to ib_destroy_qp() is sufficient because
no work requests were posted on the created qp.

Fixes: 9294000d6d89 ("IB/srp: Drain the send queue before destroying a QP")
Cc: <stable@vger.kernel.org>
Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Bart van Assche <bart.vanassche@sandisk.com>--
Signed-off-by: Doug Ledford <dledford@redhat.com>

Israel Rukshin 8 년 전

부모

0a1a972630

커밋

95c2ef50c7

1개의 변경된 파일과 1개의 추가작업 그리고 1개의 파일을 삭제

분할 보기 변경상태 보기

						
							+ 1
							
							- 1
						
drivers/infiniband/ulp/srp/ib_srp.c
							 
								파일 보기
							
				@@ -575,7 +575,7 @@ static int srp_create_ch_ib(struct srp_rdma_ch *ch)
			
				 	return 0;
			
				 err_qp:
			
				-	srp_destroy_qp(ch, qp);
			
				+	ib_destroy_qp(qp);
			
				 err_send_cq:
			
				 	ib_free_cq(send_cq);