Commit fd1c0615 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Stefan Bader

IB/mlx4: Fix mlx4_ib_alloc_mr error flow

BugLink: http://bugs.launchpad.net/bugs/1764316

[ Upstream commit 5a371cf8 ]

ibmr.device is being set only after ib_alloc_mr() is successfully complete.
Therefore, in case imlx4_mr_enable() returns with error, the error flow
unwinder calls to mlx4_free_priv_pages(), which uses ibmr.device.

Such usage causes to NULL dereference oops and to fix it, the IB device
should be set in the mr struct earlier stage (e.g. prior to calling
mlx4_free_priv_pages()).

Fixes: 1b2cd0fc ("IB/mlx4: Support the new memory registration API")
Signed-off-by: default avatarNitzan Carmi <nitzanc@mellanox.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
Signed-off-by: default avatarSasha Levin <alexander.levin@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent de0c7ec0
...@@ -424,7 +424,6 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib_pd *pd, ...@@ -424,7 +424,6 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib_pd *pd,
goto err_free_mr; goto err_free_mr;
mr->max_pages = max_num_sg; mr->max_pages = max_num_sg;
err = mlx4_mr_enable(dev->dev, &mr->mmr); err = mlx4_mr_enable(dev->dev, &mr->mmr);
if (err) if (err)
goto err_free_pl; goto err_free_pl;
...@@ -435,6 +434,7 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib_pd *pd, ...@@ -435,6 +434,7 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib_pd *pd,
return &mr->ibmr; return &mr->ibmr;
err_free_pl: err_free_pl:
mr->ibmr.device = pd->device;
mlx4_free_priv_pages(mr); mlx4_free_priv_pages(mr);
err_free_mr: err_free_mr:
(void) mlx4_mr_free(dev->dev, &mr->mmr); (void) mlx4_mr_free(dev->dev, &mr->mmr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment