diff options
| author | Michael J. Ruhl <michael.j.ruhl@intel.com> | 2017-06-10 01:00:12 +0200 |
|---|---|---|
| committer | Doug Ledford <dledford@redhat.com> | 2017-06-27 22:58:13 +0200 |
| commit | fe4e74eeb24286c730672e776ac4c2c3caa19137 (patch) | |
| tree | af11cf314cc512dd2c5c8250c01768f65b53ed1a | |
| parent | IB/qib: Replace deprecated pci functions with new API (diff) | |
| download | linux-fe4e74eeb24286c730672e776ac4c2c3caa19137.tar.xz linux-fe4e74eeb24286c730672e776ac4c2c3caa19137.zip | |
IB/hfi1: Initialize TID lists to avoid crash on cleanup
The expected receive lists (tid_xxx_list) are not initialized until
late in the receive context initialization. If an error happens
before the initialization, a NULL pointer access will occur during
cleanup.
Initialized the lists sooner rather than later to avoid this Oops:
IP: unlock_exp_tids.isra.11+0x26/0xd0 [hfi1]
RIP: 0010:unlock_exp_tids.isra.11+0x26/0xd0 [hfi1]
Call Trace:
hfi1_user_exp_rcv_free+0x79/0xb0 [hfi1]
hfi1_file_close+0x87/0x360 [hfi1]
__fput+0xe7/0x210
____fput+0xe/0x10
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Sebastian Sanchez <sebastian.sanchez@intel.com>
Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
| -rw-r--r-- | drivers/infiniband/hw/hfi1/exp_rcv.c | 4 | ||||
| -rw-r--r-- | drivers/infiniband/hw/hfi1/init.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/drivers/infiniband/hw/hfi1/exp_rcv.c b/drivers/infiniband/hw/hfi1/exp_rcv.c index 08d13ed1b574..0af91675acc6 100644 --- a/drivers/infiniband/hw/hfi1/exp_rcv.c +++ b/drivers/infiniband/hw/hfi1/exp_rcv.c @@ -69,10 +69,6 @@ int hfi1_alloc_ctxt_rcv_groups(struct hfi1_ctxtdata *rcd) struct tid_group *grp; int i; - hfi1_exp_tid_group_init(&rcd->tid_group_list); - hfi1_exp_tid_group_init(&rcd->tid_used_list); - hfi1_exp_tid_group_init(&rcd->tid_full_list); - tidbase = rcd->expected_base; for (i = 0; i < rcd->expected_count / dd->rcv_entries.group_size; i++) { diff --git a/drivers/infiniband/hw/hfi1/init.c b/drivers/infiniband/hw/hfi1/init.c index 4a11d4da4c92..a00308ccf016 100644 --- a/drivers/infiniband/hw/hfi1/init.c +++ b/drivers/infiniband/hw/hfi1/init.c @@ -67,6 +67,7 @@ #include "aspm.h" #include "affinity.h" #include "vnic.h" +#include "exp_rcv.h" #undef pr_fmt #define pr_fmt(fmt) DRIVER_NAME ": " fmt @@ -221,6 +222,9 @@ struct hfi1_ctxtdata *hfi1_create_ctxtdata(struct hfi1_pportdata *ppd, u32 ctxt, hfi1_cdbg(PROC, "setting up context %u\n", ctxt); INIT_LIST_HEAD(&rcd->qp_wait_list); + hfi1_exp_tid_group_init(&rcd->tid_group_list); + hfi1_exp_tid_group_init(&rcd->tid_used_list); + hfi1_exp_tid_group_init(&rcd->tid_full_list); rcd->ppd = ppd; rcd->dd = dd; __set_bit(0, rcd->in_use_ctxts); |