    RDMA/mthca: Clear QP objects during their allocation · f7a43c65
    Leon Romanovsky authored
    [ Upstream commit 9d9f59b4 ]
    As part of audit process to update drivers to use rdma_restrack_add()
    ensure that QP objects is cleared before access. Such change fixes the
    crash observed with uninitialized non zero sgid attr accessed by
    CPU: 3 PID: 74 Comm: kworker/u16:1 Not tainted 4.19.10-300.fc29.x86_64
    Workqueue: ipoib_wq ipoib_cm_tx_reap [ib_ipoib]
    RIP: 0010:rdma_put_gid_attr+0x9/0x30 [ib_core]
    RSP: 0018:ffffb7ad819dbde8 EFLAGS: 00010202
    RAX: 0000000000000000 RBX: ffff8d1bdf5a2e00 RCX: 0000000000002699
    RDX: 206c656e72656af8 RSI: ffff8d1bf7ae6160 RDI: 206c656e72656b20
    RBP: 0000000000000000 R08: 0000000000026160 R09: ffffffffc06b45bf
    R10: ffffe849887da000 R11: 0000000000000002 R12: ffff8d1be30cb400
    R13: ffff8d1bdf681800 R14: ffff8d1be2272400 R15: ffff8d1be30ca000
    FS:  0000000000000000(0000) GS:ffff8d1bf7ac0000(0000)
     ib_destroy_qp+0xc9/0x240 [ib_core]
     ipoib_cm_tx_reap+0x1f9/0x4e0 [ib_ipoib]
     ? pwq_unbound_release_workfn+0xd0/0xd0
     ? kthread_create_worker_on_cpu+0x70/0x70
    Reported-by: Alexander Murashkin's avatarAlexander Murashkin <AlexanderMurashkin@msn.com>
    Tested-by: Alexander Murashkin's avatarAlexander Murashkin <AlexanderMurashkin@msn.com>
    Fixes: 1a1f460f ("RDMA: Hold the sgid_attr inside the struct ib_ah/qp")
    Signed-off-by: default avatarParav Pandit <parav@mellanox.com>
    Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
    Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
