From: Jack Wang <jinpu.w...@cloud.ionos.com>

[ Upstream commit 8537f2de6519945890a2b0f3739b23f32b5c0a89 ]

We had a few places wr_cqe is not set, which could lead to NULL pointer
deref or GPF in error case.

Fixes: 9cb837480424 ("RDMA/rtrs: server: main functionality")
Link: 
https://lore.kernel.org/r/20201217141915.56989-14-jinpu.w...@cloud.ionos.com
Signed-off-by: Jack Wang <jinpu.w...@cloud.ionos.com>
Reviewed-by: Md Haris Iqbal <haris.iq...@cloud.ionos.com>
Signed-off-by: Guoqing Jiang <guoqing.ji...@cloud.ionos.com>
Signed-off-by: Jason Gunthorpe <j...@nvidia.com>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/infiniband/ulp/rtrs/rtrs-srv.c 
b/drivers/infiniband/ulp/rtrs/rtrs-srv.c
index 92a216ddd9fd3..f59731c5a96a3 100644
--- a/drivers/infiniband/ulp/rtrs/rtrs-srv.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs-srv.c
@@ -267,6 +267,7 @@ static int rdma_write_sg(struct rtrs_srv_op *id)
                WARN_ON_ONCE(rkey != wr->rkey);
 
        wr->wr.opcode = IB_WR_RDMA_WRITE;
+       wr->wr.wr_cqe   = &io_comp_cqe;
        wr->wr.ex.imm_data = 0;
        wr->wr.send_flags  = 0;
 
@@ -294,6 +295,7 @@ static int rdma_write_sg(struct rtrs_srv_op *id)
                inv_wr.sg_list = NULL;
                inv_wr.num_sge = 0;
                inv_wr.opcode = IB_WR_SEND_WITH_INV;
+               inv_wr.wr_cqe   = &io_comp_cqe;
                inv_wr.send_flags = 0;
                inv_wr.ex.invalidate_rkey = rkey;
        }
@@ -304,6 +306,7 @@ static int rdma_write_sg(struct rtrs_srv_op *id)
 
                srv_mr = &sess->mrs[id->msg_id];
                rwr.wr.opcode = IB_WR_REG_MR;
+               rwr.wr.wr_cqe = &local_reg_cqe;
                rwr.wr.num_sge = 0;
                rwr.mr = srv_mr->mr;
                rwr.wr.send_flags = 0;
@@ -379,6 +382,7 @@ static int send_io_resp_imm(struct rtrs_srv_con *con, 
struct rtrs_srv_op *id,
 
                if (need_inval) {
                        if (likely(sg_cnt)) {
+                               inv_wr.wr_cqe   = &io_comp_cqe;
                                inv_wr.sg_list = NULL;
                                inv_wr.num_sge = 0;
                                inv_wr.opcode = IB_WR_SEND_WITH_INV;
@@ -421,6 +425,7 @@ static int send_io_resp_imm(struct rtrs_srv_con *con, 
struct rtrs_srv_op *id,
                srv_mr = &sess->mrs[id->msg_id];
                rwr.wr.next = &imm_wr;
                rwr.wr.opcode = IB_WR_REG_MR;
+               rwr.wr.wr_cqe = &local_reg_cqe;
                rwr.wr.num_sge = 0;
                rwr.wr.send_flags = 0;
                rwr.mr = srv_mr->mr;
-- 
2.27.0



Reply via email to