RDMA/siw: Fix failure handling during device creation

A failing call to ib_device_set_netdev() during device creation caused
system crash due to xa_destroy of uninitialized xarray hit by device
deallocation. Fixed by moving xarray initialization before potential
device deallocation.

Fixes: bdcf26bf9b3a ("rdma/siw: network and RDMA core interface")
Link: https://lore.kernel.org/r/20200302155814.9896-1-bmt@zurich.ibm.com
Reported-by: syzbot+2e80962bedd9559fe0b3@syzkaller.appspotmail.com
Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

diff --git a/drivers/infiniband/sw/siw/siw_main.c b/drivers/infiniband/sw/siw/siw_main.c
index 96ed349..5cd40fb 100644 (file)
--- a/drivers/infiniband/sw/siw/siw_main.c
+++ b/drivers/infiniband/sw/siw/siw_main.c
@@ -388,6 +388,9 @@ static struct siw_device *siw_device_create(struct net_device *netdev)
                { .max_segment_size = SZ_2G };
        base_dev->num_comp_vectors = num_possible_cpus();
 
+       xa_init_flags(&sdev->qp_xa, XA_FLAGS_ALLOC1);
+       xa_init_flags(&sdev->mem_xa, XA_FLAGS_ALLOC1);
+
        ib_set_device_ops(base_dev, &siw_device_ops);
        rv = ib_device_set_netdev(base_dev, netdev, 1);
        if (rv)
@@ -415,9 +418,6 @@ static struct siw_device *siw_device_create(struct net_device *netdev)
        sdev->attrs.max_srq_wr = SIW_MAX_SRQ_WR;
        sdev->attrs.max_srq_sge = SIW_MAX_SGE;
 
-       xa_init_flags(&sdev->qp_xa, XA_FLAGS_ALLOC1);
-       xa_init_flags(&sdev->mem_xa, XA_FLAGS_ALLOC1);
-
        INIT_LIST_HEAD(&sdev->cep_list);
        INIT_LIST_HEAD(&sdev->qp_list);