RDMA/mlx5: Fix potential race between destroy and CQE poll

The SRQ can be destroyed right before mlx5_cmd_get_srq is called.
In such case the latter will return NULL instead of expected SRQ.

Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Link: https://lore.kernel.org/r/20200830084010.102381-5-leon@kernel.org
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

diff --git a/drivers/infiniband/hw/mlx5/cq.c b/drivers/infiniband/hw/mlx5/cq.c
index dceb0eb..b318bde 100644 (file)
--- a/drivers/infiniband/hw/mlx5/cq.c
+++ b/drivers/infiniband/hw/mlx5/cq.c
@@ -168,7 +168,7 @@ static void handle_responder(struct ib_wc *wc, struct mlx5_cqe64 *cqe,
 {
        enum rdma_link_layer ll = rdma_port_get_link_layer(qp->ibqp.device, 1);
        struct mlx5_ib_dev *dev = to_mdev(qp->ibqp.device);
-       struct mlx5_ib_srq *srq;
+       struct mlx5_ib_srq *srq = NULL;
        struct mlx5_ib_wq *wq;
        u16 wqe_ctr;
        u8  roce_packet_type;
@@ -180,7 +180,8 @@ static void handle_responder(struct ib_wc *wc, struct mlx5_cqe64 *cqe,
 
                if (qp->ibqp.xrcd) {
                        msrq = mlx5_cmd_get_srq(dev, be32_to_cpu(cqe->srqn));
-                       srq = to_mibsrq(msrq);
+                       if (msrq)
+                               srq = to_mibsrq(msrq);
                } else {
                        srq = to_msrq(qp->ibqp.srq);
                }