summary refs log tree commit diff
diff options
context:
space:
mode:
authorSaravanan Vajravel <saravanan.vajravel@broadcom.com>2023-06-06 03:25:30 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2023-06-21 16:01:00 +0200
commitf77965f48792113ae4f92276bee4cf41ddf2954e (patch)
tree2a7fc974e43345c657a803a8314f8be91ae661ed
parent4e55c9abe94765620a61149a7d18c5e3444b8187 (diff)
downloadlinux-f77965f48792113ae4f92276bee4cf41ddf2954e.tar.gz
IB/isert: Fix possible list corruption in CMA handler
[ Upstream commit 7651e2d6c5b359a28c2d4c904fec6608d1021ca8 ]

When ib_isert module receives connection error event, it is
releasing the isert session and removes corresponding list
node but it doesn't take appropriate mutex lock to remove
the list node.  This can lead to linked  list corruption

Fixes: bd3792205aae ("iser-target: Fix pending connections handling in target stack shutdown sequnce")
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Link: https://lore.kernel.org/r/20230606102531.162967-3-saravanan.vajravel@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat
-rw-r--r--drivers/infiniband/ulp/isert/ib_isert.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index 50d7373b425c..a02a3caeaa4e 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -657,9 +657,13 @@ static int
 isert_connect_error(struct rdma_cm_id *cma_id)
 {
 	struct isert_conn *isert_conn = cma_id->qp->qp_context;
+	struct isert_np *isert_np = cma_id->context;
 
 	ib_drain_qp(isert_conn->qp);
+
+	mutex_lock(&isert_np->mutex);
 	list_del_init(&isert_conn->node);
+	mutex_unlock(&isert_np->mutex);
 	isert_conn->cm_id = NULL;
 	isert_put_conn(isert_conn);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-07 14:32:15 +0000