diff options
author | Saravanan Vajravel <saravanan.vajravel@broadcom.com> | 2023-06-06 03:25:30 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-06-21 16:01:00 +0200 |
commit | f77965f48792113ae4f92276bee4cf41ddf2954e (patch) | |
tree | 2a7fc974e43345c657a803a8314f8be91ae661ed | |
parent | 4e55c9abe94765620a61149a7d18c5e3444b8187 (diff) | |
download | linux-f77965f48792113ae4f92276bee4cf41ddf2954e.tar.gz |
IB/isert: Fix possible list corruption in CMA handler
[ Upstream commit 7651e2d6c5b359a28c2d4c904fec6608d1021ca8 ] When ib_isert module receives connection error event, it is releasing the isert session and removes corresponding list node but it doesn't take appropriate mutex lock to remove the list node. This can lead to linked list corruption Fixes: bd3792205aae ("iser-target: Fix pending connections handling in target stack shutdown sequnce") Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com> Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com> Link: https://lore.kernel.org/r/20230606102531.162967-3-saravanan.vajravel@broadcom.com Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | drivers/infiniband/ulp/isert/ib_isert.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c index 50d7373b425c..a02a3caeaa4e 100644 --- a/drivers/infiniband/ulp/isert/ib_isert.c +++ b/drivers/infiniband/ulp/isert/ib_isert.c @@ -657,9 +657,13 @@ static int isert_connect_error(struct rdma_cm_id *cma_id) { struct isert_conn *isert_conn = cma_id->qp->qp_context; + struct isert_np *isert_np = cma_id->context; ib_drain_qp(isert_conn->qp); + + mutex_lock(&isert_np->mutex); list_del_init(&isert_conn->node); + mutex_unlock(&isert_np->mutex); isert_conn->cm_id = NULL; isert_put_conn(isert_conn); |