| Message ID | 8f68ab650c2ecac55075d07a4256eff7b1735324.1620343860.git.metze@samba.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | rdma/siw: fix a lot of deadlocks and use after free bugs | expand |
-----"Stefan Metzmacher" <metze@samba.org> wrote: ----- >To: "Bernard Metzler" <bmt@zurich.ibm.com> >From: "Stefan Metzmacher" <metze@samba.org> >Date: 05/07/2021 01:39AM >Cc: linux-rdma@vger.kernel.org, "Stefan Metzmacher" <metze@samba.org> >Subject: [EXTERNAL] [PATCH 19/31] rdma/siw: split out a >__siw_cep_close() function > >This can be used in a lot of other places too. >And can be the code path that we can easily adjust >without forgetting other places. > >Fixes: 6c52fdc244b5 ("rdma/siw: connection management") >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Cc: Bernard Metzler <bmt@zurich.ibm.com> >Cc: linux-rdma@vger.kernel.org >--- > drivers/infiniband/sw/siw/siw_cm.c | 48 >++++++++++++++++++++---------- > 1 file changed, 33 insertions(+), 15 deletions(-) > >diff --git a/drivers/infiniband/sw/siw/siw_cm.c >b/drivers/infiniband/sw/siw/siw_cm.c >index 009a0afe6669..cf0f881c6793 100644 >--- a/drivers/infiniband/sw/siw/siw_cm.c >+++ b/drivers/infiniband/sw/siw/siw_cm.c >@@ -220,6 +220,34 @@ static void __siw_cep_terminate_upcall(struct >siw_cep *cep, > } > } > >+/* >+ * The caller needs to deal with siw_cep_set_inuse() >+ * and siw_cep_set_free() >+ */ >+static void __siw_cep_close(struct siw_cep *cep) >+{ >+ cep->state = SIW_EPSTATE_CLOSED; >+ >+ if (cep->sock) { >+ siw_socket_disassoc(cep->sock); >+ sock_release(cep->sock); >+ cep->sock = NULL; >+ } >+ >+ if (cep->cm_id) { >+ cep->cm_id->rem_ref(cep->cm_id); >+ cep->cm_id = NULL; >+ } >+ >+ if (cep->qp) { >+ BUG_ON(cep->qp->cep != cep); Don't (re)introduce BUG()into the driver. >+ cep->qp->cep = NULL; >+ siw_qp_put(cep->qp); >+ cep->qp = NULL; >+ siw_cep_put(cep); >+ } >+} >+ > static void siw_rtr_data_ready(struct sock *sk) > { > struct siw_cep *cep; >@@ -1559,27 +1587,17 @@ int siw_connect(struct iw_cm_id *id, struct >iw_cm_conn_param *params) > if (cep) { > siw_cancel_mpatimer(cep); > >- siw_socket_disassoc(s); >- sock_release(s); >- cep->sock = NULL; >- >- cep->qp = NULL; >+ s = NULL; >+ qp = NULL; > >- cep->cm_id = NULL; >- id->rem_ref(id); >- >- qp->cep = NULL; >- siw_cep_put(cep); >- >- cep->state = SIW_EPSTATE_CLOSED; >+ __siw_cep_close(cep); > > siw_cep_set_free(cep); > > siw_cep_put(cep); >- >- } else if (s) { >- sock_release(s); > } >+ if (s) >+ sock_release(s); > if (qp) > siw_qp_put(qp); > >-- >2.25.1 > >
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c index 009a0afe6669..cf0f881c6793 100644 --- a/drivers/infiniband/sw/siw/siw_cm.c +++ b/drivers/infiniband/sw/siw/siw_cm.c @@ -220,6 +220,34 @@ static void __siw_cep_terminate_upcall(struct siw_cep *cep, } } +/* + * The caller needs to deal with siw_cep_set_inuse() + * and siw_cep_set_free() + */ +static void __siw_cep_close(struct siw_cep *cep) +{ + cep->state = SIW_EPSTATE_CLOSED; + + if (cep->sock) { + siw_socket_disassoc(cep->sock); + sock_release(cep->sock); + cep->sock = NULL; + } + + if (cep->cm_id) { + cep->cm_id->rem_ref(cep->cm_id); + cep->cm_id = NULL; + } + + if (cep->qp) { + BUG_ON(cep->qp->cep != cep); + cep->qp->cep = NULL; + siw_qp_put(cep->qp); + cep->qp = NULL; + siw_cep_put(cep); + } +} + static void siw_rtr_data_ready(struct sock *sk) { struct siw_cep *cep; @@ -1559,27 +1587,17 @@ int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params) if (cep) { siw_cancel_mpatimer(cep); - siw_socket_disassoc(s); - sock_release(s); - cep->sock = NULL; - - cep->qp = NULL; + s = NULL; + qp = NULL; - cep->cm_id = NULL; - id->rem_ref(id); - - qp->cep = NULL; - siw_cep_put(cep); - - cep->state = SIW_EPSTATE_CLOSED; + __siw_cep_close(cep); siw_cep_set_free(cep); siw_cep_put(cep); - - } else if (s) { - sock_release(s); } + if (s) + sock_release(s); if (qp) siw_qp_put(qp);
This can be used in a lot of other places too. And can be the code path that we can easily adjust without forgetting other places. Fixes: 6c52fdc244b5 ("rdma/siw: connection management") Signed-off-by: Stefan Metzmacher <metze@samba.org> Cc: Bernard Metzler <bmt@zurich.ibm.com> Cc: linux-rdma@vger.kernel.org --- drivers/infiniband/sw/siw/siw_cm.c | 48 ++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 15 deletions(-)