| Message ID | 5f9dda492f0ff3ff0f858c9ee604f7ca8f179336.1620343860.git.metze@samba.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | rdma/siw: fix a lot of deadlocks and use after free bugs | expand |
-----"Stefan Metzmacher" <metze@samba.org> wrote: ----- >To: "Bernard Metzler" <bmt@zurich.ibm.com> >From: "Stefan Metzmacher" <metze@samba.org> >Date: 05/07/2021 01:39AM >Cc: linux-rdma@vger.kernel.org, "Stefan Metzmacher" <metze@samba.org> >Subject: [EXTERNAL] [PATCH 25/31] rdma/siw: fix double siw_cep_put() >in siw_cm_work_handler() > >We never do an additional siw_cep_get(cep) when calling >id->add_ref(id), >there's no reason to call siw_cep_put(cep) when calling >cep->cm_id->rem_ref(cep->cm_id)! > >I saw this happening quite often while testing my smbdirect driver >and the peer already reseted the tcp connection. > Uhh...you got a WARN()? Thanks! >Fixes: 6c52fdc244b5 ("rdma/siw: connection management") >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Cc: Bernard Metzler <bmt@zurich.ibm.com> >Cc: linux-rdma@vger.kernel.org >--- > drivers/infiniband/sw/siw/siw_cm.c | 1 - > 1 file changed, 1 deletion(-) > >diff --git a/drivers/infiniband/sw/siw/siw_cm.c >b/drivers/infiniband/sw/siw/siw_cm.c >index 31135d877d41..a2a5a36370af 100644 >--- a/drivers/infiniband/sw/siw/siw_cm.c >+++ b/drivers/infiniband/sw/siw/siw_cm.c >@@ -1252,7 +1252,6 @@ static void siw_cm_work_handler(struct >work_struct *w) > if (cep->cm_id) { > cep->cm_id->rem_ref(cep->cm_id); > cep->cm_id = NULL; >- siw_cep_put(cep); > } > } > siw_cep_set_free(cep); >-- >2.25.1 > >
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c index 31135d877d41..a2a5a36370af 100644 --- a/drivers/infiniband/sw/siw/siw_cm.c +++ b/drivers/infiniband/sw/siw/siw_cm.c @@ -1252,7 +1252,6 @@ static void siw_cm_work_handler(struct work_struct *w) if (cep->cm_id) { cep->cm_id->rem_ref(cep->cm_id); cep->cm_id = NULL; - siw_cep_put(cep); } } siw_cep_set_free(cep);
We never do an additional siw_cep_get(cep) when calling id->add_ref(id), there's no reason to call siw_cep_put(cep) when calling cep->cm_id->rem_ref(cep->cm_id)! I saw this happening quite often while testing my smbdirect driver and the peer already reseted the tcp connection. Fixes: 6c52fdc244b5 ("rdma/siw: connection management") Signed-off-by: Stefan Metzmacher <metze@samba.org> Cc: Bernard Metzler <bmt@zurich.ibm.com> Cc: linux-rdma@vger.kernel.org --- drivers/infiniband/sw/siw/siw_cm.c | 1 - 1 file changed, 1 deletion(-)