From patchwork Thu Jun  1 09:42:19 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
X-Patchwork-Id: 13263240
Return-Path: <linux-rdma-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9EB46C77B7E
	for <linux-rdma@archiver.kernel.org>; Thu,  1 Jun 2023 09:42:57 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232834AbjFAJm4 (ORCPT <rfc822;linux-rdma@archiver.kernel.org>);
        Thu, 1 Jun 2023 05:42:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57848 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232713AbjFAJmz (ORCPT
        <rfc822;linux-rdma@vger.kernel.org>); Thu, 1 Jun 2023 05:42:55 -0400
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com
 [IPv6:2607:f8b0:4864:20::102d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6253B1B0
        for <linux-rdma@vger.kernel.org>;
 Thu,  1 Jun 2023 02:42:43 -0700 (PDT)
Received: by mail-pj1-x102d.google.com with SMTP id
 98e67ed59e1d1-25690e009c8so134324a91.0
        for <linux-rdma@vger.kernel.org>;
 Thu, 01 Jun 2023 02:42:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=broadcom.com; s=google; t=1685612563; x=1688204563;
        h=mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=UdbkOY64oCOpk6c4lcew+CZzCgf7GSFBj5w5kk41xZI=;
        b=fV7V2vba++Ph0rbPeQPR4eOn8RiK1C+TDKV4NnW2t6BggGPsCFRdG88zrzKqf0AdGO
         fBMmAD7e5ZgAgdN8cY86nXYBNNsWONApKXWBzQhDeVJApR1WfX2tDTlid37Q3pampNL4
         jzwOlcZTDLYBP4sgtXgYGd1LmscBcHbDDmcfM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1685612563; x=1688204563;
        h=mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=UdbkOY64oCOpk6c4lcew+CZzCgf7GSFBj5w5kk41xZI=;
        b=U8B+jy8IAJASPeHxV8eWfAJcDvnP+kCybi2iYVfZahm4JIy75dyx34Qrpm7SgIdEuE
         iId7A9Yo/PZGg3XyM4vD1Y7nJAODGQk/z2ydo1ahqymMVnPPe9KUmMyJcnoWN6f0qItt
         phgEPWcFO4AieLAlIKfkhnu2/wv15S8KbZxnMANAPBiKjkrPHtheCqLpZf5T8qtYfY3P
         tY0GtWkFadhYr6C8thyypIHS77Q1xO6n8XvvMzhmMwLNPLRrDnQhfIdWPLDLHVB9PvCw
         FjPLRz2A7fIQSPOq0fHQ6JOsgwuHlupo4le65ejKRzmq/2JgOaAQ3CTW8IuqxhmUbsMt
         qfww==
X-Gm-Message-State: AC+VfDwmjcHj3JdFjdtLFvJnb0djGFDpWNySFEtukt27E2N2ZdCtnZ/z
        ivlb1k8H6Ko8PJ6YuBraqPfBmQ==
X-Google-Smtp-Source: 
 ACHHUZ6tww5MKcHls6RbhjWNubL7NLASMtkQ0pFpMFD0GJnqyw0GYpX5Zp+b1zhJ5Vl6bC8Y4PzkWQ==
X-Received: by 2002:a17:90a:8a98:b0:256:31f3:1f03 with SMTP id
 x24-20020a17090a8a9800b0025631f31f03mr6029085pjn.21.1685612562534;
        Thu, 01 Jun 2023 02:42:42 -0700 (PDT)
Received: from localhost.localdomain ([192.19.234.250])
        by smtp.gmail.com with ESMTPSA id
 e12-20020a63ee0c000000b00502e7115cbdsm2744960pgi.51.2023.06.01.02.42.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 01 Jun 2023 02:42:42 -0700 (PDT)
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
To: selvin.xavier@broadcom.com, jgg@ziepe.ca, leon@kernel.org,
        sagi@grimberg.me
Cc: linux-rdma@vger.kernel.org,
        Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Subject: [PATCH for-rc 2/3] IB/isert: Fix possible list corruption in CMA
 handler
Date: Thu,  1 Jun 2023 02:42:19 -0700
Message-Id: <20230601094220.64810-3-saravanan.vajravel@broadcom.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20230601094220.64810-1-saravanan.vajravel@broadcom.com>
References: <20230601094220.64810-1-saravanan.vajravel@broadcom.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org

When ib_isert module receives connection error event, it is
releasing the isert session and removes corresponding list
node but it doesn't take appropriate mutex lock to remove
the list node.  This can lead to linked  list corruption

Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
---
 drivers/infiniband/ulp/isert/ib_isert.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index b3471ac82c1a..64af8d966adf 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -657,11 +657,15 @@ static int
 isert_connect_error(struct rdma_cm_id *cma_id)
 {
 	struct isert_conn *isert_conn = cma_id->qp->qp_context;
+	struct isert_np *isert_np = cma_id->context;
 
 	ib_drain_qp(isert_conn->qp);
+
+	mutex_lock(&isert_np->mutex);
 	list_del_init(&isert_conn->node);
 	isert_conn->cm_id = NULL;
 	isert_put_conn(isert_conn);
+	mutex_unlock(&isert_np->mutex);
 
 	return -1;
 }