From patchwork Fri Jun  2 10:56:12 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
X-Patchwork-Id: 13265102
Return-Path: <linux-rdma-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BB904C7EE24
	for <linux-rdma@archiver.kernel.org>; Fri,  2 Jun 2023 10:56:44 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234629AbjFBK4n (ORCPT <rfc822;linux-rdma@archiver.kernel.org>);
        Fri, 2 Jun 2023 06:56:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43118 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235328AbjFBK4m (ORCPT
        <rfc822;linux-rdma@vger.kernel.org>); Fri, 2 Jun 2023 06:56:42 -0400
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com
 [IPv6:2607:f8b0:4864:20::52e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C63C132
        for <linux-rdma@vger.kernel.org>;
 Fri,  2 Jun 2023 03:56:41 -0700 (PDT)
Received: by mail-pg1-x52e.google.com with SMTP id
 41be03b00d2f7-51452556acdso1100821a12.2
        for <linux-rdma@vger.kernel.org>;
 Fri, 02 Jun 2023 03:56:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=broadcom.com; s=google; t=1685703401; x=1688295401;
        h=mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=vrU8RuwXJuDR+wRdVbfrIbe8rLmiHx/mKu/aVHb735M=;
        b=EwG4tRV4XbcNw1gRBSGZzHWCYU+150yVGWKcusFsW2RAt+5VeC0vY2jI0ahdRNfxJQ
         U4atOk8oYyZAToV2Tqj5loBCFs9wYTt1MqVDCWrZL8SrGlrUUqzsvmNBwzjLgid7lxD9
         XUOUYyWNhwQMrSqXGSLxru2BcUy00fa5diceA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1685703401; x=1688295401;
        h=mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=vrU8RuwXJuDR+wRdVbfrIbe8rLmiHx/mKu/aVHb735M=;
        b=AIthjrKjToS9Q6tbAmPDrifbilEXw+1W0t3hK4VyeFWzj44g1qZ9cCX4q/lXJcnMcJ
         KcxFq/87ny8mE9TnwkXGI/E/q82Dm1+ZBeHIRLj/zxkHoHWjiUpEOIihygfZKZ8TaT8g
         UU4RahjmiXKwWLLvu7ngJAfts4DHHc6JY8o5XXY5S8yywrN7mb4ixGyFTN5lQ2b8EKWO
         SexL0CTOsTIlFiR7LiwBKfWbReC5QLszDlhRBc9EXhW68X1n31Eti0IS//9uW9/qmqcF
         8yFQgl56+TQ4bMEzjkXN6CxTMoWvL/oYmdG4z9W9qvqttgUHMKNRjDnmb9VnW0GpBth3
         Jh5Q==
X-Gm-Message-State: AC+VfDyRMtp0KQ6/+7ezLdqxtgIMwU4lpKiPqKG/yV66Fnl4Ces5des3
        x0CTiVhLSI5sHiUDNM9fhYUFLg==
X-Google-Smtp-Source: 
 ACHHUZ7jBCD9zHB8nYTXvBmVvlkpiSg0M+v2ewaJh0MtUEWEEESkjSofQYazeQWAlF1n+sOfU1XS3g==
X-Received: by 2002:a05:6a20:6f05:b0:10b:a9ca:97bf with SMTP id
 gt5-20020a056a206f0500b0010ba9ca97bfmr8492084pzb.24.1685703400708;
        Fri, 02 Jun 2023 03:56:40 -0700 (PDT)
Received: from localhost.localdomain ([192.19.234.250])
        by smtp.gmail.com with ESMTPSA id
 s9-20020aa78d49000000b0064f708ca12asm792315pfe.70.2023.06.02.03.56.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Jun 2023 03:56:40 -0700 (PDT)
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
To: selvin.xavier@broadcom.com, jgg@ziepe.ca, leon@kernel.org,
        sagi@grimberg.me
Cc: linux-rdma@vger.kernel.org,
        Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Subject: [PATCH v2 for-rc 2/3] IB/isert: Fix possible list corruption in CMA
 handler
Date: Fri,  2 Jun 2023 03:56:12 -0700
Message-Id: <20230602105613.95952-3-saravanan.vajravel@broadcom.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20230602105613.95952-1-saravanan.vajravel@broadcom.com>
References: <20230602105613.95952-1-saravanan.vajravel@broadcom.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org

When ib_isert module receives connection error event, it is
releasing the isert session and removes corresponding list
node but it doesn't take appropriate mutex lock to remove
the list node.  This can lead to linked  list corruption

Fixes: bd3792205aae ("iser-target: Fix pending connections handling in target stack shutdown sequnce")
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
---
 drivers/infiniband/ulp/isert/ib_isert.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index b4809d237250..7214a9bba524 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -657,11 +657,15 @@ static int
 isert_connect_error(struct rdma_cm_id *cma_id)
 {
 	struct isert_conn *isert_conn = cma_id->qp->qp_context;
+	struct isert_np *isert_np = cma_id->context;
 
 	ib_drain_qp(isert_conn->qp);
+
+	mutex_lock(&isert_np->mutex);
 	list_del_init(&isert_conn->node);
 	isert_conn->cm_id = NULL;
 	isert_put_conn(isert_conn);
+	mutex_unlock(&isert_np->mutex);
 
 	return -1;
 }