| Message ID | bf2e457f30108e0872f517e7ac585bb956a291a7.1620343860.git.metze@samba.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | rdma/siw: fix a lot of deadlocks and use after free bugs | expand |
-----"Stefan Metzmacher" <metze@samba.org> wrote: ----- >To: "Bernard Metzler" <bmt@zurich.ibm.com> >From: "Stefan Metzmacher" <metze@samba.org> >Date: 05/07/2021 01:39AM >Cc: linux-rdma@vger.kernel.org, "Stefan Metzmacher" <metze@samba.org> >Subject: [EXTERNAL] [PATCH 23/31] rdma/siw: make use of >__siw_cep_close() in siw_accept() > >This is basically the same just that the code in >__siw_cep_close() common, it skips elements which >are still NULL. Before it was really hard to prove >that we don't deference NULL pointers. > >While developing my smbdirect driver, I hit so much >crashes and deadlocks, so we better have code that's >understandable. > >Fixes: 6c52fdc244b5 ("rdma/siw: connection management") >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Cc: Bernard Metzler <bmt@zurich.ibm.com> >Cc: linux-rdma@vger.kernel.org >--- > drivers/infiniband/sw/siw/siw_cm.c | 18 +----------------- > 1 file changed, 1 insertion(+), 17 deletions(-) > >diff --git a/drivers/infiniband/sw/siw/siw_cm.c >b/drivers/infiniband/sw/siw/siw_cm.c >index 09ae7f7ca82a..7fd67499f1d3 100644 >--- a/drivers/infiniband/sw/siw/siw_cm.c >+++ b/drivers/infiniband/sw/siw/siw_cm.c >@@ -1833,23 +1833,7 @@ int siw_accept(struct iw_cm_id *id, struct >iw_cm_conn_param *params) > > return 0; > error: >- siw_socket_disassoc(cep->sock); >- sock_release(cep->sock); >- cep->sock = NULL; >- >- cep->state = SIW_EPSTATE_CLOSED; >- >- if (cep->cm_id) { >- cep->cm_id->rem_ref(id); >- cep->cm_id = NULL; >- } >- if (qp->cep) { >- siw_cep_put(cep); >- qp->cep = NULL; >- } >- cep->qp = NULL; >- siw_qp_put(qp); >- >+ __siw_cep_close(cep); > siw_cep_set_free(cep); > siw_cep_put(cep); > >-- >2.25.1 > > OK, makes life easier. Reviewed-by: Bernard Metzler <bmt@zurich.ibm.com>
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c index 09ae7f7ca82a..7fd67499f1d3 100644 --- a/drivers/infiniband/sw/siw/siw_cm.c +++ b/drivers/infiniband/sw/siw/siw_cm.c @@ -1833,23 +1833,7 @@ int siw_accept(struct iw_cm_id *id, struct iw_cm_conn_param *params) return 0; error: - siw_socket_disassoc(cep->sock); - sock_release(cep->sock); - cep->sock = NULL; - - cep->state = SIW_EPSTATE_CLOSED; - - if (cep->cm_id) { - cep->cm_id->rem_ref(id); - cep->cm_id = NULL; - } - if (qp->cep) { - siw_cep_put(cep); - qp->cep = NULL; - } - cep->qp = NULL; - siw_qp_put(qp); - + __siw_cep_close(cep); siw_cep_set_free(cep); siw_cep_put(cep);
This is basically the same just that the code in __siw_cep_close() common, it skips elements which are still NULL. Before it was really hard to prove that we don't deference NULL pointers. While developing my smbdirect driver, I hit so much crashes and deadlocks, so we better have code that's understandable. Fixes: 6c52fdc244b5 ("rdma/siw: connection management") Signed-off-by: Stefan Metzmacher <metze@samba.org> Cc: Bernard Metzler <bmt@zurich.ibm.com> Cc: linux-rdma@vger.kernel.org --- drivers/infiniband/sw/siw/siw_cm.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-)