Skip to content

Commit 8c705de

Browse files
paravmellanoxgregkh
paravmellanox
authored and
gregkh
committed
RDMA/cma: Protect cma dev list with lock
commit 954a8e3 upstream. When AF_IB addresses are used during rdma_resolve_addr() a lock is not held. A cma device can get removed while list traversal is in progress which may lead to crash. ie CPU0 CPU1 ==== ==== rdma_resolve_addr() cma_resolve_ib_dev() list_for_each() cma_remove_one() cur_dev->device mutex_lock(&lock) list_del(); mutex_unlock(&lock); cma_process_remove(); Therefore, hold a lock while traversing the list which avoids such situation. Cc: <[email protected]> # 3.10 Fixes: f17df3b ("RDMA/cma: Add support for AF_IB to rdma_resolve_addr()") Signed-off-by: Parav Pandit <[email protected]> Reviewed-by: Daniel Jurgens <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Reviewed-by: Dennis Dalessandro <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent a5d2476 commit 8c705de

File tree

1 file changed

+7
-5
lines changed
  • drivers/infiniband/core

1 file changed

+7
-5
lines changed

drivers/infiniband/core/cma.c

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -730,6 +730,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
730730
dgid = (union ib_gid *) &addr->sib_addr;
731731
pkey = ntohs(addr->sib_pkey);
732732

733+
mutex_lock(&lock);
733734
list_for_each_entry(cur_dev, &dev_list, list) {
734735
for (p = 1; p <= cur_dev->device->phys_port_cnt; ++p) {
735736
if (!rdma_cap_af_ib(cur_dev->device, p))
@@ -756,18 +757,19 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
756757
cma_dev = cur_dev;
757758
sgid = gid;
758759
id_priv->id.port_num = p;
760+
goto found;
759761
}
760762
}
761763
}
762764
}
763-
764-
if (!cma_dev)
765-
return -ENODEV;
765+
mutex_unlock(&lock);
766+
return -ENODEV;
766767

767768
found:
768769
cma_attach_to_dev(id_priv, cma_dev);
769-
addr = (struct sockaddr_ib *) cma_src_addr(id_priv);
770-
memcpy(&addr->sib_addr, &sgid, sizeof sgid);
770+
mutex_unlock(&lock);
771+
addr = (struct sockaddr_ib *)cma_src_addr(id_priv);
772+
memcpy(&addr->sib_addr, &sgid, sizeof(sgid));
771773
cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr);
772774
return 0;
773775
}

0 commit comments

Comments
 (0)