Skip to content

Commit 954a8e3

Browse files
paravmellanoxjgunthorpe
paravmellanox
authored and
jgunthorpe
committed
RDMA/cma: Protect cma dev list with lock
When AF_IB addresses are used during rdma_resolve_addr() a lock is not held. A cma device can get removed while list traversal is in progress which may lead to crash. ie CPU0 CPU1 ==== ==== rdma_resolve_addr() cma_resolve_ib_dev() list_for_each() cma_remove_one() cur_dev->device mutex_lock(&lock) list_del(); mutex_unlock(&lock); cma_process_remove(); Therefore, hold a lock while traversing the list which avoids such situation. Cc: <[email protected]> # 3.10 Fixes: f17df3b ("RDMA/cma: Add support for AF_IB to rdma_resolve_addr()") Signed-off-by: Parav Pandit <[email protected]> Reviewed-by: Daniel Jurgens <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Reviewed-by: Dennis Dalessandro <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]>
1 parent 08e74be commit 954a8e3

File tree

1 file changed

+7
-5
lines changed
  • drivers/infiniband/core

1 file changed

+7
-5
lines changed

drivers/infiniband/core/cma.c

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -724,6 +724,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
724724
dgid = (union ib_gid *) &addr->sib_addr;
725725
pkey = ntohs(addr->sib_pkey);
726726

727+
mutex_lock(&lock);
727728
list_for_each_entry(cur_dev, &dev_list, list) {
728729
for (p = 1; p <= cur_dev->device->phys_port_cnt; ++p) {
729730
if (!rdma_cap_af_ib(cur_dev->device, p))
@@ -750,18 +751,19 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
750751
cma_dev = cur_dev;
751752
sgid = gid;
752753
id_priv->id.port_num = p;
754+
goto found;
753755
}
754756
}
755757
}
756758
}
757-
758-
if (!cma_dev)
759-
return -ENODEV;
759+
mutex_unlock(&lock);
760+
return -ENODEV;
760761

761762
found:
762763
cma_attach_to_dev(id_priv, cma_dev);
763-
addr = (struct sockaddr_ib *) cma_src_addr(id_priv);
764-
memcpy(&addr->sib_addr, &sgid, sizeof sgid);
764+
mutex_unlock(&lock);
765+
addr = (struct sockaddr_ib *)cma_src_addr(id_priv);
766+
memcpy(&addr->sib_addr, &sgid, sizeof(sgid));
765767
cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr);
766768
return 0;
767769
}

0 commit comments

Comments
 (0)