@@ -1480,13 +1480,27 @@ int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
}
memcpy(cep->mpa.hdr.key, MPA_KEY_REQ, 16);
+ if (pd_len > 0) {
+ cep->mpa.pdata = kmemdup(params->private_data, pd_len, GFP_KERNEL);
+ if (IS_ERR_OR_NULL(cep->mpa.pdata)) {
+ rv = -ENOMEM;
+ goto error;
+ }
+ cep->mpa.hdr.params.pd_len = pd_len;
+ }
+
cep->state = SIW_EPSTATE_AWAIT_MPAREP;
- rv = siw_send_mpareqrep(cep, params->private_data, pd_len);
+ rv = siw_send_mpareqrep(cep, cep->mpa.pdata,
+ cep->mpa.hdr.params.pd_len);
/*
* Reset private data.
*/
- cep->mpa.hdr.params.pd_len = 0;
+ if (cep->mpa.hdr.params.pd_len) {
+ cep->mpa.hdr.params.pd_len = 0;
+ kfree(cep->mpa.pdata);
+ cep->mpa.pdata = NULL;
+ }
if (rv >= 0) {
rv = siw_cm_queue_work(cep, SIW_CM_WORK_MPATIMEOUT);
The final patch will implement a non-blocking connect, which means that siw_connect() will be split into siw_connect() and siw_connected(). kernel_bindconnect() will be the last action in siw_connect(), while the MPA negotiation is deferred to siw_connected(). We should not rely on the callers private data pointers to be still valid when siw_connected() is called, so we better create a copy. Also note that __siw_cep_dealloc() already calls kfree(cep->mpa.pdata), so we already have the required cleanup when we'll split out siw_connected() and an error will prevent siw_connected() being called at all. Fixes: 6c52fdc244b5 ("rdma/siw: connection management") Signed-off-by: Stefan Metzmacher <metze@samba.org> Cc: Bernard Metzler <bmt@zurich.ibm.com> Cc: linux-rdma@vger.kernel.org --- drivers/infiniband/sw/siw/siw_cm.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-)