| Message ID | d528d83466c44687f3872eadcb8c184528b2e2d4.1650526554.git.chengyou@linux.alibaba.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Jason Gunthorpe |
| Headers | show |
| Series | RDMA/siw: Fix a condition race issue in MPA request processing | expand |
On Sun, Apr 24, 2022 at 04:01:03PM +0800, Cheng Xu wrote: > The calling of siw_cm_upcall and detaching new_cep with its > listen_cep should be atomistic semantics. Otherwise siw_reject > may be called in a temporary state, e,g, siw_cm_upcall is called > but the new_cep->listen_cep has not being cleared. > > This will generate a WARN in dmesg, which reported in: > https://lore.kernel.org/all/Yliu2ROIh0nLk5l0@bombadil.infradead.org/ > > Reported-by: Luis Chamberlain <mcgrof@kernel.org> > Signed-off-by: Cheng Xu <chengyou@linux.alibaba.com> > --- > drivers/infiniband/sw/siw/siw_cm.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Bernard? Thanks, Jason
On Sun, Apr 24, 2022 at 04:01:03PM +0800, Cheng Xu wrote: > The calling of siw_cm_upcall and detaching new_cep with its > listen_cep should be atomistic semantics. Otherwise siw_reject > may be called in a temporary state, e,g, siw_cm_upcall is called > but the new_cep->listen_cep has not being cleared. > > This will generate a WARN in dmesg, which reported in: > https://lore.kernel.org/all/Yliu2ROIh0nLk5l0@bombadil.infradead.org/ > > Reported-by: Luis Chamberlain <mcgrof@kernel.org> > Signed-off-by: Cheng Xu <chengyou@linux.alibaba.com> > --- > drivers/infiniband/sw/siw/siw_cm.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Applied to for-rc, thanks Jason
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c index 7acdd3c3a599..17f34d584cd9 100644 --- a/drivers/infiniband/sw/siw/siw_cm.c +++ b/drivers/infiniband/sw/siw/siw_cm.c @@ -968,14 +968,15 @@ static void siw_accept_newconn(struct siw_cep *cep) siw_cep_set_inuse(new_cep); rv = siw_proc_mpareq(new_cep); - siw_cep_set_free(new_cep); - if (rv != -EAGAIN) { siw_cep_put(cep); new_cep->listen_cep = NULL; - if (rv) + if (rv) { + siw_cep_set_free(new_cep); goto error; + } } + siw_cep_set_free(new_cep); } return;
The calling of siw_cm_upcall and detaching new_cep with its listen_cep should be atomistic semantics. Otherwise siw_reject may be called in a temporary state, e,g, siw_cm_upcall is called but the new_cep->listen_cep has not being cleared. This will generate a WARN in dmesg, which reported in: https://lore.kernel.org/all/Yliu2ROIh0nLk5l0@bombadil.infradead.org/ Reported-by: Luis Chamberlain <mcgrof@kernel.org> Signed-off-by: Cheng Xu <chengyou@linux.alibaba.com> --- drivers/infiniband/sw/siw/siw_cm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)