From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org,
target-devel <target-devel@vger.kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Sagi Grimberg <sagig@mellanox.com>,
Nicholas Bellinger <nab@linux-iscsi.org>
Subject: [PATCH 3.10 48/51] iser-target: Fix connected_handler + teardown flow race
Date: Tue, 3 Feb 2015 15:17:30 -0800 [thread overview]
Message-ID: <20150203231726.056452378@linuxfoundation.org> (raw)
In-Reply-To: <20150203231724.582537862@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sagi Grimberg <sagig@mellanox.com>
commit 19e2090fb246ca21b3e569ead51a6a7a1748eadd upstream.
Take isert_conn pointer from cm_id->qp->qp_context. This
will allow us to know that the cm_id context is always
the network portal. This will make the cm_id event check
(connection or network portal) more reliable.
In order to avoid a NULL dereference in cma_id->qp->qp_context
we destroy the qp after we destroy the cm_id (and make the
dereference safe). session stablishment/teardown sequences
can happen in parallel, we should take into account that
connected_handler might race with connection teardown flow.
Also, protect isert_conn->conn_device->active_qps decrement
within the error patch during QP creation failure and the
normal teardown path in isert_connect_release().
Squashed:
iser-target: Decrement completion context active_qps in error flow
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -132,12 +132,18 @@ isert_conn_setup_qp(struct isert_conn *i
ret = rdma_create_qp(cma_id, isert_conn->conn_pd, &attr);
if (ret) {
pr_err("rdma_create_qp failed for cma_id %d\n", ret);
- return ret;
+ goto err;
}
isert_conn->conn_qp = cma_id->qp;
pr_debug("rdma_create_qp() returned success >>>>>>>>>>>>>>>>>>>>>>>>>.\n");
return 0;
+err:
+ mutex_lock(&device_list_mutex);
+ device->cq_active_qps[min_index]--;
+ mutex_unlock(&device_list_mutex);
+
+ return ret;
}
static void
@@ -425,7 +431,6 @@ isert_connect_request(struct rdma_cm_id
kref_init(&isert_conn->conn_kref);
mutex_init(&isert_conn->conn_mutex);
- cma_id->context = isert_conn;
isert_conn->conn_cm_id = cma_id;
isert_conn->responder_resources = event->param.conn.responder_resources;
isert_conn->initiator_depth = event->param.conn.initiator_depth;
@@ -526,18 +531,20 @@ isert_connect_release(struct isert_conn
pr_debug("Entering isert_connect_release(): >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+ isert_free_rx_descriptors(isert_conn);
+ rdma_destroy_id(isert_conn->conn_cm_id);
+
if (isert_conn->conn_qp) {
cq_index = ((struct isert_cq_desc *)
isert_conn->conn_qp->recv_cq->cq_context)->cq_index;
pr_debug("isert_connect_release: cq_index: %d\n", cq_index);
+ mutex_lock(&device_list_mutex);
isert_conn->conn_device->cq_active_qps[cq_index]--;
+ mutex_unlock(&device_list_mutex);
- rdma_destroy_qp(isert_conn->conn_cm_id);
+ ib_destroy_qp(isert_conn->conn_qp);
}
- isert_free_rx_descriptors(isert_conn);
- rdma_destroy_id(isert_conn->conn_cm_id);
-
if (isert_conn->login_buf) {
ib_dma_unmap_single(ib_dev, isert_conn->login_rsp_dma,
ISER_RX_LOGIN_SIZE, DMA_TO_DEVICE);
@@ -557,7 +564,7 @@ isert_connect_release(struct isert_conn
static void
isert_connected_handler(struct rdma_cm_id *cma_id)
{
- struct isert_conn *isert_conn = cma_id->context;
+ struct isert_conn *isert_conn = cma_id->qp->qp_context;
pr_info("conn %p\n", isert_conn);
@@ -635,16 +642,16 @@ isert_conn_terminate(struct isert_conn *
static int
isert_disconnected_handler(struct rdma_cm_id *cma_id)
{
+ struct iscsi_np *np = cma_id->context;
+ struct isert_np *isert_np = np->np_context;
struct isert_conn *isert_conn;
- if (!cma_id->qp) {
- struct isert_np *isert_np = cma_id->context;
-
+ if (isert_np->np_cm_id == cma_id) {
isert_np->np_cm_id = NULL;
return -1;
}
- isert_conn = (struct isert_conn *)cma_id->context;
+ isert_conn = cma_id->qp->qp_context;
mutex_lock(&isert_conn->conn_mutex);
isert_conn_terminate(isert_conn);
@@ -659,7 +666,7 @@ isert_disconnected_handler(struct rdma_c
static void
isert_connect_error(struct rdma_cm_id *cma_id)
{
- struct isert_conn *isert_conn = (struct isert_conn *)cma_id->context;
+ struct isert_conn *isert_conn = cma_id->qp->qp_context;
isert_put_conn(isert_conn);
}
next prev parent reply other threads:[~2015-02-03 23:32 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-03 23:16 [PATCH 3.10 00/51] 3.10.68-stable review Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 01/51] spi: dw-mid: fix FIFO size Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 02/51] ASoC: wm8960: Fix capture sample rate from 11250 to 11025 Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 03/51] can: kvaser_usb: Do not sleep in atomic context Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 04/51] can: kvaser_usb: Send correct context to URB completion Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 05/51] can: kvaser_usb: Retry the first bulk transfer on -ETIMEDOUT Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 06/51] can: kvaser_usb: Fix state handling upon BUS_ERROR events Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 07/51] powerpc/xmon: Fix another endiannes issue in RTAS call from xmon Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 08/51] ALSA: seq-dummy: remove deadlock-causing events on close Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 09/51] Input: i8042 - add noloop quirk for Medion Akoya E7225 (MD98857) Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 10/51] nfs: fix dio deadlock when O_DIRECT flag is flipped Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 11/51] NFSv4.1: Fix an Oops in nfs41_walk_client_list Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 12/51] nl80211: fix per-station group key get/del and memory leak Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 13/51] dm thin: dont allow messages to be sent to a pool target in READ_ONLY or FAIL mode Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 14/51] dm cache: fix missing ERR_PTR returns and handling Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 15/51] spi/pxa2xx: Clear cur_chip pointer before starting next message Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 16/51] regulator: core: fix race condition in regulator_put() Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 17/51] drivers: net: cpsw: discard dual emac default vlan configuration Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 18/51] ARM: 7829/1: Add ".text.unlikely" and ".text.hot" to arm unwind tables Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 19/51] ARM: mm: correct pte_same behaviour for LPAE Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 20/51] ARM: LPAE: use signed arithmetic for mask definitions Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 21/51] ARM: LPAE: use phys_addr_t in alloc_init_pud() Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 22/51] ARM: fix type of PHYS_PFN_OFFSET to unsigned long Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 23/51] ARM: lpae: fix definition of PTE_HWTABLE_PTRS Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 24/51] ARM: 7866/1: include: asm: use long long instead of u64 within atomic.h Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 25/51] ARM: 7867/1: include: asm: use int instead of unsigned long for oldval in atomic_cmpxchg() Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 26/51] ARM: fix asm/memory.h build error Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 27/51] ARM: 7931/1: Correct virt_addr_valid Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 28/51] ARM: DMA: ensure that old section mappings are flushed from the TLB Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 29/51] ARM: 8108/1: mm: Introduce {pte,pmd}_isset and {pte,pmd}_isclear Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 30/51] ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 31/51] pstore: Fail to unlink if a driver has not defined pstore_erase Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 32/51] pstore: d_alloc_name() doesnt return an ERR_PTR Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 33/51] pstore: clarify clearing of _read_cnt in ramoops_context Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 34/51] pstore: skip zero size persistent ram buffer in traverse Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 35/51] pstore: Fix NULL pointer fault if get NULL prz in ramoops_get_next_prz Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 36/51] pstore/ram: avoid atomic accesses for ioremapped regions Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 37/51] efi-pstore: Make efi-pstore return a unique id Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 38/51] gpio: squelch a compiler warning Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 39/51] workqueue: fix subtle pool management issue which can stall whole worker_pool Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 40/51] IB/isert: Adjust CQ size to HW limits Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 41/51] ib_isert: Add max_send_sge=2 minimum for control PDU responses Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 42/51] vhost-scsi: Take configfs group dependency during VHOST_SCSI_SET_ENDPOINT Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 43/51] tcm_loop: Fix wrong I_T nexus association Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 44/51] vhost-scsi: Add missing virtio-scsi -> TCM attribute conversion Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 45/51] iscsi,iser-target: Initiate termination only once Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 46/51] iser-target: Fix flush + disconnect completion handling Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 47/51] iser-target: Parallelize CM connection establishment Greg Kroah-Hartman
2015-02-03 23:17 ` Greg Kroah-Hartman [this message]
2015-02-03 23:17 ` [PATCH 3.10 49/51] iser-target: Handle ADDR_CHANGE event for listener cm_id Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 50/51] iser-target: Fix implicit termination of connections Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 51/51] target: Drop arbitrary maximum I/O size limit Greg Kroah-Hartman
2015-02-04 14:01 ` [PATCH 3.10 00/51] 3.10.68-stable review Guenter Roeck
2015-02-04 17:30 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150203231726.056452378@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nab@linux-iscsi.org \
--cc=sagig@mellanox.com \
--cc=stable@vger.kernel.org \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.