From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org,
target-devel <target-devel@vger.kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Sagi Grimberg <sagig@mellanox.com>,
Nicholas Bellinger <nab@linux-iscsi.org>
Subject: [PATCH 3.10 48/51] iser-target: Fix connected_handler + teardown flow race
Date: Tue, 3 Feb 2015 15:17:30 -0800 [thread overview]
Message-ID: <20150203231726.056452378@linuxfoundation.org> (raw)
In-Reply-To: <20150203231724.582537862@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sagi Grimberg <sagig@mellanox.com>
commit 19e2090fb246ca21b3e569ead51a6a7a1748eadd upstream.
Take isert_conn pointer from cm_id->qp->qp_context. This
will allow us to know that the cm_id context is always
the network portal. This will make the cm_id event check
(connection or network portal) more reliable.
In order to avoid a NULL dereference in cma_id->qp->qp_context
we destroy the qp after we destroy the cm_id (and make the
dereference safe). session stablishment/teardown sequences
can happen in parallel, we should take into account that
connected_handler might race with connection teardown flow.
Also, protect isert_conn->conn_device->active_qps decrement
within the error patch during QP creation failure and the
normal teardown path in isert_connect_release().
Squashed:
iser-target: Decrement completion context active_qps in error flow
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -132,12 +132,18 @@ isert_conn_setup_qp(struct isert_conn *i
ret = rdma_create_qp(cma_id, isert_conn->conn_pd, &attr);
if (ret) {
pr_err("rdma_create_qp failed for cma_id %d\n", ret);
- return ret;
+ goto err;
}
isert_conn->conn_qp = cma_id->qp;
pr_debug("rdma_create_qp() returned success >>>>>>>>>>>>>>>>>>>>>>>>>.\n");
return 0;
+err:
+ mutex_lock(&device_list_mutex);
+ device->cq_active_qps[min_index]--;
+ mutex_unlock(&device_list_mutex);
+
+ return ret;
}
static void
@@ -425,7 +431,6 @@ isert_connect_request(struct rdma_cm_id
kref_init(&isert_conn->conn_kref);
mutex_init(&isert_conn->conn_mutex);
- cma_id->context = isert_conn;
isert_conn->conn_cm_id = cma_id;
isert_conn->responder_resources = event->param.conn.responder_resources;
isert_conn->initiator_depth = event->param.conn.initiator_depth;
@@ -526,18 +531,20 @@ isert_connect_release(struct isert_conn
pr_debug("Entering isert_connect_release(): >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+ isert_free_rx_descriptors(isert_conn);
+ rdma_destroy_id(isert_conn->conn_cm_id);
+
if (isert_conn->conn_qp) {
cq_index = ((struct isert_cq_desc *)
isert_conn->conn_qp->recv_cq->cq_context)->cq_index;
pr_debug("isert_connect_release: cq_index: %d\n", cq_index);
+ mutex_lock(&device_list_mutex);
isert_conn->conn_device->cq_active_qps[cq_index]--;
+ mutex_unlock(&device_list_mutex);
- rdma_destroy_qp(isert_conn->conn_cm_id);
+ ib_destroy_qp(isert_conn->conn_qp);
}
- isert_free_rx_descriptors(isert_conn);
- rdma_destroy_id(isert_conn->conn_cm_id);
-
if (isert_conn->login_buf) {
ib_dma_unmap_single(ib_dev, isert_conn->login_rsp_dma,
ISER_RX_LOGIN_SIZE, DMA_TO_DEVICE);
@@ -557,7 +564,7 @@ isert_connect_release(struct isert_conn
static void
isert_connected_handler(struct rdma_cm_id *cma_id)
{
- struct isert_conn *isert_conn = cma_id->context;
+ struct isert_conn *isert_conn = cma_id->qp->qp_context;
pr_info("conn %p\n", isert_conn);
@@ -635,16 +642,16 @@ isert_conn_terminate(struct isert_conn *
static int
isert_disconnected_handler(struct rdma_cm_id *cma_id)
{
+ struct iscsi_np *np = cma_id->context;
+ struct isert_np *isert_np = np->np_context;
struct isert_conn *isert_conn;
- if (!cma_id->qp) {
- struct isert_np *isert_np = cma_id->context;
-
+ if (isert_np->np_cm_id == cma_id) {
isert_np->np_cm_id = NULL;
return -1;
}
- isert_conn = (struct isert_conn *)cma_id->context;
+ isert_conn = cma_id->qp->qp_context;
mutex_lock(&isert_conn->conn_mutex);
isert_conn_terminate(isert_conn);
@@ -659,7 +666,7 @@ isert_disconnected_handler(struct rdma_c
static void
isert_connect_error(struct rdma_cm_id *cma_id)
{
- struct isert_conn *isert_conn = (struct isert_conn *)cma_id->context;
+ struct isert_conn *isert_conn = cma_id->qp->qp_context;
isert_put_conn(isert_conn);
}
next prev parent reply other threads:[~2015-02-03 23:32 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-03 23:16 [PATCH 3.10 00/51] 3.10.68-stable review Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 01/51] spi: dw-mid: fix FIFO size Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 02/51] ASoC: wm8960: Fix capture sample rate from 11250 to 11025 Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 03/51] can: kvaser_usb: Do not sleep in atomic context Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 04/51] can: kvaser_usb: Send correct context to URB completion Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 05/51] can: kvaser_usb: Retry the first bulk transfer on -ETIMEDOUT Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 06/51] can: kvaser_usb: Fix state handling upon BUS_ERROR events Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 07/51] powerpc/xmon: Fix another endiannes issue in RTAS call from xmon Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 08/51] ALSA: seq-dummy: remove deadlock-causing events on close Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 09/51] Input: i8042 - add noloop quirk for Medion Akoya E7225 (MD98857) Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 10/51] nfs: fix dio deadlock when O_DIRECT flag is flipped Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 11/51] NFSv4.1: Fix an Oops in nfs41_walk_client_list Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 12/51] nl80211: fix per-station group key get/del and memory leak Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 13/51] dm thin: dont allow messages to be sent to a pool target in READ_ONLY or FAIL mode Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 14/51] dm cache: fix missing ERR_PTR returns and handling Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 15/51] spi/pxa2xx: Clear cur_chip pointer before starting next message Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 16/51] regulator: core: fix race condition in regulator_put() Greg Kroah-Hartman
2015-02-03 23:16 ` [PATCH 3.10 17/51] drivers: net: cpsw: discard dual emac default vlan configuration Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 18/51] ARM: 7829/1: Add ".text.unlikely" and ".text.hot" to arm unwind tables Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 19/51] ARM: mm: correct pte_same behaviour for LPAE Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 20/51] ARM: LPAE: use signed arithmetic for mask definitions Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 21/51] ARM: LPAE: use phys_addr_t in alloc_init_pud() Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 22/51] ARM: fix type of PHYS_PFN_OFFSET to unsigned long Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 23/51] ARM: lpae: fix definition of PTE_HWTABLE_PTRS Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 24/51] ARM: 7866/1: include: asm: use long long instead of u64 within atomic.h Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 25/51] ARM: 7867/1: include: asm: use int instead of unsigned long for oldval in atomic_cmpxchg() Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 26/51] ARM: fix asm/memory.h build error Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 27/51] ARM: 7931/1: Correct virt_addr_valid Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 28/51] ARM: DMA: ensure that old section mappings are flushed from the TLB Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 29/51] ARM: 8108/1: mm: Introduce {pte,pmd}_isset and {pte,pmd}_isclear Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 30/51] ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 31/51] pstore: Fail to unlink if a driver has not defined pstore_erase Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 32/51] pstore: d_alloc_name() doesnt return an ERR_PTR Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 33/51] pstore: clarify clearing of _read_cnt in ramoops_context Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 34/51] pstore: skip zero size persistent ram buffer in traverse Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 35/51] pstore: Fix NULL pointer fault if get NULL prz in ramoops_get_next_prz Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 36/51] pstore/ram: avoid atomic accesses for ioremapped regions Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 37/51] efi-pstore: Make efi-pstore return a unique id Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 38/51] gpio: squelch a compiler warning Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 39/51] workqueue: fix subtle pool management issue which can stall whole worker_pool Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 40/51] IB/isert: Adjust CQ size to HW limits Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 41/51] ib_isert: Add max_send_sge=2 minimum for control PDU responses Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 42/51] vhost-scsi: Take configfs group dependency during VHOST_SCSI_SET_ENDPOINT Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 43/51] tcm_loop: Fix wrong I_T nexus association Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 44/51] vhost-scsi: Add missing virtio-scsi -> TCM attribute conversion Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 45/51] iscsi,iser-target: Initiate termination only once Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 46/51] iser-target: Fix flush + disconnect completion handling Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 47/51] iser-target: Parallelize CM connection establishment Greg Kroah-Hartman
2015-02-03 23:17 ` Greg Kroah-Hartman [this message]
2015-02-03 23:17 ` [PATCH 3.10 49/51] iser-target: Handle ADDR_CHANGE event for listener cm_id Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 50/51] iser-target: Fix implicit termination of connections Greg Kroah-Hartman
2015-02-03 23:17 ` [PATCH 3.10 51/51] target: Drop arbitrary maximum I/O size limit Greg Kroah-Hartman
2015-02-04 14:01 ` [PATCH 3.10 00/51] 3.10.68-stable review Guenter Roeck
2015-02-04 17:30 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150203231726.056452378@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nab@linux-iscsi.org \
--cc=sagig@mellanox.com \
--cc=stable@vger.kernel.org \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox