Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2470563imm; Mon, 24 Sep 2018 05:04:28 -0700 (PDT) X-Google-Smtp-Source: ACcGV61rGBl83mm2c3OPt1IKDlyx0TMMiL9Ih6S3Wn5toZen8FhJJEqueGCp0bQO+7x3J6BgNx8+ X-Received: by 2002:a17:902:4d46:: with SMTP id o6-v6mr10327209plh.59.1537790668388; Mon, 24 Sep 2018 05:04:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537790668; cv=none; d=google.com; s=arc-20160816; b=s3e+nmx5wrG7p6S8G4IhDOT4vCHUFCQeEwkcyb6rq+PyYrRHb4lIgXBQuNXFVRJJET djuV0+yGFuIX2MuI4cED4UCNY/FKaYkwyB1u8RLD+JgpOOh4yjwtJ1M+EO8dPo4Y4l/0 yNDJvd+4Sh92Mf4C1XkdERmcejALkYBVdK2pPhW2fhbo3KxKMltrrWFvyZbmjxmCQHa3 aGQapDTkAC8mOwjX1IHyCyp4d2XwYL9/ySjKj1EmiNtDnzyMfGY5VLlpRFI4DqntM8E7 5nmbqsHuDXhdCKjXmtmh0h+RPC5Df3cwsPxn4BzEtt3T5ZpAEPxN8QHsNzltqWI8REKx +c9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=HX/tzVrW45OAkcTYt5azuScZlDJdwORXsTTQXvCrISU=; b=gX9vVZVFvmSyM1duQBNDiInKyyozplThlUQctmKWTEEFbD73R23iUU9ZyoUYnn8wsA i3sngVqGmJXuwz223UiR0N7sl4rw2QPQTYPd3nCFsVuUbzJumBl/TADoZ/Utxmui6dGR 4aXSwdWMbbaPWxf7sqJ/JeuuH8HyML7z5XISMIXpayjRKey0JGc/pIt3PxIBUo1hW3RP Xu8o0EAMVtV0d8LEP4mpkRruo+1RWxQdyrfEp0cm2iSk7d+a1ltiEH8oYKFWLnmHmq5d DHjw9FUiTbK4SNLVkb8CPUs388eNZFWJZBLqYSWO5x+bSJXMt85fj/ETTkt3yJeXx4ie nFcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x61-v6si36244513plb.216.2018.09.24.05.04.12; Mon, 24 Sep 2018 05:04:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730811AbeIXSDq (ORCPT + 99 others); Mon, 24 Sep 2018 14:03:46 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:53660 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729771AbeIXSDq (ORCPT ); Mon, 24 Sep 2018 14:03:46 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id F22FAD64; Mon, 24 Sep 2018 12:01:58 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Parav Pandit , Daniel Jurgens , Leon Romanovsky , Dennis Dalessandro , Jason Gunthorpe Subject: [PATCH 4.9 047/111] RDMA/cma: Protect cma dev list with lock Date: Mon, 24 Sep 2018 13:52:14 +0200 Message-Id: <20180924113109.746674313@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180924113103.337261320@linuxfoundation.org> References: <20180924113103.337261320@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Parav Pandit commit 954a8e3aea87e896e320cf648c1a5bbe47de443e upstream. When AF_IB addresses are used during rdma_resolve_addr() a lock is not held. A cma device can get removed while list traversal is in progress which may lead to crash. ie CPU0 CPU1 ==== ==== rdma_resolve_addr() cma_resolve_ib_dev() list_for_each() cma_remove_one() cur_dev->device mutex_lock(&lock) list_del(); mutex_unlock(&lock); cma_process_remove(); Therefore, hold a lock while traversing the list which avoids such situation. Cc: # 3.10 Fixes: f17df3b0dede ("RDMA/cma: Add support for AF_IB to rdma_resolve_addr()") Signed-off-by: Parav Pandit Reviewed-by: Daniel Jurgens Signed-off-by: Leon Romanovsky Reviewed-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe Signed-off-by: Greg Kroah-Hartman --- drivers/infiniband/core/cma.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -673,6 +673,7 @@ static int cma_resolve_ib_dev(struct rdm dgid = (union ib_gid *) &addr->sib_addr; pkey = ntohs(addr->sib_pkey); + mutex_lock(&lock); list_for_each_entry(cur_dev, &dev_list, list) { for (p = 1; p <= cur_dev->device->phys_port_cnt; ++p) { if (!rdma_cap_af_ib(cur_dev->device, p)) @@ -696,18 +697,19 @@ static int cma_resolve_ib_dev(struct rdm cma_dev = cur_dev; sgid = gid; id_priv->id.port_num = p; + goto found; } } } } - - if (!cma_dev) - return -ENODEV; + mutex_unlock(&lock); + return -ENODEV; found: cma_attach_to_dev(id_priv, cma_dev); - addr = (struct sockaddr_ib *) cma_src_addr(id_priv); - memcpy(&addr->sib_addr, &sgid, sizeof sgid); + mutex_unlock(&lock); + addr = (struct sockaddr_ib *)cma_src_addr(id_priv); + memcpy(&addr->sib_addr, &sgid, sizeof(sgid)); cma_translate_ib(addr, &id_priv->id.route.addr.dev_addr); return 0; }