Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3602568pxb; Mon, 24 Jan 2022 13:16:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJxz09LMv6n5zAOP5HFVC+Va/E4K4OjtZJxNcw5hxVZ6M23BlhYG3leA1Dg/WDl0P8vk7D8T X-Received: by 2002:a17:902:c215:b0:14b:508e:a024 with SMTP id 21-20020a170902c21500b0014b508ea024mr5954427pll.143.1643058987551; Mon, 24 Jan 2022 13:16:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643058987; cv=none; d=google.com; s=arc-20160816; b=bH2Ga+8pn6meLsH86hde+gW9mHyWXE5FbplJ+DgUM0leX44gQkX3u2+QHGNg4wMziI sV4AMY/2m2Ch/T4p4aeV80+0hpJlNvx5ytWPPlE/gebG434vuZfY44lbcHWa7AXpJQ+m YSfow6JVcV0+YGSNGwQJqygImPOFX3bfV5ozJyze6mJJ8+Pp7+ChBa2lTnAmtwLhti2M eKkgYM+BiMutUxRk4xFOC4UsSFQimz03A34ftwRQ0JnjFVD4TpEpvem5bfSSCSF4+Ph7 wGeKCnmFS4mIbT4aq+3PLKjdlexBDVbRI9NayCUkrv5R4D0tEVlfZki8j3zThkffwxMA NLbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=I0pKegRMrwsIkOF6/vl2TNDogt5WESOoCfWJwme4Zx8=; b=AJaCD2foiE3zalc1+7RZV8Q276a0EitDOExeWUaA0aT7ZJeICJIEXBSZHEXsiyzexf OB+ReLKaw5WoXoCRbCIasdW/CHeaRayQ6kI/c4MnUPxTmk2/94iOEgTSNtumTp5/enJn Ce8gbl5baKRU3T27g+zpVANiW0RktYaOTlQ2U0AGKpJI4yXR8nYAHEsPTSZh+kvnoHBh eL23omjUAeZ1N37hbOTgmqCJgOt5rf9IzMcUbP4HFXlQFabWKV0hTUyFXfI0n/zLatwZ 6iUd7FRms9qmN4/4U1uuaLN95hwEvq9z1pfrHadrf9hEfl7a7Dkab4J5QatRg8jmcmfl iiqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=g1xapJ0j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q70si3147689pgq.226.2022.01.24.13.16.14; Mon, 24 Jan 2022 13:16:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=g1xapJ0j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1391894AbiAXUt6 (ORCPT + 99 others); Mon, 24 Jan 2022 15:49:58 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:51730 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1382654AbiAXU0E (ORCPT ); Mon, 24 Jan 2022 15:26:04 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E410961507; Mon, 24 Jan 2022 20:26:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C793AC340E5; Mon, 24 Jan 2022 20:26:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643055963; bh=zmPrmCci9ND2nKShJYq9Ar62zaJchuZq8Y2H9EE5zlc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g1xapJ0jCN8lRZL4GYFTs9g1dwUFruQiihGckOX2USTZieN1BGnF0Ry6mmsRdvC+j h6ivslBE6S/z+MO5MyUbBwnUJF8ED2p1Zekupd4TUaHGmFHQOKJQRmjKg4Vo2hfiOq iKANgb+mRDeCNRbmqGMJ0IXJDZF6PpmEID0kEw8I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Karsten Graul , Wen Gu , "David S. Miller" , Sasha Levin Subject: [PATCH 5.15 323/846] net/smc: Reset conn->lgr when link group registration fails Date: Mon, 24 Jan 2022 19:37:20 +0100 Message-Id: <20220124184112.044939407@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124184100.867127425@linuxfoundation.org> References: <20220124184100.867127425@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wen Gu [ Upstream commit 36595d8ad46d9e4c41cc7c48c4405b7c3322deac ] SMC connections might fail to be registered in a link group due to unable to find a usable link during its creation. As a result, smc_conn_create() will return a failure and most resources related to the connection won't be applied or initialized, such as conn->abort_work or conn->lnk. If smc_conn_free() is invoked later, it will try to access the uninitialized resources related to the connection, thus causing a warning or crash. This patch tries to fix this by resetting conn->lgr to NULL if an abnormal exit occurs in smc_lgr_register_conn(), thus avoiding the access to uninitialized resources in smc_conn_free(). Meanwhile, the new created link group should be terminated if smc connections can't be registered in it. So smc_lgr_cleanup_early() is modified to take care of link group only and invoked to terminate unusable link group by smc_conn_create(). The call to smc_conn_free() is moved out from smc_lgr_cleanup_early() to smc_conn_abort(). Fixes: 56bc3b2094b4 ("net/smc: assign link to a new connection") Suggested-by: Karsten Graul Signed-off-by: Wen Gu Acked-by: Karsten Graul Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/smc/af_smc.c | 8 +++++--- net/smc/smc_core.c | 12 +++++++----- net/smc/smc_core.h | 2 +- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c index eea6d4a854e90..07ff719f39077 100644 --- a/net/smc/af_smc.c +++ b/net/smc/af_smc.c @@ -613,10 +613,12 @@ static int smc_connect_decline_fallback(struct smc_sock *smc, int reason_code, static void smc_conn_abort(struct smc_sock *smc, int local_first) { + struct smc_connection *conn = &smc->conn; + struct smc_link_group *lgr = conn->lgr; + + smc_conn_free(conn); if (local_first) - smc_lgr_cleanup_early(&smc->conn); - else - smc_conn_free(&smc->conn); + smc_lgr_cleanup_early(lgr); } /* check if there is a rdma device available for this connection. */ diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c index 506b8498623b0..79d5e6a90845d 100644 --- a/net/smc/smc_core.c +++ b/net/smc/smc_core.c @@ -170,8 +170,10 @@ static int smc_lgr_register_conn(struct smc_connection *conn, bool first) if (!conn->lgr->is_smcd) { rc = smcr_lgr_conn_assign_link(conn, first); - if (rc) + if (rc) { + conn->lgr = NULL; return rc; + } } /* find a new alert_token_local value not yet used by some connection * in this link group @@ -579,15 +581,13 @@ int smcd_nl_get_lgr(struct sk_buff *skb, struct netlink_callback *cb) return skb->len; } -void smc_lgr_cleanup_early(struct smc_connection *conn) +void smc_lgr_cleanup_early(struct smc_link_group *lgr) { - struct smc_link_group *lgr = conn->lgr; spinlock_t *lgr_lock; if (!lgr) return; - smc_conn_free(conn); smc_lgr_list_head(lgr, &lgr_lock); spin_lock_bh(lgr_lock); /* do not use this link group for new connections */ @@ -1750,8 +1750,10 @@ create: write_lock_bh(&lgr->conns_lock); rc = smc_lgr_register_conn(conn, true); write_unlock_bh(&lgr->conns_lock); - if (rc) + if (rc) { + smc_lgr_cleanup_early(lgr); goto out; + } } conn->local_tx_ctrl.common.type = SMC_CDC_MSG_TYPE; conn->local_tx_ctrl.len = SMC_WR_TX_SIZE; diff --git a/net/smc/smc_core.h b/net/smc/smc_core.h index 51a3e8248ade2..9a0523f4c7ba6 100644 --- a/net/smc/smc_core.h +++ b/net/smc/smc_core.h @@ -419,7 +419,7 @@ static inline void smc_set_pci_values(struct pci_dev *pci_dev, struct smc_sock; struct smc_clc_msg_accept_confirm; -void smc_lgr_cleanup_early(struct smc_connection *conn); +void smc_lgr_cleanup_early(struct smc_link_group *lgr); void smc_lgr_terminate_sched(struct smc_link_group *lgr); void smcr_port_add(struct smc_ib_device *smcibdev, u8 ibport); void smcr_port_err(struct smc_ib_device *smcibdev, u8 ibport); -- 2.34.1