Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-03 17:41:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
a3c278807a
linux/drivers/infiniband
History
Bernard Metzler a3c278807a RDMA/siw: Fix QP destroy to wait for all references dropped. 
Delay QP destroy completion until all siw references to QP are
dropped. The calling RDMA core will free QP structure after
successful return from siw_qp_destroy() call, so siw must not
hold any remaining reference to the QP upon return.
A use-after-free was encountered in xfstest generic/460, while
testing NFSoRDMA. Here, after a TCP connection drop by peer,
the triggered siw_cm_work_handler got delayed until after
QP destroy call, referencing a QP which has already freed.

Fixes: 303ae1cdfd ("rdma/siw: application interface")
Reported-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
Link: https://lore.kernel.org/r/20220920082503.224189-1-bmt@zurich.ibm.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2022-09-20 21:23:52 +03:00
..
core IB/cm: Refactor cm_insert_listen() and cm_find_listen() 2022-08-30 12:14:23 +03:00
hw IB/hfi1: remove rc_only_opcode and uc_only_opcode declarations 2022-09-20 20:13:10 +03:00
sw RDMA/siw: Fix QP destroy to wait for all references dropped. 2022-09-20 21:23:52 +03:00
ulp RDMA/srpt: Use flex array destination for memcpy() 2022-09-20 15:05:29 +03:00
Kconfig RDMA/erdma: Add driver to kernel build environment 2022-07-27 16:04:05 -03:00
Makefile