> > When ib_isert module receives connection error event, it is releasing
> > the isert session and removes corresponding list node but it doesn't
> > take appropriate mutex lock to remove the list node. This can lead to
> > linked list corruption
> >
> > Signed-off-by: Saravanan Vajravel <saravanan.vajravel@xxxxxxxxxxxx>
> > Signed-off-by: Selvin Xavier <selvin.xavier@xxxxxxxxxxxx>
> > ---
> > drivers/infiniband/ulp/isert/ib_isert.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> diff --git a/drivers/infiniband/ulp/isert/ib_isert.c
> b/drivers/infiniband/ulp/isert/ib_isert.c
> index b3471ac82c1a..64af8d966adf 100644
> --- a/drivers/infiniband/ulp/isert/ib_isert.c
> +++ b/drivers/infiniband/ulp/isert/ib_isert.c
> @@ -657,11 +657,15 @@ static int
> isert_connect_error(struct rdma_cm_id *cma_id)
> {
> struct isert_conn *isert_conn = cma_id->qp->qp_context;
> + struct isert_np *isert_np = cma_id->context;
>
> ib_drain_qp(isert_conn->qp);
> +
> + mutex_lock(&isert_np->mutex);
> list_del_init(&isert_conn->node);
> isert_conn->cm_id = NULL;
> isert_put_conn(isert_conn);
> + mutex_unlock(&isert_np->mutex);
> I'd place the mutex on the list_del_init only, it does not protect the
> rest.
Addressed this comment and sent v3 patch
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
