Patch "net/smc: Stop the CLC flow if no link to map buffers on" has been added to the 5.10-stable tree

[Sasha Levin <sashal@xxxxxxxxxx>]

This is a note to let you know that I've just added the patch titled

    net/smc: Stop the CLC flow if no link to map buffers on

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-smc-stop-the-clc-flow-if-no-link-to-map-buffers-.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit fa34c40dc1fd0aefe9e9715f035ecd8e3b252348
Author: Wen Gu <guwen@xxxxxxxxxxxxxxxxx>
Date:   Tue Sep 20 14:43:09 2022 +0800

    net/smc: Stop the CLC flow if no link to map buffers on
    
    [ Upstream commit e738455b2c6dcdab03e45d97de36476f93f557d2 ]
    
    There might be a potential race between SMC-R buffer map and
    link group termination.
    
    smc_smcr_terminate_all()     | smc_connect_rdma()
    --------------------------------------------------------------
                                 | smc_conn_create()
    for links in smcibdev        |
            schedule links down  |
                                 | smc_buf_create()
                                 |  \- smcr_buf_map_usable_links()
                                 |      \- no usable links found,
                                 |         (rmb->mr = NULL)
                                 |
                                 | smc_clc_send_confirm()
                                 |  \- access conn->rmb_desc->mr[]->rkey
                                 |     (panic)
    
    During reboot and IB device module remove, all links will be set
    down and no usable links remain in link groups. In such situation
    smcr_buf_map_usable_links() should return an error and stop the
    CLC flow accessing to uninitialized mr.
    
    Fixes: b9247544c1bc ("net/smc: convert static link ID instances to support multiple links")
    Signed-off-by: Wen Gu <guwen@xxxxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/1663656189-32090-1-git-send-email-guwen@xxxxxxxxxxxxxxxxx
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c
index ef2fd28999ba..bf485a2017a4 100644
--- a/net/smc/smc_core.c
+++ b/net/smc/smc_core.c
@@ -1584,7 +1584,7 @@ static struct smc_buf_desc *smcr_new_buf_create(struct smc_link_group *lgr,
 static int smcr_buf_map_usable_links(struct smc_link_group *lgr,
 				     struct smc_buf_desc *buf_desc, bool is_rmb)
 {
-	int i, rc = 0;
+	int i, rc = 0, cnt = 0;
 
 	/* protect against parallel link reconfiguration */
 	mutex_lock(&lgr->llc_conf_mutex);
@@ -1597,9 +1597,12 @@ static int smcr_buf_map_usable_links(struct smc_link_group *lgr,
 			rc = -ENOMEM;
 			goto out;
 		}
+		cnt++;
 	}
 out:
 	mutex_unlock(&lgr->llc_conf_mutex);
+	if (!rc && !cnt)
+		rc = -EINVAL;
 	return rc;
 }