5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guoqing Jiang <guoqing.jiang@xxxxxxxxx>
[ Upstream commit b056327bee09e6b86683d3f709a438ccd6031d72 ]
The siw_connect can go to err in below after cep is allocated successfully:
1. If siw_cm_alloc_work returns failure. In this case socket is not
assoicated with cep so siw_cep_put can't be called by siw_socket_disassoc.
We need to call siw_cep_put twice since cep->kref is increased once after
it was initialized.
2. If siw_cm_queue_work can't find a work, which means siw_cep_get is not
called in siw_cm_queue_work, so cep->kref is increased twice by siw_cep_get
and when associate socket with cep after it was initialized. So we need to
call siw_cep_put three times (one in siw_socket_disassoc).
3. siw_send_mpareqrep returns error, this scenario is similar as 2.
So we need to remove one siw_cep_put in the error path.
Fixes: 6c52fdc244b5 ("rdma/siw: connection management")
Signed-off-by: Guoqing Jiang <guoqing.jiang@xxxxxxxxx>
Link: https://lore.kernel.org/r/20230821133255.31111-2-guoqing.jiang@xxxxxxxxx
Acked-by: Bernard Metzler <bmt@xxxxxxxxxxxxxx>
Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/infiniband/sw/siw/siw_cm.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c
index 69fcf21eaf528..3d96b649889ca 100644
--- a/drivers/infiniband/sw/siw/siw_cm.c
+++ b/drivers/infiniband/sw/siw/siw_cm.c
@@ -1525,7 +1525,6 @@ int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
cep->cm_id = NULL;
id->rem_ref(id);
- siw_cep_put(cep);
qp->cep = NULL;
siw_cep_put(cep);
--
2.40.1
