diff options
| author | Ariel Nahum <arieln@mellanox.com> | 2014-12-07 09:09:58 -0500 |
|---|---|---|
| committer | Roland Dreier <roland@purestorage.com> | 2014-12-15 21:11:44 -0500 |
| commit | 3f562a0b8f0b47c4315e08bccd6a0b2d7f5aae1b (patch) | |
| tree | 195d4267872b603045b31bd6b2a71496fcc44b53 /drivers/infiniband/ulp | |
| parent | 49df2781b101a729e9f46eddc845a587fc5665a8 (diff) | |
IB/iser: Fix possible NULL derefernce ib_conn->device in session_create
If rdma_cm error event comes after ep_poll but before conn_bind, we
should protect against dereferncing the device (which may have been
terminated) in session_create and conn_create (already protected)
callbacks.
Signed-off-by: Ariel Nahum <arieln@mellanox.com>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Diffstat (limited to 'drivers/infiniband/ulp')
| -rw-r--r-- | drivers/infiniband/ulp/iser/iscsi_iser.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/drivers/infiniband/ulp/iser/iscsi_iser.c b/drivers/infiniband/ulp/iser/iscsi_iser.c index 46028151a904..cc7b84a235c8 100644 --- a/drivers/infiniband/ulp/iser/iscsi_iser.c +++ b/drivers/infiniband/ulp/iser/iscsi_iser.c | |||
| @@ -588,6 +588,15 @@ iscsi_iser_session_create(struct iscsi_endpoint *ep, | |||
| 588 | if (ep) { | 588 | if (ep) { |
| 589 | iser_conn = ep->dd_data; | 589 | iser_conn = ep->dd_data; |
| 590 | max_cmds = iser_conn->max_cmds; | 590 | max_cmds = iser_conn->max_cmds; |
| 591 | |||
| 592 | mutex_lock(&iser_conn->state_mutex); | ||
| 593 | if (iser_conn->state != ISER_CONN_UP) { | ||
| 594 | iser_err("iser conn %p already started teardown\n", | ||
| 595 | iser_conn); | ||
| 596 | mutex_unlock(&iser_conn->state_mutex); | ||
| 597 | goto free_host; | ||
| 598 | } | ||
| 599 | |||
| 591 | ib_conn = &iser_conn->ib_conn; | 600 | ib_conn = &iser_conn->ib_conn; |
| 592 | if (ib_conn->pi_support) { | 601 | if (ib_conn->pi_support) { |
| 593 | u32 sig_caps = ib_conn->device->dev_attr.sig_prot_cap; | 602 | u32 sig_caps = ib_conn->device->dev_attr.sig_prot_cap; |
| @@ -598,14 +607,19 @@ iscsi_iser_session_create(struct iscsi_endpoint *ep, | |||
| 598 | else | 607 | else |
| 599 | scsi_host_set_guard(shost, SHOST_DIX_GUARD_CRC); | 608 | scsi_host_set_guard(shost, SHOST_DIX_GUARD_CRC); |
| 600 | } | 609 | } |
| 610 | |||
| 611 | if (iscsi_host_add(shost, | ||
| 612 | ib_conn->device->ib_device->dma_device)) { | ||
| 613 | mutex_unlock(&iser_conn->state_mutex); | ||
| 614 | goto free_host; | ||
| 615 | } | ||
| 616 | mutex_unlock(&iser_conn->state_mutex); | ||
| 601 | } else { | 617 | } else { |
| 602 | max_cmds = ISER_DEF_XMIT_CMDS_MAX; | 618 | max_cmds = ISER_DEF_XMIT_CMDS_MAX; |
| 619 | if (iscsi_host_add(shost, NULL)) | ||
| 620 | goto free_host; | ||
| 603 | } | 621 | } |
| 604 | 622 | ||
| 605 | if (iscsi_host_add(shost, ep ? | ||
| 606 | ib_conn->device->ib_device->dma_device : NULL)) | ||
| 607 | goto free_host; | ||
| 608 | |||
| 609 | if (cmds_max > max_cmds) { | 623 | if (cmds_max > max_cmds) { |
| 610 | iser_info("cmds_max changed from %u to %u\n", | 624 | iser_info("cmds_max changed from %u to %u\n", |
| 611 | cmds_max, max_cmds); | 625 | cmds_max, max_cmds); |