aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorSean Hefty <sean.hefty@intel.com>2007-01-05 15:35:15 -0500
committerRoland Dreier <rolandd@cisco.com>2007-01-07 23:20:08 -0500
commit0cefcf0bbc2d252eb48bff3289fb59c3817dd405 (patch)
tree26e7a0e770ef20a6200d129cafe6669573f5a04b /drivers
parent30a5ec982e4cfa955f93c454debaefc4d61d2da6 (diff)
RDMA/ucma: Don't report events with invalid user context
There's a problem with how rdma cm events are reported to userspace that can lead to application crashes. When a new connection request arrives, a context for the connection is allocated in the kernel. The connection event is then reported to userspace. The userspace library retrieves the event and allocates its own context for the connection. The userspace context is associated with the kernel's context when accepting. This allows the kernel to give userspace context with other events. A problem occurs if a second event for the same connection occurs before the user has had a chance to call accept. The userspace context has not yet been set, which causes the librdmacm to crash. (This has been seen when the app takes too long to call accept, resulting in the remote side timing out and rejecting the connection) Fix this by ignoring events for new connections until userspace has set their context. This can only happen if an error occurs on a new connection before the user accepts it. This is okay, since the accept will just fail later. Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/infiniband/core/ucma.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index 9f30f9bffc61..e2e8d329b443 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -213,7 +213,17 @@ static int ucma_event_handler(struct rdma_cm_id *cm_id,
213 goto out; 213 goto out;
214 } 214 }
215 ctx->backlog--; 215 ctx->backlog--;
216 } else if (!ctx->uid) {
217 /*
218 * We ignore events for new connections until userspace has set
219 * their context. This can only happen if an error occurs on a
220 * new connection before the user accepts it. This is okay,
221 * since the accept will just fail later.
222 */
223 kfree(uevent);
224 goto out;
216 } 225 }
226
217 list_add_tail(&uevent->list, &ctx->file->event_list); 227 list_add_tail(&uevent->list, &ctx->file->event_list);
218 wake_up_interruptible(&ctx->file->poll_wait); 228 wake_up_interruptible(&ctx->file->poll_wait);
219out: 229out: