RE: [PATCH] RDMA/ucma.c: Different fix for ucma context uid=0, causing iWarp RDMA applications to fail in connection establishment

Hefty, Sean Sat, 04 Aug 2012 23:49:16 -0700

> diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
> index 8002ae6..88c50d2 100644
> --- a/drivers/infiniband/core/ucma.c
> +++ b/drivers/infiniband/core/ucma.c
> @@ -267,6 +267,7 @@ static int ucma_event_handler(struct rdma_cm_id *cm_id,
>       if (!uevent)
>               return event->event == RDMA_CM_EVENT_CONNECT_REQUEST;
> 
> +     mutex_lock(&ctx->file->mut);
>       uevent->cm_id = cm_id;
>       ucma_set_event_context(ctx, event, uevent);


Roland, there's a race here where ucma_set_event_context() copies ctx->uid to 
the event structure outside of the mutex.  Once the mutex is acquired, ctx->uid 
is checked.  However, the uid could have changed between saving it off to the 
event and checking it.

>       uevent->resp.event = event->event;
> @@ -277,7 +278,6 @@ static int ucma_event_handler(struct rdma_cm_id *cm_id,
>               ucma_copy_conn_event(&uevent->resp.param.conn,
>                                    &event->param.conn);
> 
> -     mutex_lock(&ctx->file->mut);
>       if (event->event == RDMA_CM_EVENT_CONNECT_REQUEST) {
>               if (!ctx->backlog) {
>                       ret = -ENOMEM;
> --
> 1.7.4.2

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH] RDMA/ucma.c: Different fix for ucma context uid=0, causing iWarp RDMA applications to fail in connection establishment

Reply via email to