[PATCH v2] RDMA/cma: prevent rdma id destroy during cma_iw_handler

Mon Jun 12 00:13:18 PDT 2023

On Mon, 12 Jun 2023 14:42:37 +0900, Shin'ichiro Kawasaki wrote:
> When rdma_destroy_id() and cma_iw_handler() race, struct rdma_id_private
> *id_priv can be destroyed during cma_iw_handler call. This causes "BUG:
> KASAN: slab-use-after-free" at mutex_lock() in cma_iw_handler() [1].
> To prevent the destroy of id_priv, keep its reference count by calling
> cma_id_get() and cma_id_put() at start and end of cma_iw_handler().
> 
> [1]
> 
> [...]

Applied, thanks!

[1/1] RDMA/cma: prevent rdma id destroy during cma_iw_handler
      https://git.kernel.org/rdma/rdma/c/fd06a5925e4773

Best regards,
-- 
Leon Romanovsky <leon at kernel.org>