[PATCH v2] RDMA/cma: prevent rdma id destroy during cma_iw_handler
Leon Romanovsky
leon at kernel.org
Mon Jun 12 00:13:18 PDT 2023
On Mon, 12 Jun 2023 14:42:37 +0900, Shin'ichiro Kawasaki wrote:
> When rdma_destroy_id() and cma_iw_handler() race, struct rdma_id_private
> *id_priv can be destroyed during cma_iw_handler call. This causes "BUG:
> KASAN: slab-use-after-free" at mutex_lock() in cma_iw_handler() [1].
> To prevent the destroy of id_priv, keep its reference count by calling
> cma_id_get() and cma_id_put() at start and end of cma_iw_handler().
>
> [1]
>
> [...]
Applied, thanks!
[1/1] RDMA/cma: prevent rdma id destroy during cma_iw_handler
https://git.kernel.org/rdma/rdma/c/fd06a5925e4773
Best regards,
--
Leon Romanovsky <leon at kernel.org>
More information about the Linux-nvme
mailing list