net/smc: hold conns_lock before calling smc_lgr_register_conn()

After smc_lgr_create(), the newly created link group is added
to smc_lgr_list, thus is accessible from other context.
Although link group creation is serialized by
smc_create_lgr_pending, the new link group may still be accessed
concurrently. For example, if ib_device is no longer active,
smc_ib_port_event_work() will call smc_port_terminate(), which
in turn will call __smc_lgr_terminate() on every link group of
this device. So conns_lock is required here.

Signed-off-by: Huaping Zhou <zhp@smail.nju.edu.cn>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c
index 2d2850adc2a3fa7a6a8667d79add5678beb130ca..4ca50ddf8d1619a78e8a119ef2701d69957a8cd9 100644 (file)
--- a/net/smc/smc_core.c
+++ b/net/smc/smc_core.c
@@ -652,7 +652,10 @@ create:
                rc = smc_lgr_create(smc, ini);
                if (rc)
                        goto out;
+               lgr = conn->lgr;
+               write_lock_bh(&lgr->conns_lock);
                smc_lgr_register_conn(conn); /* add smc conn to lgr */
+               write_unlock_bh(&lgr->conns_lock);
        }
        conn->local_tx_ctrl.common.type = SMC_CDC_MSG_TYPE;
        conn->local_tx_ctrl.len = SMC_WR_TX_SIZE;