From: David S. Miller <davem@davemloft.net>
Date: Thu, 13 Jan 2022 12:55:40 +0000 (+0000)
Subject: Merge branch 'smc-race-fixes'
X-Git-Tag: v5.17-rc1~37^2~34
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=3ba8c6258eb19a6212b066a383788174dd9779ab;p=linux-block.git

Merge branch 'smc-race-fixes'

Wen Gu says:

====================
net/smc: Fixes for race in smc link group termination

We encountered some crashes recently and they are caused by the
race between the access and free of link/link group in abnormal
smc link group termination. The crashes can be reproduced in
frequent abnormal link group termination, like setting RNICs up/down.

This set of patches tries to fix this by extending the life cycle
of link/link group to ensure that they won't be referred to after
cleared or freed.

v1 -> v2:
- Improve some comments.

- Move codes of waking up lgrs_deleted wait queue from smc_lgr_free()
  to __smc_lgr_free().

- Move codes of waking up links_deleted wait queue from smcr_link_clear()
  to __smcr_link_clear().

- Move codes of smc_ibdev_cnt_dec() and put_device() from smcr_link_clear()
  to __smcr_link_clear()

- Move smc_lgr_put() to the end of __smcr_link_clear().

- Call smc_lgr_put() after 'out' tag in smcr_link_init() when link
  initialization fails.

- Modify the location where smc connection holds the lgr or link.

    before:
      * hold lgr in smc_lgr_register_conn().
      * hold link in smcr_lgr_conn_assign_link().
    after:
      * hold both lgr and link in smc_conn_create().

  Modify the location to symmetrical with the place where smc connections
  put the lgr or link, which is smc_conn_free().

- Initialize conn->freed as zero in smc_conn_create().
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

3ba8c6258eb19a6212b066a383788174dd9779ab