Commit 0cefcf0b authored by Sean Hefty's avatar Sean Hefty Committed by Roland Dreier

RDMA/ucma: Don't report events with invalid user context

There's a problem with how rdma cm events are reported to userspace
that can lead to application crashes.

When a new connection request arrives, a context for the connection is
allocated in the kernel.  The connection event is then reported to
userspace.  The userspace library retrieves the event and allocates
its own context for the connection.  The userspace context is
associated with the kernel's context when accepting.  This allows the
kernel to give userspace context with other events.

A problem occurs if a second event for the same connection occurs
before the user has had a chance to call accept.  The userspace
context has not yet been set, which causes the librdmacm to crash.
(This has been seen when the app takes too long to call accept,
resulting in the remote side timing out and rejecting the connection)

Fix this by ignoring events for new connections until userspace has
set their context.  This can only happen if an error occurs on a new
connection before the user accepts it.  This is okay, since the accept
will just fail later.
Signed-off-by: default avatarSean Hefty <sean.hefty@intel.com>
Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
parent 30a5ec98
...@@ -213,7 +213,17 @@ static int ucma_event_handler(struct rdma_cm_id *cm_id, ...@@ -213,7 +213,17 @@ static int ucma_event_handler(struct rdma_cm_id *cm_id,
goto out; goto out;
} }
ctx->backlog--; ctx->backlog--;
} else if (!ctx->uid) {
/*
* We ignore events for new connections until userspace has set
* their context. This can only happen if an error occurs on a
* new connection before the user accepts it. This is okay,
* since the accept will just fail later.
*/
kfree(uevent);
goto out;
} }
list_add_tail(&uevent->list, &ctx->file->event_list); list_add_tail(&uevent->list, &ctx->file->event_list);
wake_up_interruptible(&ctx->file->poll_wait); wake_up_interruptible(&ctx->file->poll_wait);
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment