diff options
| author |   Jason Gunthorpe <jgg@mellanox.com> | 2019-02-12 21:12:56 -0700 |
|---|---|---|
| committer | Jason Gunthorpe <jgg@mellanox.com> | 2019-02-19 20:52:18 -0700 |
| commit | ca22354b140853b8155692d5b2bc0110aa54e937 (patch) | |
| tree | 6265175dff59f674ecd82e69536f4e9a0b89f4a4 /drivers/infiniband/core/device.c | |
| parent | RDMA/rxe: Add ib_device_get_by_name() and use it in rxe (diff) | |
| download | linux-dev-ca22354b140853b8155692d5b2bc0110aa54e937.tar.xz linux-dev-ca22354b140853b8155692d5b2bc0110aa54e937.zip | |
RDMA/rxe: Close a race after ib_register_device
Since rxe allows unregistration from other threads the rxe pointer can
become invalid any moment after ib_register_driver returns. This could
cause a user triggered use after free.
Add another driver callback to be called right after the device becomes
registered to complete any device setup required post-registration. This
callback has enough core locking to prevent the device from becoming
unregistered.
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Diffstat (limited to 'drivers/infiniband/core/device.c')
| -rw-r--r-- | drivers/infiniband/core/device.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c index 2a7d54794ee3..bf2a215d94dd 100644 --- a/drivers/infiniband/core/device.c +++ b/drivers/infiniband/core/device.c @@ -803,6 +803,12 @@ static int enable_device_and_get(struct ib_device *device) */ downgrade_write(&devices_rwsem); + if (device->ops.enable_driver) { + ret = device->ops.enable_driver(device); + if (ret) + goto out; + } + down_read(&clients_rwsem); xa_for_each_marked (&clients, index, client, CLIENT_REGISTERED) { ret = add_client_context(device, client); @@ -810,6 +816,8 @@ static int enable_device_and_get(struct ib_device *device) break; } up_read(&clients_rwsem); + +out: up_read(&devices_rwsem); return ret; } @@ -1775,6 +1783,7 @@ void ib_set_device_ops(struct ib_device *dev, const struct ib_device_ops *ops) SET_DEVICE_OP(dev_ops, disassociate_ucontext); SET_DEVICE_OP(dev_ops, drain_rq); SET_DEVICE_OP(dev_ops, drain_sq); + SET_DEVICE_OP(dev_ops, enable_driver); SET_DEVICE_OP(dev_ops, fill_res_entry); SET_DEVICE_OP(dev_ops, get_dev_fw_str); SET_DEVICE_OP(dev_ops, get_dma_mr); |