android_kernel_xiaomi_sm8350/drivers
Krishna Kumar 6e35aabee1 RDMA/cma: Fix device removal race
The race is as follows:

A process : cma_process_remove() calls cma_remove_id_dev(),
	    which sets id state to CMA_DEVICE_REMOVAL and
	    calls wait_event(dev_remove).

B process : cma_req_handler() had incremented dev_remove,
	    and calls cma_acquire_ib_dev() and on failure
	    calls cma_release_remove(), which does a
	    wake_up of cma_process_remove(). Then
	    cma_req_handler() calls rdma_destroy_id();

A Process : cma_remove_id_dev() gets woken and checks the
	    state of id, and since it is still (wrongly)
	    CMA_DEVICE_REMOVAL, it calls notify_user(id)
	    and if that fails, the caller - cma_process_remove()
	    calls rdma_destroy_id(id). Two processes can
	    call rdma_destroy_id(), resulting in one
	    de-referencing kfreed id_priv.

Fix is for process B to set CMA_DESTROYING in cma_req_handler()
so that process A will return instead of doing a rdma_destroy_id().

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-10-02 14:52:15 -07:00
..
acorn
acpi [PATCH] maximum latency tracking infrastructure 2006-10-01 00:39:19 -07:00
amba
ata
atm
base [PATCH] hot-add-mem x86_64: use CONFIG_MEMORY_HOTPLUG_SPARSE 2006-10-01 00:39:18 -07:00
block [PATCH] completions: lockdep annotate on stack completions 2006-10-01 00:39:24 -07:00
bluetooth [Bluetooth] Code cleanup for the HCI UART driver 2006-09-28 18:01:30 -07:00
cdrom [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2006-10-02 08:20:33 -07:00
clocksource
connector
cpufreq
crypto
dio
dma
edac
eisa
fc4 [PATCH] Remove ->rq_status from struct request 2006-09-30 20:29:23 +02:00
firmware [PATCH] DMI: Decode and save OEM String information 2006-09-29 09:18:09 -07:00
hwmon [PATCH] hdaps: support Lenovo ThinkPad T60 2006-10-01 00:39:24 -07:00
i2c [PATCH] proper flags type of spin_lock_irqsave() 2006-10-01 00:39:21 -07:00
ide [PATCH] completions: lockdep annotate on stack completions 2006-10-01 00:39:24 -07:00
ieee1394 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2006-09-30 09:38:19 -07:00
infiniband RDMA/cma: Fix device removal race 2006-10-02 14:52:15 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2006-10-02 08:20:33 -07:00
isdn [PATCH] isdn: work around excessive udelay() 2006-10-02 07:57:16 -07:00
leds [PATCH] leds: turn LED off when changing triggers 2006-10-01 00:39:21 -07:00
macintosh [PATCH] completions: lockdep annotate on stack completions 2006-10-01 00:39:24 -07:00
mca
md [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
media [PATCH] remove remaining errno and __KERNEL_SYSCALLS__ references 2006-10-02 07:57:23 -07:00
message [PATCH] i2o: Switch to pci_get API 2006-10-01 00:39:23 -07:00
mfd [PATCH] ucb1x00-ts: handle errors from input_register_device() 2006-09-29 09:18:10 -07:00
misc [PATCH] Linux Kernel Dump Test Module 2006-10-02 07:57:16 -07:00
mmc [PATCH] mmc (mainly): add "or later" clause to licence statement. 2006-10-01 00:39:23 -07:00
mtd [MTD] Cleanup of 'ioremap balanced with iounmap for drivers/mtd subsystem' 2006-10-02 09:48:23 +01:00
net Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 2006-10-02 08:56:58 -07:00
nubus
oprofile
parisc [PATCH] replace cad_pid by a struct pid 2006-10-02 07:57:25 -07:00
parport [PATCH] update legacy io handling for pmac 2006-10-01 00:39:23 -07:00
pci [PATCH] PCI quirks update 2006-10-01 00:39:17 -07:00
pcmcia pccard_store_cis: fix wrong error handling 2006-10-01 13:17:44 -07:00
pnp [PATCH] update legacy io handling for pmac 2006-10-01 00:39:23 -07:00
rapidio
rtc [PATCH] rtc-sysfs fix 2006-10-01 10:39:01 -07:00
s390 [PATCH] replace cad_pid by a struct pid 2006-10-02 07:57:25 -07:00
sbus [PATCH] rename the provided execve functions to kernel_execve 2006-10-02 07:57:23 -07:00
scsi [PATCH] namespaces: utsname: use init_utsname when appropriate 2006-10-02 07:57:21 -07:00
serial [PATCH] const struct tty_operations 2006-10-02 07:57:14 -07:00
sh
sn
spi
tc [PATCH] const struct tty_operations 2006-10-02 07:57:14 -07:00
telephony
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2006-10-02 08:20:33 -07:00
video Merge branch 'intelfb-patches' of master.kernel.org:/pub/scm/linux/kernel/git/airlied/intelfb-2.6 2006-09-30 09:36:56 -07:00
w1
zorro
Kconfig
Makefile