RDMA/rtrs: Only allow addition of path to an already established session

While adding a path from the client side to an already established
session, it was possible to provide the destination IP to a different
server. This is dangerous.

This commit adds an extra member to the rtrs_msg_conn_req structure, named
first_conn; which is supposed to notify if the connection request is the
first for that session or not.

On the server side, if a session does not exist but the first_conn
received inside the rtrs_msg_conn_req structure is 1, the connection
request is failed. This signifies that the connection request is for an
already existing session, and since the server did not find one, it is an
wrong connection request.

Fixes: 6a98d71daea1 ("RDMA/rtrs: client: main functionality")
Fixes: 9cb837480424 ("RDMA/rtrs: server: main functionality")
Link: https://lore.kernel.org/r/20210212134525.103456-3-jinpu.wang@cloud.ionos.com
Signed-off-by: Md Haris Iqbal <haris.iqbal@cloud.ionos.com>
Reviewed-by: Lutz Pogrell <lutz.pogrell@cloud.ionos.com>
Signed-off-by: Jack Wang <jinpu.wang@cloud.ionos.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

diff --git a/drivers/infiniband/ulp/rtrs/rtrs-clt.c b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
index 7644c3f627ca8dc2043162180c73b19fcfafa282..0a08b4b742a3d080ddf363f2b85ed486824026b1 100644 (file)
--- a/drivers/infiniband/ulp/rtrs/rtrs-clt.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
@@ -31,6 +31,8 @@
  */
 #define RTRS_RECONNECT_SEED 8
 
+#define FIRST_CONN 0x01
+
 MODULE_DESCRIPTION("RDMA Transport Client");
 MODULE_LICENSE("GPL");
 
@@ -1660,6 +1662,7 @@ static int rtrs_rdma_route_resolved(struct rtrs_clt_con *con)
                .cid_num = cpu_to_le16(sess->s.con_num),
                .recon_cnt = cpu_to_le16(sess->s.recon_cnt),
        };
+       msg.first_conn = sess->for_new_clt ? FIRST_CONN : 0;
        uuid_copy(&msg.sess_uuid, &sess->s.uuid);
        uuid_copy(&msg.paths_uuid, &clt->paths_uuid);
 
@@ -1745,6 +1748,8 @@ static int rtrs_rdma_conn_established(struct rtrs_clt_con *con,
                scnprintf(sess->hca_name, sizeof(sess->hca_name),
                          sess->s.dev->ib_dev->name);
                sess->s.src_addr = con->c.cm_id->route.addr.src_addr;
+               /* set for_new_clt, to allow future reconnect on any path */
+               sess->for_new_clt = 1;
        }
 
        return 0;
@@ -2662,6 +2667,8 @@ struct rtrs_clt *rtrs_clt_open(struct rtrs_clt_ops *ops,
                        err = PTR_ERR(sess);
                        goto close_all_sess;
                }
+               if (!i)
+                       sess->for_new_clt = 1;
                list_add_tail_rcu(&sess->s.entry, &clt->paths_list);
 
                err = init_sess(sess);

diff --git a/drivers/infiniband/ulp/rtrs/rtrs-clt.h b/drivers/infiniband/ulp/rtrs/rtrs-clt.h
index a97a068c4c283bb461cff8b8f1799a760dc2ec8f..692bc83e1f0969a71b0f4dab2bb34fe8e8033d99 100644 (file)
--- a/drivers/infiniband/ulp/rtrs/rtrs-clt.h
+++ b/drivers/infiniband/ulp/rtrs/rtrs-clt.h
@@ -143,6 +143,7 @@ struct rtrs_clt_sess {
        int                     max_send_sge;
        u32                     flags;
        struct kobject          kobj;
+       u8                      for_new_clt;
        struct rtrs_clt_stats   *stats;
        /* cache hca_port and hca_name to display in sysfs */
        u8                      hca_port;

diff --git a/drivers/infiniband/ulp/rtrs/rtrs-pri.h b/drivers/infiniband/ulp/rtrs/rtrs-pri.h
index d5621e6fad1b1bbfe335bc2415a89948f058d151..8caad0a2322bfd7ee373c27e11d2d501d0e464c8 100644 (file)
--- a/drivers/infiniband/ulp/rtrs/rtrs-pri.h
+++ b/drivers/infiniband/ulp/rtrs/rtrs-pri.h
@@ -188,7 +188,9 @@ struct rtrs_msg_conn_req {
        __le16          recon_cnt;
        uuid_t          sess_uuid;
        uuid_t          paths_uuid;
-       u8              reserved[12];
+       u8              first_conn : 1;
+       u8              reserved_bits : 7;
+       u8              reserved[11];
 };
 
 /**

diff --git a/drivers/infiniband/ulp/rtrs/rtrs-srv.c b/drivers/infiniband/ulp/rtrs/rtrs-srv.c
index e13e91c2a44af05acc0e1a455dd0bb25f8c205df..fbe39360ff120ae7552deedb34631a3bd153cea9 100644 (file)
--- a/drivers/infiniband/ulp/rtrs/rtrs-srv.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs-srv.c
@@ -1333,7 +1333,8 @@ static void free_srv(struct rtrs_srv *srv)
 }
 
 static struct rtrs_srv *get_or_create_srv(struct rtrs_srv_ctx *ctx,
-                                          const uuid_t *paths_uuid)
+                                         const uuid_t *paths_uuid,
+                                         bool first_conn)
 {
        struct rtrs_srv *srv;
        int i;
@@ -1346,12 +1347,20 @@ static struct rtrs_srv *get_or_create_srv(struct rtrs_srv_ctx *ctx,
                        return srv;
                }
        }
+       /*
+        * If this request is not the first connection request from the
+        * client for this session then fail and return error.
+        */
+       if (!first_conn) {
+               mutex_unlock(&ctx->srv_mutex);
+               return ERR_PTR(-ENXIO);
+       }
 
        /* need to allocate a new srv */
        srv = kzalloc(sizeof(*srv), GFP_KERNEL);
        if  (!srv) {
                mutex_unlock(&ctx->srv_mutex);
-               return NULL;
+               return ERR_PTR(-ENOMEM);
        }
 
        INIT_LIST_HEAD(&srv->paths_list);
@@ -1386,7 +1395,7 @@ err_free_chunks:
 
 err_free_srv:
        kfree(srv);
-       return NULL;
+       return ERR_PTR(-ENOMEM);
 }
 
 static void put_srv(struct rtrs_srv *srv)
@@ -1787,13 +1796,13 @@ static int rtrs_rdma_connect(struct rdma_cm_id *cm_id,
                goto reject_w_econnreset;
        }
        recon_cnt = le16_to_cpu(msg->recon_cnt);
-       srv = get_or_create_srv(ctx, &msg->paths_uuid);
+       srv = get_or_create_srv(ctx, &msg->paths_uuid, msg->first_conn);
        /*
         * "refcount == 0" happens if a previous thread calls get_or_create_srv
         * allocate srv, but chunks of srv are not allocated yet.
         */
-       if (!srv || refcount_read(&srv->refcount) == 0) {
-               err = -ENOMEM;
+       if (IS_ERR(srv) || refcount_read(&srv->refcount) == 0) {
+               err = PTR_ERR(srv);
                goto reject_w_err;
        }
        mutex_lock(&srv->paths_mutex);