From: Jason Gunthorpe <jgg@mellanox.com>
Date: Tue, 10 Mar 2020 09:25:39 +0000 (+0200)
Subject: RDMA/cm: Add missing locking around id.state in cm_dup_req_handler
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=d1de9a88074b66482443f0cd91618d7b51a7c9b6;p=linux.git

RDMA/cm: Add missing locking around id.state in cm_dup_req_handler

All accesses to id.state must be done under the spinlock.

Fixes: a977049dacde ("[PATCH] IB: Add the kernel CM implementation")
Link: https://lore.kernel.org/r/20200310092545.251365-10-leon@kernel.org
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
---

diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
index 3f125044d35e5..3ce735527938c 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -1872,8 +1872,12 @@ static void cm_dup_req_handler(struct cm_work *work,
 			counter[CM_REQ_COUNTER]);
 
 	/* Quick state check to discard duplicate REQs. */
-	if (cm_id_priv->id.state == IB_CM_REQ_RCVD)
+	spin_lock_irq(&cm_id_priv->lock);
+	if (cm_id_priv->id.state == IB_CM_REQ_RCVD) {
+		spin_unlock_irq(&cm_id_priv->lock);
 		return;
+	}
+	spin_unlock_irq(&cm_id_priv->lock);
 
 	ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg);
 	if (ret)