[PATCH 4.14 078/115] RDMA/netlink: Fix locking around __ib_get_device_by_index

2018-03-02 Thread Greg Kroah-Hartman 
4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Leon Romanovsky 


[ Upstream commit f8978bd95cf92f869f3d9b34c1b699f49253b8c6 ]

Holding locks is mandatory when calling __ib_device_get_by_index,
otherwise there are races during the list iteration with device removal.

Since the locks are static to device.c, __ib_device_get_by_index can
never be called correctly by any user out side the file.

Make the function static and provide a safe function that gets the
correct locks and returns a kref'd pointer. Fix all callers.

Fixes: e5c9469efcb1 ("RDMA/netlink: Add nldev device doit implementation")
Fixes: c3f66f7b0052 ("RDMA/netlink: Implement nldev port doit callback")
Fixes: 7d02f605f0dc ("RDMA/netlink: Add nldev port dumpit implementation")
Reviewed-by: Mark Bloch 
Signed-off-by: Leon Romanovsky 
Signed-off-by: Jason Gunthorpe 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/infiniband/core/core_priv.h |2 -
 drivers/infiniband/core/device.c|   18 +++-
 drivers/infiniband/core/nldev.c |   54 
 3 files changed, 54 insertions(+), 20 deletions(-)

--- a/drivers/infiniband/core/core_priv.h
+++ b/drivers/infiniband/core/core_priv.h
@@ -314,7 +314,7 @@ static inline int ib_mad_enforce_securit
 }
 #endif
 
-struct ib_device *__ib_device_get_by_index(u32 ifindex);
+struct ib_device *ib_device_get_by_index(u32 ifindex);
 /* RDMA device netlink */
 void nldev_init(void);
 void nldev_exit(void);
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -134,7 +134,7 @@ static int ib_device_check_mandatory(str
return 0;
 }
 
-struct ib_device *__ib_device_get_by_index(u32 index)
+static struct ib_device *__ib_device_get_by_index(u32 index)
 {
struct ib_device *device;
 
@@ -145,6 +145,22 @@ struct ib_device *__ib_device_get_by_ind
return NULL;
 }
 
+/*
+ * Caller is responsible to return refrerence count by calling put_device()
+ */
+struct ib_device *ib_device_get_by_index(u32 index)
+{
+   struct ib_device *device;
+
+   down_read(_rwsem);
+   device = __ib_device_get_by_index(index);
+   if (device)
+   get_device(>dev);
+
+   up_read(_rwsem);
+   return device;
+}
+
 static struct ib_device *__ib_device_get_by_name(const char *name)
 {
struct ib_device *device;
--- a/drivers/infiniband/core/nldev.c
+++ b/drivers/infiniband/core/nldev.c
@@ -142,27 +142,34 @@ static int nldev_get_doit(struct sk_buff
 
index = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
 
-   device = __ib_device_get_by_index(index);
+   device = ib_device_get_by_index(index);
if (!device)
return -EINVAL;
 
msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-   if (!msg)
-   return -ENOMEM;
+   if (!msg) {
+   err = -ENOMEM;
+   goto err;
+   }
 
nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq,
RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_GET),
0, 0);
 
err = fill_dev_info(msg, device);
-   if (err) {
-   nlmsg_free(msg);
-   return err;
-   }
+   if (err)
+   goto err_free;
 
nlmsg_end(msg, nlh);
 
+   put_device(>dev);
return rdma_nl_unicast(msg, NETLINK_CB(skb).portid);
+
+err_free:
+   nlmsg_free(msg);
+err:
+   put_device(>dev);
+   return err;
 }
 
 static int _nldev_get_dumpit(struct ib_device *device,
@@ -220,31 +227,40 @@ static int nldev_port_get_doit(struct sk
return -EINVAL;
 
index = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
-   device = __ib_device_get_by_index(index);
+   device = ib_device_get_by_index(index);
if (!device)
return -EINVAL;
 
port = nla_get_u32(tb[RDMA_NLDEV_ATTR_PORT_INDEX]);
-   if (!rdma_is_port_valid(device, port))
-   return -EINVAL;
+   if (!rdma_is_port_valid(device, port)) {
+   err = -EINVAL;
+   goto err;
+   }
 
msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-   if (!msg)
-   return -ENOMEM;
+   if (!msg) {
+   err = -ENOMEM;
+   goto err;
+   }
 
nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq,
RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_GET),
0, 0);
 
err = fill_port_info(msg, device, port);
-   if (err) {
-   nlmsg_free(msg);
-   return err;
-   }
+   if (err)
+   goto err_free;
 
nlmsg_end(msg, nlh);
+   put_device(>dev);
 
return rdma_nl_unicast(msg, NETLINK_CB(skb).portid);
+

[PATCH 4.14 078/115] RDMA/netlink: Fix locking around __ib_get_device_by_index

2018-03-02 Thread Greg Kroah-Hartman 
4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Leon Romanovsky 


[ Upstream commit f8978bd95cf92f869f3d9b34c1b699f49253b8c6 ]

Holding locks is mandatory when calling __ib_device_get_by_index,
otherwise there are races during the list iteration with device removal.

Since the locks are static to device.c, __ib_device_get_by_index can
never be called correctly by any user out side the file.

Make the function static and provide a safe function that gets the
correct locks and returns a kref'd pointer. Fix all callers.

Fixes: e5c9469efcb1 ("RDMA/netlink: Add nldev device doit implementation")
Fixes: c3f66f7b0052 ("RDMA/netlink: Implement nldev port doit callback")
Fixes: 7d02f605f0dc ("RDMA/netlink: Add nldev port dumpit implementation")
Reviewed-by: Mark Bloch 
Signed-off-by: Leon Romanovsky 
Signed-off-by: Jason Gunthorpe 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/infiniband/core/core_priv.h |2 -
 drivers/infiniband/core/device.c|   18 +++-
 drivers/infiniband/core/nldev.c |   54 
 3 files changed, 54 insertions(+), 20 deletions(-)

--- a/drivers/infiniband/core/core_priv.h
+++ b/drivers/infiniband/core/core_priv.h
@@ -314,7 +314,7 @@ static inline int ib_mad_enforce_securit
 }
 #endif
 
-struct ib_device *__ib_device_get_by_index(u32 ifindex);
+struct ib_device *ib_device_get_by_index(u32 ifindex);
 /* RDMA device netlink */
 void nldev_init(void);
 void nldev_exit(void);
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -134,7 +134,7 @@ static int ib_device_check_mandatory(str
return 0;
 }
 
-struct ib_device *__ib_device_get_by_index(u32 index)
+static struct ib_device *__ib_device_get_by_index(u32 index)
 {
struct ib_device *device;
 
@@ -145,6 +145,22 @@ struct ib_device *__ib_device_get_by_ind
return NULL;
 }
 
+/*
+ * Caller is responsible to return refrerence count by calling put_device()
+ */
+struct ib_device *ib_device_get_by_index(u32 index)
+{
+   struct ib_device *device;
+
+   down_read(_rwsem);
+   device = __ib_device_get_by_index(index);
+   if (device)
+   get_device(>dev);
+
+   up_read(_rwsem);
+   return device;
+}
+
 static struct ib_device *__ib_device_get_by_name(const char *name)
 {
struct ib_device *device;
--- a/drivers/infiniband/core/nldev.c
+++ b/drivers/infiniband/core/nldev.c
@@ -142,27 +142,34 @@ static int nldev_get_doit(struct sk_buff
 
index = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
 
-   device = __ib_device_get_by_index(index);
+   device = ib_device_get_by_index(index);
if (!device)
return -EINVAL;
 
msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-   if (!msg)
-   return -ENOMEM;
+   if (!msg) {
+   err = -ENOMEM;
+   goto err;
+   }
 
nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq,
RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_GET),
0, 0);
 
err = fill_dev_info(msg, device);
-   if (err) {
-   nlmsg_free(msg);
-   return err;
-   }
+   if (err)
+   goto err_free;
 
nlmsg_end(msg, nlh);
 
+   put_device(>dev);
return rdma_nl_unicast(msg, NETLINK_CB(skb).portid);
+
+err_free:
+   nlmsg_free(msg);
+err:
+   put_device(>dev);
+   return err;
 }
 
 static int _nldev_get_dumpit(struct ib_device *device,
@@ -220,31 +227,40 @@ static int nldev_port_get_doit(struct sk
return -EINVAL;
 
index = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
-   device = __ib_device_get_by_index(index);
+   device = ib_device_get_by_index(index);
if (!device)
return -EINVAL;
 
port = nla_get_u32(tb[RDMA_NLDEV_ATTR_PORT_INDEX]);
-   if (!rdma_is_port_valid(device, port))
-   return -EINVAL;
+   if (!rdma_is_port_valid(device, port)) {
+   err = -EINVAL;
+   goto err;
+   }
 
msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-   if (!msg)
-   return -ENOMEM;
+   if (!msg) {
+   err = -ENOMEM;
+   goto err;
+   }
 
nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq,
RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_GET),
0, 0);
 
err = fill_port_info(msg, device, port);
-   if (err) {
-   nlmsg_free(msg);
-   return err;
-   }
+   if (err)
+   goto err_free;
 
nlmsg_end(msg, nlh);
+   put_device(>dev);
 
return rdma_nl_unicast(msg, NETLINK_CB(skb).portid);
+
+err_free:
+   nlmsg_free(msg);
+err:
+   put_device(>dev);
+   return err;
 }
 
 static int nldev_port_get_dumpit(struct sk_buff