IB/iser: Fix unload during ep_poll wrong dereference
authorSagi Grimberg <sagig@mellanox.com>
Tue, 14 Apr 2015 15:08:11 +0000 (18:08 +0300)
committerDoug Ledford <dledford@redhat.com>
Wed, 15 Apr 2015 20:07:12 +0000 (16:07 -0400)
In case the user unloaded ib_iser while ep_connect is in
progress, we need to destroy the endpoint although ep_disconnect
wasn't invoked (we detect this by the iser conn state != DOWN).
However, if we got an REJECTED/UNREACHABLE CM event we move the
connection state to DOWN which will prevent us from destroying
the endpoint in the module unload stage. Fix this by setting the
connection state to TERMINATING in iser_conn_error so we can still
destroy the endpoint at unload stage.

Reported-by: Ariel Nahum <arieln@mellanox.com>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/ulp/iser/iser_verbs.c

index 4065abe..070c5af 100644 (file)
@@ -721,7 +721,7 @@ static void iser_connect_error(struct rdma_cm_id *cma_id)
        struct iser_conn *iser_conn;
 
        iser_conn = (struct iser_conn *)cma_id->context;
-       iser_conn->state = ISER_CONN_DOWN;
+       iser_conn->state = ISER_CONN_TERMINATING;
 }
 
 /**