nvmet-rdma: Fix possible NULL deref when handling rdma cm events
When we initiate queue teardown sequence we call rdma_destroy_qp which clears cm_id->qp, afterwards we call rdma_destroy_id, but we might see a rdma_cm event in between with a cleared cm_id->qp so watch out for that and silently ignore the event because this means that the queue teardown sequence is in progress. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
This commit is contained in:
parent
a25f0944ba
commit
fa14a0acea
@ -1352,7 +1352,13 @@ static int nvmet_rdma_cm_handler(struct rdma_cm_id *cm_id,
|
|||||||
case RDMA_CM_EVENT_ADDR_CHANGE:
|
case RDMA_CM_EVENT_ADDR_CHANGE:
|
||||||
case RDMA_CM_EVENT_DISCONNECTED:
|
case RDMA_CM_EVENT_DISCONNECTED:
|
||||||
case RDMA_CM_EVENT_TIMEWAIT_EXIT:
|
case RDMA_CM_EVENT_TIMEWAIT_EXIT:
|
||||||
nvmet_rdma_queue_disconnect(queue);
|
/*
|
||||||
|
* We might end up here when we already freed the qp
|
||||||
|
* which means queue release sequence is in progress,
|
||||||
|
* so don't get in the way...
|
||||||
|
*/
|
||||||
|
if (queue)
|
||||||
|
nvmet_rdma_queue_disconnect(queue);
|
||||||
break;
|
break;
|
||||||
case RDMA_CM_EVENT_DEVICE_REMOVAL:
|
case RDMA_CM_EVENT_DEVICE_REMOVAL:
|
||||||
ret = nvmet_rdma_device_removal(cm_id, queue);
|
ret = nvmet_rdma_device_removal(cm_id, queue);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user