[PATCH rdma-next v3 0/8] Fix memory corruption in CM

From: Leon Romanovsky
Date: Tue May 11 2021 - 04:31:45 EST

From: Leon Romanovsky <leonro@xxxxxxxxxx>

* Removed double unlock
* Changes in cma_release flow
v2: https://lore.kernel.org/lkml/cover.1619004798.git.leonro@xxxxxxxxxx
* Included Jason's patches in this series
v1: https://lore.kernel.org/linux-rdma/20210411122152.59274-1-leon@xxxxxxxxxx
* Squashed "remove mad_agent ..." patches to make sure that we don't
need to check for the NULL argument.
v0: https://lore.kernel.org/lkml/20210318100309.670344-1-leon@xxxxxxxxxx



This series from Mark fixes long standing bug in CM migration logic,
reported by Ryan [1].


[1] https://lore.kernel.org/linux-rdma/CAFMmRNx9cg--NUnZjFM8yWqFaEtsmAWV4EogKb3a0+hnjdtJFA@xxxxxxxxxxxxxx/

Jason Gunthorpe (4):
IB/cm: Pair cm_alloc_response_msg() with a cm_free_response_msg()
IB/cm: Split cm_alloc_msg()
IB/cm: Call the correct message free functions in cm_send_handler()
IB/cm: Tidy remaining cm_msg free paths

Mark Zhang (4):
Revert "IB/cm: Mark stale CM id's whenever the mad agent was
IB/cm: Simplify ib_cancel_mad() and ib_modify_mad() calls
IB/cm: Improve the calling of cm_init_av_for_lap and
IB/cm: Protect cm_dev, cm_ports and mad_agent with kref and lock

drivers/infiniband/core/cm.c | 621 +++++++++++++++--------------
drivers/infiniband/core/mad.c | 17 +-
drivers/infiniband/core/sa_query.c | 4 +-
include/rdma/ib_mad.h | 27 +-
4 files changed, 346 insertions(+), 323 deletions(-)