lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Dec 2017 09:46:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Raju Rangoju <rajur@...lsio.com>, Sagi Grimberg <sagi@...mberg.me>, Max Gurtovoy <maxg@...lanox.com>, Doug Ledford <dledford@...hat.com>, Sasha Levin <alexander.levin@...izon.com> Subject: [PATCH 4.4 44/78] RDMA/iser: Fix possible mr leak on device removal event 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sagi Grimberg <sagi@...mberg.me> [ Upstream commit ea174c9573b0e0c8bc1a7a90fe9360ccb7aa9cbb ] When the rdma device is removed, we must cleanup all the rdma resources within the DEVICE_REMOVAL event handler to let the device teardown gracefully. When this happens with live I/O, some memory regions are occupied. Thus, track them too and dereg all the mr's. We are safe with mr access by iscsi_iser_cleanup_task. Reported-by: Raju Rangoju <rajur@...lsio.com> Signed-off-by: Sagi Grimberg <sagi@...mberg.me> Reviewed-by: Max Gurtovoy <maxg@...lanox.com> Reviewed-by: Max Gurtovoy <maxg@...lanox.com> Signed-off-by: Doug Ledford <dledford@...hat.com> Signed-off-by: Sasha Levin <alexander.levin@...izon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- drivers/infiniband/ulp/iser/iscsi_iser.h | 2 ++ drivers/infiniband/ulp/iser/iser_verbs.c | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) --- a/drivers/infiniband/ulp/iser/iscsi_iser.h +++ b/drivers/infiniband/ulp/iser/iscsi_iser.h @@ -450,6 +450,7 @@ struct iser_fr_desc { struct list_head list; struct iser_reg_resources rsc; struct iser_pi_context *pi_ctx; + struct list_head all_list; }; /** @@ -463,6 +464,7 @@ struct iser_fr_pool { struct list_head list; spinlock_t lock; int size; + struct list_head all_list; }; /** --- a/drivers/infiniband/ulp/iser/iser_verbs.c +++ b/drivers/infiniband/ulp/iser/iser_verbs.c @@ -405,6 +405,7 @@ int iser_alloc_fastreg_pool(struct ib_co int i, ret; INIT_LIST_HEAD(&fr_pool->list); + INIT_LIST_HEAD(&fr_pool->all_list); spin_lock_init(&fr_pool->lock); fr_pool->size = 0; for (i = 0; i < cmds_max; i++) { @@ -416,6 +417,7 @@ int iser_alloc_fastreg_pool(struct ib_co } list_add_tail(&desc->list, &fr_pool->list); + list_add_tail(&desc->all_list, &fr_pool->all_list); fr_pool->size++; } @@ -435,13 +437,13 @@ void iser_free_fastreg_pool(struct ib_co struct iser_fr_desc *desc, *tmp; int i = 0; - if (list_empty(&fr_pool->list)) + if (list_empty(&fr_pool->all_list)) return; iser_info("freeing conn %p fr pool\n", ib_conn); - list_for_each_entry_safe(desc, tmp, &fr_pool->list, list) { - list_del(&desc->list); + list_for_each_entry_safe(desc, tmp, &fr_pool->all_list, all_list) { + list_del(&desc->all_list); iser_free_reg_res(&desc->rsc); if (desc->pi_ctx) iser_free_pi_ctx(desc->pi_ctx);
Powered by blists - more mailing lists