lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201104193036.GD17076@casper.infradead.org>
Date:   Wed, 4 Nov 2020 19:30:36 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     Jason Gunthorpe <jgg@...pe.ca>
Cc:     "xiaofeng.yan" <xiaofeng.yan2012@...il.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        dledford@...hat.com, oulijun@...wei.com, yanxiaofeng7@...com
Subject: Re: [PATCH 2/2] infiniband: Modify the reference to xa_store_irq()
 because the parameter of this function  has changed

On Wed, Nov 04, 2020 at 02:58:43PM -0400, Jason Gunthorpe wrote:
> >  static void cm_finalize_id(struct cm_id_private *cm_id_priv)
> >  {
> >  	xa_store_irq(&cm.local_id_table, cm_local_id(cm_id_priv->id.local_id),
> > -		     cm_id_priv, GFP_KERNEL);
> > +		     cm_id_priv);
> >  }
> 
> This one is almost a bug, the entry is preallocated with NULL though:
> 
> 	ret = xa_alloc_cyclic_irq(&cm.local_id_table, &id, NULL, xa_limit_32b,
> 				  &cm.local_id_next, GFP_KERNEL);
> 
> so it should never allocate here:
> 
> static int cm_req_handler(struct cm_work *work)
> {
> 	spin_lock_irq(&cm_id_priv->lock);
> 	cm_finalize_id(cm_id_priv);

Uhm.  I think you want a different debugging check from this.  The actual
bug here is that you'll get back from calling cm_finalize_id() with
interrupts enabled.  Can you switch to xa_store(), or do we need an
xa_store_irqsave()?

> Still, woops.
> 
> Matt, maybe a might_sleep is deserved in here someplace?
> 
> @@ -1534,6 +1534,8 @@ void *__xa_store(struct xarray *xa, unsigned long index, void *entry, gfp_t gfp)
>         XA_STATE(xas, xa, index);
>         void *curr;
>  
> +       might_sleep_if(gfpflags_allow_blocking(gfp));
> +
>         if (WARN_ON_ONCE(xa_is_advanced(entry)))
>                 return XA_ERROR(-EINVAL);
>         if (xa_track_free(xa) && !entry)
> 
> And similar in the other places that conditionally call __xas_nomem()
> ?
> 
> I also still wish there was a proper 'xa store in already allocated
> but null' idiom - I remember you thought about using gfp flags == 0 at
> one point.

An xa_replace(), perhaps?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ