| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Mar 2024 20:30:03 +0800
From: Wen Gu <guwen@...ux.alibaba.com>
To: Jan Karcher <jaka@...ux.ibm.com>, wintera@...ux.ibm.com,
twinkler@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com,
agordeev@...ux.ibm.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, wenjia@...ux.ibm.com
Cc: borntraeger@...ux.ibm.com, svens@...ux.ibm.com,
alibuda@...ux.alibaba.com, tonylu@...ux.alibaba.com,
linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [RFC PATCH net-next v4 05/11] net/smc: implement DMB-related
operations of loopback-ism
On 2024/3/21 16:12, Jan Karcher wrote:
>
>
> On 17/03/2024 11:05, Wen Gu wrote:
>> This implements DMB (un)registration and data move operations of
>> loopback-ism device.
>>
>> Signed-off-by: Wen Gu <guwen@...ux.alibaba.com>
>> ---
>> net/smc/smc_loopback.c | 131 ++++++++++++++++++++++++++++++++++++++++-
>> net/smc/smc_loopback.h | 13 ++++
>> 2 files changed, 141 insertions(+), 3 deletions(-)
>>
>> diff --git a/net/smc/smc_loopback.c b/net/smc/smc_loopback.c
>> index 253128c77208..7335acb03920 100644
>> --- a/net/smc/smc_loopback.c
>> +++ b/net/smc/smc_loopback.c
>> @@ -15,11 +15,13 @@
>> #include <linux/types.h>
>> #include <net/smc.h>
>> +#include "smc_cdc.h"
>> #include "smc_ism.h"
>> #include "smc_loopback.h"
>> #if IS_ENABLED(CONFIG_SMC_LO)
>> #define SMC_LO_V2_CAPABLE 0x1 /* loopback-ism acts as ISMv2 */
>> +#define SMC_DMA_ADDR_INVALID (~(dma_addr_t)0)
>> static const char smc_lo_dev_name[] = "loopback-ism";
>> static struct smc_lo_dev *lo_dev;
>> @@ -49,6 +51,93 @@ static int smc_lo_query_rgid(struct smcd_dev *smcd, struct smcd_gid *rgid,
>> return 0;
>> }
>> +static int smc_lo_register_dmb(struct smcd_dev *smcd, struct smcd_dmb *dmb,
>> + void *client_priv)
>> +{
>> + struct smc_lo_dmb_node *dmb_node, *tmp_node;
>> + struct smc_lo_dev *ldev = smcd->priv;
>> + int sba_idx, rc;
>> +
>> + /* check space for new dmb */
>> + for_each_clear_bit(sba_idx, ldev->sba_idx_mask, SMC_LO_MAX_DMBS) {
>> + if (!test_and_set_bit(sba_idx, ldev->sba_idx_mask))
>> + break;
>> + }
>> + if (sba_idx == SMC_LO_MAX_DMBS)
>> + return -ENOSPC;
>> +
>> + dmb_node = kzalloc(sizeof(*dmb_node), GFP_KERNEL);
>> + if (!dmb_node) {
>> + rc = -ENOMEM;
>> + goto err_bit;
>> + }
>> +
>> + dmb_node->sba_idx = sba_idx;
>> + dmb_node->len = dmb->dmb_len;
>> + dmb_node->cpu_addr = kzalloc(dmb_node->len, GFP_KERNEL |
>> + __GFP_NOWARN | __GFP_NORETRY |
>> + __GFP_NOMEMALLOC);
>> + if (!dmb_node->cpu_addr) {
>> + rc = -ENOMEM;
>> + goto err_node;
>> + }
>> + dmb_node->dma_addr = SMC_DMA_ADDR_INVALID;
>> +
>> +again:
>> + /* add new dmb into hash table */
>> + get_random_bytes(&dmb_node->token, sizeof(dmb_node->token));
>> + write_lock_bh(&ldev->dmb_ht_lock);
>> + hash_for_each_possible(ldev->dmb_ht, tmp_node, list, dmb_node->token) {
>> + if (tmp_node->token == dmb_node->token) {
>> + write_unlock_bh(&ldev->dmb_ht_lock);
>> + goto again;
>> + }
>> + }
>> + hash_add(ldev->dmb_ht, &dmb_node->list, dmb_node->token);
>> + write_unlock_bh(&ldev->dmb_ht_lock);
>> +
>> + dmb->sba_idx = dmb_node->sba_idx;
>> + dmb->dmb_tok = dmb_node->token;
>> + dmb->cpu_addr = dmb_node->cpu_addr;
>> + dmb->dma_addr = dmb_node->dma_addr;
>> + dmb->dmb_len = dmb_node->len;
>> +
>> + return 0;
>> +
>> +err_node:
>> + kfree(dmb_node);
>> +err_bit:
>> + clear_bit(sba_idx, ldev->sba_idx_mask);
>> + return rc;
>> +}
>> +
>> +static int smc_lo_unregister_dmb(struct smcd_dev *smcd, struct smcd_dmb *dmb)
>> +{
>> + struct smc_lo_dmb_node *dmb_node = NULL, *tmp_node;
>> + struct smc_lo_dev *ldev = smcd->priv;
>> +
>> + /* remove dmb from hash table */
>> + write_lock_bh(&ldev->dmb_ht_lock);
>> + hash_for_each_possible(ldev->dmb_ht, tmp_node, list, dmb->dmb_tok) {
>> + if (tmp_node->token == dmb->dmb_tok) {
>> + dmb_node = tmp_node;
>> + break;
>> + }
>> + }
>> + if (!dmb_node) {
>> + write_unlock_bh(&ldev->dmb_ht_lock);
>> + return -EINVAL;
>> + }
>> + hash_del(&dmb_node->list);
>> + write_unlock_bh(&ldev->dmb_ht_lock);
>> +
>> + clear_bit(dmb_node->sba_idx, ldev->sba_idx_mask);
>> + kfree(dmb_node->cpu_addr);
>> + kfree(dmb_node);
>> +
>> + return 0;
>> +}
>> +
>> static int smc_lo_add_vlan_id(struct smcd_dev *smcd, u64 vlan_id)
>> {
>> return -EOPNOTSUPP;
>> @@ -75,6 +164,40 @@ static int smc_lo_signal_event(struct smcd_dev *dev, struct smcd_gid *rgid,
>> return 0;
>> }
>> +static int smc_lo_move_data(struct smcd_dev *smcd, u64 dmb_tok,
>> + unsigned int idx, bool sf, unsigned int offset,
>> + void *data, unsigned int size)
>> +{
>> + struct smc_lo_dmb_node *rmb_node = NULL, *tmp_node;
>> + struct smc_lo_dev *ldev = smcd->priv;
>> +
>> + read_lock_bh(&ldev->dmb_ht_lock);
>> + hash_for_each_possible(ldev->dmb_ht, tmp_node, list, dmb_tok) {
>> + if (tmp_node->token == dmb_tok) {
>> + rmb_node = tmp_node;
>> + break;
>> + }
>> + }
>> + if (!rmb_node) {
>> + read_unlock_bh(&ldev->dmb_ht_lock);
>> + return -EINVAL;
>> + }
>> + read_unlock_bh(&ldev->dmb_ht_lock);
>> +
>> + memcpy((char *)rmb_node->cpu_addr + offset, data, size);
>
> Hi Wen Gu,
>
> Could we get into use after free trouble here if the dmb gets unregistered between the read_unlock and memcpy?
>
rmb_node won't be unregistered until smc_lgr_free_bufs() in __smc_lgr_free(). At
that time, the connections on this lgr should be all freed (smc_conn_free() and
then lgr->refcnt == 0), so I think there will be no move data operation at that
point. But in case there is something unforeseen, I will put memcpy between dmb_ht_lock.
Thanks!
>
>> +
>> + if (sf) {
>> + struct smc_connection *conn =
>> + smcd->conn[rmb_node->sba_idx];
>
> Please put the `struct smc_connection *conn = NULL` at the top of the function and assign the value here.
>
OK, I will put it at the top. Thanks!
> Thanks
> - Jan
>
>> +
>> + if (conn && !conn->killed)
>> + tasklet_schedule(&conn->rx_tsklet);
>> + else
>> + return -EPIPE;
>> + }
>> + return 0;
>> +}
>> +
>> static int smc_lo_supports_v2(void)
>> {
>> return SMC_LO_V2_CAPABLE;
>> @@ -101,14 +224,14 @@ static struct device *smc_lo_get_dev(struct smcd_dev *smcd)
>> static const struct smcd_ops lo_ops = {
>> .query_remote_gid = smc_lo_query_rgid,
>> - .register_dmb = NULL,
>> - .unregister_dmb = NULL,
>> + .register_dmb = smc_lo_register_dmb,
>> + .unregister_dmb = smc_lo_unregister_dmb,
>> .add_vlan_id = smc_lo_add_vlan_id,
>> .del_vlan_id = smc_lo_del_vlan_id,
>> .set_vlan_required = smc_lo_set_vlan_required,
>> .reset_vlan_required = smc_lo_reset_vlan_required,
>> .signal_event = smc_lo_signal_event,
>> - .move_data = NULL,
>> + .move_data = smc_lo_move_data,
>> .supports_v2 = smc_lo_supports_v2,
>> .get_local_gid = smc_lo_get_local_gid,
>> .get_chid = smc_lo_get_chid,
>> @@ -173,6 +296,8 @@ static void smcd_lo_unregister_dev(struct smc_lo_dev *ldev)
>> static int smc_lo_dev_init(struct smc_lo_dev *ldev)
>> {
>> smc_lo_generate_id(ldev);
>> + rwlock_init(&ldev->dmb_ht_lock);
>> + hash_init(ldev->dmb_ht);
>> return smcd_lo_register_dev(ldev);
>> }
>> diff --git a/net/smc/smc_loopback.h b/net/smc/smc_loopback.h
>> index 55b41133a97f..24ab9d747613 100644
>> --- a/net/smc/smc_loopback.h
>> +++ b/net/smc/smc_loopback.h
>> @@ -20,13 +20,26 @@
>> #if IS_ENABLED(CONFIG_SMC_LO)
>> #define SMC_LO_MAX_DMBS 5000
>> +#define SMC_LO_DMBS_HASH_BITS 12
>> #define SMC_LO_CHID 0xFFFF
>> +struct smc_lo_dmb_node {
>> + struct hlist_node list;
>> + u64 token;
>> + u32 len;
>> + u32 sba_idx;
>> + void *cpu_addr;
>> + dma_addr_t dma_addr;
>> +};
>> +
>> struct smc_lo_dev {
>> struct smcd_dev *smcd;
>> struct device dev;
>> u16 chid;
>> struct smcd_gid local_gid;
>> + rwlock_t dmb_ht_lock;
>> + DECLARE_BITMAP(sba_idx_mask, SMC_LO_MAX_DMBS);
>> + DECLARE_HASHTABLE(dmb_ht, SMC_LO_DMBS_HASH_BITS);
>> };
>> #endif
Powered by blists - more mailing lists