lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <175845377558.2103402.2322215097092674955.b4-ty@kernel.org>
Date: Sun, 21 Sep 2025 07:22:55 -0400
From: Leon Romanovsky <leon@...nel.org>
To: zyjzyj2000@...il.com, jgg@...pe.ca, yanjun.zhu@...ux.dev, 
 Gui-Dong Han <hanguidong02@...il.com>
Cc: linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org, 
 baijiaju1990@...il.com, rpearsonhpe@...il.com, stable@...r.kernel.org
Subject: Re: [PATCH v2] RDMA/rxe: Fix race in do_task() when draining


On Fri, 19 Sep 2025 02:52:12 +0000, Gui-Dong Han wrote:
> When do_task() exhausts its iteration budget (!ret), it sets the state
> to TASK_STATE_IDLE to reschedule, without a secondary check on the
> current task->state. This can overwrite the TASK_STATE_DRAINING state
> set by a concurrent call to rxe_cleanup_task() or rxe_disable_task().
> 
> While state changes are protected by a spinlock, both rxe_cleanup_task()
> and rxe_disable_task() release the lock while waiting for the task to
> finish draining in the while(!is_done(task)) loop. The race occurs if
> do_task() hits its iteration limit and acquires the lock in this window.
> The cleanup logic may then proceed while the task incorrectly
> reschedules itself, leading to a potential use-after-free.
> 
> [...]

Applied, thanks!

[1/1] RDMA/rxe: Fix race in do_task() when draining
      https://git.kernel.org/rdma/rdma/c/8ca7eada62fcfa

Best regards,
-- 
Leon Romanovsky <leon@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ