lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d9004325-2a97-c711-3abc-eb2550e047b1@oracle.com>
Date:   Wed, 11 Mar 2020 07:35:56 -0700
From:   santosh.shilimkar@...cle.com
To:     zerons <sironhide0null@...il.com>
Cc:     netdev <netdev@...r.kernel.org>,
        OFED mailing list <linux-rdma@...r.kernel.org>,
        haakon.bugge@...cle.com
Subject: Re: Maybe a race condition in net/rds/rdma.c?

On 3/10/20 9:48 PM, zerons wrote:
> 
> 
> On 3/11/20 01:53, santosh.shilimkar@...cle.com wrote:
>> On 3/6/20 4:11 AM, zerons wrote:
>>>
>>>
>>> On 2/28/20 02:10, santosh.shilimkar@...cle.com wrote:
>>>>
>>>>>> On 18 Feb 2020, at 14:13, zerons <sironhide0null@...il.com> wrote:
>>>>>>
>>>>>> Hi, all
>>>>>>
>>>>>> In net/rds/rdma.c
>>>>>> (https://urldefense.com/v3/__https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/rds/rdma.c?h=v5.5.3*n419__;Iw!!GqivPVa7Brio!OwwQCLtjDsKmhaIz0sfaOVSuC4ai5t5_FgB7yqNExGOCBtACtIGLF61NNJyqSDtIAcGoPg$ ),
>>>>>> there may be a race condition between rds_rdma_unuse() and rds_free_mr().
>>>>>>
>>>> Hmmm.. I didn't see email before in my inbox. Please post questions/patches on netdev in future which is the correct mailing list.
>>>>
>>>>>> It seems that this one need some specific devices to run test,
>>>>>> unfortunately, I don't have any of these.
>>>>>> I've already sent two emails to the maintainer for help, no response yet,
>>>>>> (the email address may not be in use).
>>>>>>
>>>>>> 0) in rds_recv_incoming_exthdrs(), it calls rds_rdma_unuse() when receive an
>>>>>> extension header with force=0, if the victim mr does not have RDS_RDMA_USE_ONCE
>>>>>> flag set, then the mr would stay in the rbtree. Without any lock, it tries to
>>>>>> call mr->r_trans->sync_mr().
>>>>>>
>> MR won't stay in the rbtree with force flag. If the MR is used or
>> use_once is set in both cases its removed from the tree.
>> See "if (mr->r_use_once || force)"
>>
> 
> Sorry, I may misunderstand. Did you mean that if the MR is *used*,
> it is removed from the tree with or without the force flag in
> rds_rdma_unuse(), even when r_use_once is not set?
> 
Once the MR is being used with use_once semantics it gets removed with 
or without remote side indicating it via extended header. use_once
optimization was added later. The base behavior is once the MR is
used by remote and same information is sent via extended header,
it gets cleaned up with force flag. Force flag ignores whether
its marked as used_once or not.

Regards,
Santosh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ