lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <603ec723-842c-f6e1-01ee-6889c3925a63@gmail.com>
Date:   Wed, 11 Mar 2020 12:48:05 +0800
From:   zerons <sironhide0null@...il.com>
To:     santosh.shilimkar@...cle.com
Cc:     netdev <netdev@...r.kernel.org>,
        OFED mailing list <linux-rdma@...r.kernel.org>,
        haakon.bugge@...cle.com
Subject: Re: Maybe a race condition in net/rds/rdma.c?



On 3/11/20 01:53, santosh.shilimkar@...cle.com wrote:
> On 3/6/20 4:11 AM, zerons wrote:
>>
>>
>> On 2/28/20 02:10, santosh.shilimkar@...cle.com wrote:
>>>
>>>>> On 18 Feb 2020, at 14:13, zerons <sironhide0null@...il.com> wrote:
>>>>>
>>>>> Hi, all
>>>>>
>>>>> In net/rds/rdma.c
>>>>> (https://urldefense.com/v3/__https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/rds/rdma.c?h=v5.5.3*n419__;Iw!!GqivPVa7Brio!OwwQCLtjDsKmhaIz0sfaOVSuC4ai5t5_FgB7yqNExGOCBtACtIGLF61NNJyqSDtIAcGoPg$ ),
>>>>> there may be a race condition between rds_rdma_unuse() and rds_free_mr().
>>>>>
>>> Hmmm.. I didn't see email before in my inbox. Please post questions/patches on netdev in future which is the correct mailing list.
>>>
>>>>> It seems that this one need some specific devices to run test,
>>>>> unfortunately, I don't have any of these.
>>>>> I've already sent two emails to the maintainer for help, no response yet,
>>>>> (the email address may not be in use).
>>>>>
>>>>> 0) in rds_recv_incoming_exthdrs(), it calls rds_rdma_unuse() when receive an
>>>>> extension header with force=0, if the victim mr does not have RDS_RDMA_USE_ONCE
>>>>> flag set, then the mr would stay in the rbtree. Without any lock, it tries to
>>>>> call mr->r_trans->sync_mr().
>>>>>
> MR won't stay in the rbtree with force flag. If the MR is used or
> use_once is set in both cases its removed from the tree.
> See "if (mr->r_use_once || force)"
> 

Sorry, I may misunderstand. Did you mean that if the MR is *used*,
it is removed from the tree with or without the force flag in
rds_rdma_unuse(), even when r_use_once is not set?

Regards,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ