lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 7 Apr 2020 19:52:13 -0700
From:   santosh.shilimkar@...cle.com
To:     zerons <sironhide0null@...il.com>,
        Ka-Cheong Poon <ka-cheong.poon@...cle.com>,
        netdev@...r.kernel.org
Cc:     davem@...emloft.net, rds-devel@....oracle.com
Subject: Re: [PATCH net 2/2] net/rds: Fix MR reference counting problem

On 4/7/20 7:25 PM, zerons wrote:
> On 4/8/20 03:30, santosh.shilimkar@...cle.com wrote:
>> On 4/7/20 9:08 AM, Ka-Cheong Poon wrote:
>>> In rds_free_mr(), it calls rds_destroy_mr(mr) directly.  But this
>>> defeats the purpose of reference counting and makes MR free handling
>>> impossible.  It means that holding a reference does not guarantee that
>>> it is safe to access some fields.  For example, In
>>> rds_cmsg_rdma_dest(), it increases the ref count, unlocks and then
>>> calls mr->r_trans->sync_mr().  But if rds_free_mr() (and
>>> rds_destroy_mr()) is called in between (there is no lock preventing
>>> this to happen), r_trans_private is set to NULL, causing a panic.
>>> Similar issue is in rds_rdma_unuse().
>>>
>>> Reported-by: zerons <sironhide0null@...il.com>
>>> Signed-off-by: Ka-Cheong Poon <ka-cheong.poon@...cle.com>
>>> ---
>> Thanks for getting this out on the list.
>>
>> Hi zerons,
>> Can you please review it and see it addresses your concern ?
>>
> 
> Yes, the MR gets freed only when the ref count decreases to zero does
> address my concern. I think it make the logic cleaner as well. Fantastic!
> 
Thanks for confirmation.

FWIW,
Acked-by: Santosh Shilimkar <santosh.shilimkar@...cle.com>

Powered by blists - more mailing lists