lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220405194845.c443x4gf522c2kgv@sx1>
Date:   Tue, 5 Apr 2022 12:48:45 -0700
From:   Saeed Mahameed <saeed@...nel.org>
To:     Leon Romanovsky <leon@...nel.org>
Cc:     Jason Gunthorpe <jgg@...dia.com>,
        Patrisious Haddad <phaddad@...dia.com>,
        Jakub Kicinski <kuba@...nel.org>, linux-rdma@...r.kernel.org,
        netdev@...r.kernel.org, Paolo Abeni <pabeni@...hat.com>,
        Saeed Mahameed <saeedm@...dia.com>,
        Yishai Hadas <yishaih@...dia.com>
Subject: Re: [PATCH mlx5-next 1/3] net/mlx5: Nullify eq->dbg and qp->dbg
 pointers post destruction

On 05 Apr 11:12, Leon Romanovsky wrote:
>From: Patrisious Haddad <phaddad@...dia.com>
>
>Prior to this patch in the case that destroy_unmap_eq()
>failed and was called again, it triggered an additional call of

Where is it being failed and called again ? this shouldn't even be an
option, we try to keep mlx5 symmetrical, constructors and destructors are
supposed to be called only once in their respective positions.
the callers must be fixed to avoid re-entry, or change destructors to clear
up all resources even on failures, no matter what do not invent a reentry
protocols to mlx5 destructors.

>mlx5_debug_eq_remove() which causes a kernel crash, since
>eq->dbg was not nullified in previous call.
>

[...]

> int mlx5_debug_cq_add(struct mlx5_core_dev *dev, struct mlx5_core_cq *cq)
>diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eq.c b/drivers/net/ethernet/mellanox/mlx5/core/eq.c
>index 229728c80233..3c61f355cdac 100644
>--- a/drivers/net/ethernet/mellanox/mlx5/core/eq.c
>+++ b/drivers/net/ethernet/mellanox/mlx5/core/eq.c
>@@ -386,16 +386,20 @@ void mlx5_eq_disable(struct mlx5_core_dev *dev, struct mlx5_eq *eq,
> }
> EXPORT_SYMBOL(mlx5_eq_disable);
>
>-static int destroy_unmap_eq(struct mlx5_core_dev *dev, struct mlx5_eq *eq)
>+static int destroy_unmap_eq(struct mlx5_core_dev *dev, struct mlx5_eq *eq,
>+			    bool reentry)
> {
> 	int err;
>
> 	mlx5_debug_eq_remove(dev, eq);
>
> 	err = mlx5_cmd_destroy_eq(dev, eq->eqn);
>-	if (err)
>+	if (err) {
> 		mlx5_core_warn(dev, "failed to destroy a previously created eq: eqn %d\n",
> 			       eq->eqn);
>+		if (reentry)
>+			return err;
>+	}
>
> 	mlx5_frag_buf_free(dev, &eq->frag_buf);
> 	return err;
>@@ -481,7 +485,7 @@ static int destroy_async_eq(struct mlx5_core_dev *dev, struct mlx5_eq *eq)
> 	int err;
>
> 	mutex_lock(&eq_table->lock);
>-	err = destroy_unmap_eq(dev, eq);
>+	err = destroy_unmap_eq(dev, eq, false);
> 	mutex_unlock(&eq_table->lock);
> 	return err;
> }
>@@ -748,12 +752,15 @@ EXPORT_SYMBOL(mlx5_eq_create_generic);
>
> int mlx5_eq_destroy_generic(struct mlx5_core_dev *dev, struct mlx5_eq *eq)
> {
>+	struct mlx5_eq_table *eq_table = dev->priv.eq_table;
> 	int err;
>
> 	if (IS_ERR(eq))
> 		return -EINVAL;
>
>-	err = destroy_async_eq(dev, eq);
>+	mutex_lock(&eq_table->lock);

Here you are inventing the re-entry. 
Please drop this and fix properly. And avoid boolean parameters to mlx5 core
functions as much as possible, let's keep mlx5_core simple.

>+	err = destroy_unmap_eq(dev, eq, true);
>+	mutex_unlock(&eq_table->lock);
> 	if (err)
> 		goto out;
>
>@@ -851,7 +858,7 @@ static void destroy_comp_eqs(struct mlx5_core_dev *dev)
> 	list_for_each_entry_safe(eq, n, &table->comp_eqs_list, list) {
> 		list_del(&eq->list);
> 		mlx5_eq_disable(dev, &eq->core, &eq->irq_nb);
>-		if (destroy_unmap_eq(dev, &eq->core))
>+		if (destroy_unmap_eq(dev, &eq->core, false))
> 			mlx5_core_warn(dev, "failed to destroy comp EQ 0x%x\n",
> 				       eq->core.eqn);
> 		tasklet_disable(&eq->tasklet_ctx.task);
>@@ -915,7 +922,7 @@ static int create_comp_eqs(struct mlx5_core_dev *dev)
> 			goto clean_eq;
> 		err = mlx5_eq_enable(dev, &eq->core, &eq->irq_nb);
> 		if (err) {
>-			destroy_unmap_eq(dev, &eq->core);
>+			destroy_unmap_eq(dev, &eq->core, false);
> 			goto clean_eq;
> 		}
>
>-- 
>2.35.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ