From: Jason Gunthorpe <jgg@nvidia.com>
To: Haakon Bugge <haakon.bugge@oracle.com>
Cc: Divya Indi <divya.indi@oracle.com>,
LKML <linux-kernel@vger.kernel.org>,
OFED mailing list <linux-rdma@vger.kernel.org>,
Kaike Wan <kaike.wan@intel.com>,
Gerd Rausch <gerd.rausch@oracle.com>,
Srinivas Eeda <srinivas.eeda@oracle.com>,
Rama Nichanamatlu <rama.nichanamatlu@oracle.com>,
Doug Ledford <dledford@redhat.com>,
Leon Romanovsky <leon@kernel.org>
Subject: Re: [PATCH v4] IB/sa: Resolving use-after-free in ib_nl_send_msg
Date: Wed, 25 Aug 2021 14:26:29 -0300 [thread overview]
Message-ID: <20210825172629.GJ1721383@nvidia.com> (raw)
In-Reply-To: <842DBB6A-9563-4629-B829-329DD344284E@oracle.com>
On Mon, Aug 23, 2021 at 04:54:16PM +0000, Haakon Bugge wrote:
>
>
> > On 8 Jul 2020, at 03:12, Jason Gunthorpe <jgg@nvidia.com> wrote:
> >
> > On Tue, Jul 07, 2020 at 06:05:02PM -0700, Divya Indi wrote:
> >> Thanks Jason.
> >>
> >> Appreciate your help and feedback for fixing this issue.
> >>
> >> Would it be possible to access the edited version of the patch?
> >> If yes, please share a pointer to the same.
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git/commit/?h=for-rc&id=f427f4d6214c183c474eeb46212d38e6c7223d6a
>
> Hi Jason,
>
>
> At first glanse, this commit calls rdma_nl_multicast() whilst
> holding a spinlock. Since rdma_nl_multicast() is called with a
> gfp_flag parameter, one could assume it supports an atomic
> context. rdma_nl_multicast() ends up in
> netlink_broadcast_filtered(). This function calls
> netlink_lock_table(), which calls read_unlock_irqrestore(), which
> ends up calling _raw_read_unlock_irqrestore(). And here
> preempt_enable() is called :-(
I don't understand. This:
unsigned long flags;
read_lock_irqsave(&nl_table_lock, flags);
atomic_inc(&nl_table_users);
read_unlock_irqrestore(&nl_table_lock, flags);
Is perfectly fine in an atomic context.
preempt_enable is implemented as a nesting counter, so it is fine to
call it from inside an atomic region so long as it is balanced.
Jason
next prev parent reply other threads:[~2021-08-25 17:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-24 2:13 [PATCH v4] IB/sa: Resolving use-after-free in ib_nl_send_msg Divya Indi
2020-06-25 10:09 ` Leon Romanovsky
2020-06-25 17:11 ` Divya Indi
2020-06-25 19:00 ` Leon Romanovsky
2020-07-02 19:07 ` Jason Gunthorpe
2020-07-08 1:05 ` Divya Indi
2020-07-08 1:12 ` Jason Gunthorpe
2021-08-23 16:54 ` Haakon Bugge
2021-08-25 17:26 ` Jason Gunthorpe [this message]
2021-08-26 15:25 ` Haakon Bugge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210825172629.GJ1721383@nvidia.com \
--to=jgg@nvidia.com \
--cc=divya.indi@oracle.com \
--cc=dledford@redhat.com \
--cc=gerd.rausch@oracle.com \
--cc=haakon.bugge@oracle.com \
--cc=kaike.wan@intel.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=rama.nichanamatlu@oracle.com \
--cc=srinivas.eeda@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.