From: Selvin Xavier <selvin.xavier@broadcom.com>
To: Tom Rix <trix@redhat.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>,
Devesh Sharma <devesh.sharma@broadcom.com>,
Doug Ledford <dledford@redhat.com>,
Leon Romanovsky <leon@kernel.org>,
maxg@mellanox.com, Gal Pressman <galpress@amazon.com>,
michaelgur@nvidia.com, Moni Shoua <monis@mellanox.com>,
gustavoars@kernel.org, linux-rdma@vger.kernel.org,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd()
Date: Mon, 11 Jan 2021 23:39:34 +0530 [thread overview]
Message-ID: <CA+sbYW1_zYv47YV8Btd8+JW=3QcSo4N1yFFDycnTS853UHGGag@mail.gmail.com> (raw)
In-Reply-To: <00c76f8e-4e46-2ab5-772b-ad5db59f8490@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]
On Fri, Jan 8, 2021 at 3:13 AM Tom Rix <trix@redhat.com> wrote:
>
>
> On 1/7/21 12:41 PM, Jason Gunthorpe wrote:
> > On Tue, Dec 29, 2020 at 06:46:53PM -0800, trix@redhat.com wrote:
> >> From: Tom Rix <trix@redhat.com>
> >>
> >> In ocrdma_dealloc_ucontext_pd() uctx->cntxt_pd is assigned to
> >> the variable pd and then after uctx->cntxt_pd is freed, the
> >> variable pd is passed to function _ocrdma_dealloc_pd() which
> >> dereferences pd directly or through its call to
> >> ocrdma_mbx_dealloc_pd().
> >>
> >> Reorder the free using the variable pd.
> >>
> >> Fixes: 21a428a019c9 ("RDMA: Handle PD allocations by IB/core")
> >> Signed-off-by: Tom Rix <trix@redhat.com>
> >> drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> > Applied to for-rc
> >
> > Is anyone testing ocrdma? Just doing the pyverbs rdma tests with kasn
> > turned on would have instantly caught this, and the change is nearly a
> > year old.
> >
> > Is ocrdma obsolete enough we can delete the driver?
Broadcom is not doing any active development/testing with ocrdma now.
I am checking with other teams to see if this can be deleted
completely. Will get back asap.
Thanks,
Selvin
>
> I am not an authority on ocrdma, i am fixing treewide, the problems clang static analysis flags.
>
> Tom
>
> >
> > Thanks,
> > Jason
> >
>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4181 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Selvin Xavier <selvin.xavier@broadcom.com>
To: Tom Rix <trix@redhat.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>,
Devesh Sharma <devesh.sharma@broadcom.com>,
Doug Ledford <dledford@redhat.com>,
Leon Romanovsky <leon@kernel.org>,
maxg@mellanox.com, Gal Pressman <galpress@amazon.com>,
michaelgur@nvidia.com, Moni Shoua <monis@mellanox.com>,
gustavoars@kernel.org, linux-rdma@vger.kernel.org,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd()
Date: Mon, 11 Jan 2021 23:39:34 +0530 [thread overview]
Message-ID: <CA+sbYW1_zYv47YV8Btd8+JW=3QcSo4N1yFFDycnTS853UHGGag@mail.gmail.com> (raw)
In-Reply-To: <00c76f8e-4e46-2ab5-772b-ad5db59f8490@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]
On Fri, Jan 8, 2021 at 3:13 AM Tom Rix <trix@redhat.com> wrote:
>
>
> On 1/7/21 12:41 PM, Jason Gunthorpe wrote:
> > On Tue, Dec 29, 2020 at 06:46:53PM -0800, trix@redhat.com wrote:
> >> From: Tom Rix <trix@redhat.com>
> >>
> >> In ocrdma_dealloc_ucontext_pd() uctx->cntxt_pd is assigned to
> >> the variable pd and then after uctx->cntxt_pd is freed, the
> >> variable pd is passed to function _ocrdma_dealloc_pd() which
> >> dereferences pd directly or through its call to
> >> ocrdma_mbx_dealloc_pd().
> >>
> >> Reorder the free using the variable pd.
> >>
> >> Fixes: 21a428a019c9 ("RDMA: Handle PD allocations by IB/core")
> >> Signed-off-by: Tom Rix <trix@redhat.com>
> >> drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> > Applied to for-rc
> >
> > Is anyone testing ocrdma? Just doing the pyverbs rdma tests with kasn
> > turned on would have instantly caught this, and the change is nearly a
> > year old.
> >
> > Is ocrdma obsolete enough we can delete the driver?
Broadcom is not doing any active development/testing with ocrdma now.
I am checking with other teams to see if this can be deleted
completely. Will get back asap.
Thanks,
Selvin
>
> I am not an authority on ocrdma, i am fixing treewide, the problems clang static analysis flags.
>
> Tom
>
> >
> > Thanks,
> > Jason
> >
>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4181 bytes --]
next prev parent reply other threads:[~2021-01-11 18:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-30 2:46 [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd() trix
2020-12-30 5:31 ` Leon Romanovsky
2021-01-07 20:41 ` Jason Gunthorpe
2021-01-07 21:43 ` Tom Rix
2021-01-11 18:09 ` Selvin Xavier [this message]
2021-01-11 18:09 ` Selvin Xavier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+sbYW1_zYv47YV8Btd8+JW=3QcSo4N1yFFDycnTS853UHGGag@mail.gmail.com' \
--to=selvin.xavier@broadcom.com \
--cc=devesh.sharma@broadcom.com \
--cc=dledford@redhat.com \
--cc=galpress@amazon.com \
--cc=gustavoars@kernel.org \
--cc=jgg@nvidia.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=maxg@mellanox.com \
--cc=michaelgur@nvidia.com \
--cc=monis@mellanox.com \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.