From: Selvin Xavier <selvin.xavier@broadcom.com> To: Tom Rix <trix@redhat.com> Cc: Jason Gunthorpe <jgg@nvidia.com>, Devesh Sharma <devesh.sharma@broadcom.com>, Doug Ledford <dledford@redhat.com>, Leon Romanovsky <leon@kernel.org>, maxg@mellanox.com, Gal Pressman <galpress@amazon.com>, michaelgur@nvidia.com, Moni Shoua <monis@mellanox.com>, gustavoars@kernel.org, linux-rdma@vger.kernel.org, linux-kernel <linux-kernel@vger.kernel.org> Subject: Re: [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd() Date: Mon, 11 Jan 2021 23:39:34 +0530 [thread overview] Message-ID: <CA+sbYW1_zYv47YV8Btd8+JW=3QcSo4N1yFFDycnTS853UHGGag@mail.gmail.com> (raw) In-Reply-To: <00c76f8e-4e46-2ab5-772b-ad5db59f8490@redhat.com> [-- Attachment #1: Type: text/plain, Size: 1357 bytes --] On Fri, Jan 8, 2021 at 3:13 AM Tom Rix <trix@redhat.com> wrote: > > > On 1/7/21 12:41 PM, Jason Gunthorpe wrote: > > On Tue, Dec 29, 2020 at 06:46:53PM -0800, trix@redhat.com wrote: > >> From: Tom Rix <trix@redhat.com> > >> > >> In ocrdma_dealloc_ucontext_pd() uctx->cntxt_pd is assigned to > >> the variable pd and then after uctx->cntxt_pd is freed, the > >> variable pd is passed to function _ocrdma_dealloc_pd() which > >> dereferences pd directly or through its call to > >> ocrdma_mbx_dealloc_pd(). > >> > >> Reorder the free using the variable pd. > >> > >> Fixes: 21a428a019c9 ("RDMA: Handle PD allocations by IB/core") > >> Signed-off-by: Tom Rix <trix@redhat.com> > >> drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > > Applied to for-rc > > > > Is anyone testing ocrdma? Just doing the pyverbs rdma tests with kasn > > turned on would have instantly caught this, and the change is nearly a > > year old. > > > > Is ocrdma obsolete enough we can delete the driver? Broadcom is not doing any active development/testing with ocrdma now. I am checking with other teams to see if this can be deleted completely. Will get back asap. Thanks, Selvin > > I am not an authority on ocrdma, i am fixing treewide, the problems clang static analysis flags. > > Tom > > > > > Thanks, > > Jason > > > [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 4181 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Selvin Xavier <selvin.xavier@broadcom.com> To: Tom Rix <trix@redhat.com> Cc: Jason Gunthorpe <jgg@nvidia.com>, Devesh Sharma <devesh.sharma@broadcom.com>, Doug Ledford <dledford@redhat.com>, Leon Romanovsky <leon@kernel.org>, maxg@mellanox.com, Gal Pressman <galpress@amazon.com>, michaelgur@nvidia.com, Moni Shoua <monis@mellanox.com>, gustavoars@kernel.org, linux-rdma@vger.kernel.org, linux-kernel <linux-kernel@vger.kernel.org> Subject: Re: [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd() Date: Mon, 11 Jan 2021 23:39:34 +0530 [thread overview] Message-ID: <CA+sbYW1_zYv47YV8Btd8+JW=3QcSo4N1yFFDycnTS853UHGGag@mail.gmail.com> (raw) In-Reply-To: <00c76f8e-4e46-2ab5-772b-ad5db59f8490@redhat.com> [-- Attachment #1: Type: text/plain, Size: 1357 bytes --] On Fri, Jan 8, 2021 at 3:13 AM Tom Rix <trix@redhat.com> wrote: > > > On 1/7/21 12:41 PM, Jason Gunthorpe wrote: > > On Tue, Dec 29, 2020 at 06:46:53PM -0800, trix@redhat.com wrote: > >> From: Tom Rix <trix@redhat.com> > >> > >> In ocrdma_dealloc_ucontext_pd() uctx->cntxt_pd is assigned to > >> the variable pd and then after uctx->cntxt_pd is freed, the > >> variable pd is passed to function _ocrdma_dealloc_pd() which > >> dereferences pd directly or through its call to > >> ocrdma_mbx_dealloc_pd(). > >> > >> Reorder the free using the variable pd. > >> > >> Fixes: 21a428a019c9 ("RDMA: Handle PD allocations by IB/core") > >> Signed-off-by: Tom Rix <trix@redhat.com> > >> drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > > Applied to for-rc > > > > Is anyone testing ocrdma? Just doing the pyverbs rdma tests with kasn > > turned on would have instantly caught this, and the change is nearly a > > year old. > > > > Is ocrdma obsolete enough we can delete the driver? Broadcom is not doing any active development/testing with ocrdma now. I am checking with other teams to see if this can be deleted completely. Will get back asap. Thanks, Selvin > > I am not an authority on ocrdma, i am fixing treewide, the problems clang static analysis flags. > > Tom > > > > > Thanks, > > Jason > > > [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 4181 bytes --]
next prev parent reply other threads:[~2021-01-11 18:10 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-12-30 2:46 [PATCH] RDMA/ocrdma: fix use after free in ocrdma_dealloc_ucontext_pd() trix 2020-12-30 5:31 ` Leon Romanovsky 2021-01-07 20:41 ` Jason Gunthorpe 2021-01-07 21:43 ` Tom Rix 2021-01-11 18:09 ` Selvin Xavier [this message] 2021-01-11 18:09 ` Selvin Xavier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CA+sbYW1_zYv47YV8Btd8+JW=3QcSo4N1yFFDycnTS853UHGGag@mail.gmail.com' \ --to=selvin.xavier@broadcom.com \ --cc=devesh.sharma@broadcom.com \ --cc=dledford@redhat.com \ --cc=galpress@amazon.com \ --cc=gustavoars@kernel.org \ --cc=jgg@nvidia.com \ --cc=leon@kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-rdma@vger.kernel.org \ --cc=maxg@mellanox.com \ --cc=michaelgur@nvidia.com \ --cc=monis@mellanox.com \ --cc=trix@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.