All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Schumaker, Anna" <Anna.Schumaker@netapp.com>
To: "bfields@fieldses.org" <bfields@fieldses.org>,
	"chuck.lever@oracle.com" <chuck.lever@oracle.com>
Cc: "dan.carpenter@oracle.com" <dan.carpenter@oracle.com>,
	"trond.myklebust@hammerspace.com"
	<trond.myklebust@hammerspace.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"jlayton@kernel.org" <jlayton@kernel.org>,
	"kernel-janitors@vger.kernel.org"
	<kernel-janitors@vger.kernel.org>
Subject: Re: [PATCH 2/2] xprtrdma: Double free in rpcrdma_sendctxs_create()
Date: Mon, 07 Jan 2019 22:21:47 +0000	[thread overview]
Message-ID: <d3c36bfdf67dd7f6774f3ff7849a8392e14793d1.camel@netapp.com> (raw)
In-Reply-To: <20190107172253.GA7196@fieldses.org>

DQpPbiBNb24sIDIwMTktMDEtMDcgYXQgMTI6MjIgLTA1MDAsIEJydWNlIEZpZWxkcyB3cm90ZToN
Cj4gT24gU2F0LCBKYW4gMDUsIDIwMTkgYXQgMTE6MjQ6NDVBTSAtMDUwMCwgQ2h1Y2sgTGV2ZXIg
d3JvdGU6DQo+ID4gPiBPbiBKYW4gNSwgMjAxOSwgYXQgODowNiBBTSwgRGFuIENhcnBlbnRlciA8
ZGFuLmNhcnBlbnRlckBvcmFjbGUuY29tPg0KPiA+ID4gd3JvdGU6DQo+ID4gPiANCj4gPiA+IFRo
ZSBjbGVhbiB1cCBpcyBoYW5kbGVkIGJ5IHRoZSBjYWxsZXIsIHJwY3JkbWFfYnVmZmVyX2NyZWF0
ZSgpLCBzbyB0aGlzDQo+ID4gPiBjYWxsIHRvIHJwY3JkbWFfc2VuZGN0eHNfZGVzdHJveSgpIGxl
YWRzIHRvIGEgZG91YmxlIGZyZWUuDQo+ID4gDQo+ID4gVHJ1ZS4gVGhpcyBmaXggaXMgYWRlcXVh
dGUsIGJ1dCBJJ20gd29uZGVyaW5nIGlmIHJwY3JkbWFfc2VuZGN0eHNfZGVzdHJveQ0KPiA+IHNo
b3VsZCBiZSBtYWRlIG1vcmUgY2FyZWZ1bCBhYm91dCBiZWluZyBjYWxsZWQgdHdpY2UuIEhtLg0K
PiA+IA0KPiA+IFJldmlld2VkLWJ5OiBDaHVjayBMZXZlciA8Y2h1Y2subGV2ZXJAb3JhY2xlLmNv
bT4NCj4gDQo+IEknbSBhc3N1bWluZyBUcm9uZCBvciBBbm5hIHdpbGwgcGljayB0aGlzIHVwLi0t
Yi4NCg0KWWVhaCwgSSdsbCB0YWtlIHRoaXMgb25lIGFuZCAxLzIgZm9yIGEgNS4wLXJjLiAgSSBt
aWdodCBzYXZlIHRoZSBhZGRpdGlvbmFsDQpjbGVhbnVwIHBhdGNoIERhbiBzZW50IGZvciA1LjEN
Cg0KQW5uYQ0KDQo+IA0KPiA+IA0KPiA+ID4gRml4ZXM6IGFlNzI5NTBhYmY5OSAoInhwcnRyZG1h
OiBBZGQgZGF0YSBzdHJ1Y3R1cmUgdG8gbWFuYWdlIFJETUEgU2VuZA0KPiA+ID4gYXJndW1lbnRz
IikNCj4gPiA+IFNpZ25lZC1vZmYtYnk6IERhbiBDYXJwZW50ZXIgPGRhbi5jYXJwZW50ZXJAb3Jh
Y2xlLmNvbT4NCj4gPiA+IC0tLQ0KPiA+ID4gbmV0L3N1bnJwYy94cHJ0cmRtYS92ZXJicy5jIHwg
NiArLS0tLS0NCj4gPiA+IDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigrKSwgNSBkZWxldGlv
bnMoLSkNCj4gPiA+IA0KPiA+ID4gZGlmZiAtLWdpdCBhL25ldC9zdW5ycGMveHBydHJkbWEvdmVy
YnMuYyBiL25ldC9zdW5ycGMveHBydHJkbWEvdmVyYnMuYw0KPiA+ID4gaW5kZXggM2RkZTA1ODky
YzhlLi40OTk0ZTc1OTQ1YjggMTAwNjQ0DQo+ID4gPiAtLS0gYS9uZXQvc3VucnBjL3hwcnRyZG1h
L3ZlcmJzLmMNCj4gPiA+ICsrKyBiL25ldC9zdW5ycGMveHBydHJkbWEvdmVyYnMuYw0KPiA+ID4g
QEAgLTg0NSwxNyArODQ1LDEzIEBAIHN0YXRpYyBpbnQgcnBjcmRtYV9zZW5kY3R4c19jcmVhdGUo
c3RydWN0DQo+ID4gPiBycGNyZG1hX3hwcnQgKnJfeHBydCkNCj4gPiA+IAlmb3IgKGkgPSAwOyBp
IDw9IGJ1Zi0+cmJfc2NfbGFzdDsgaSsrKSB7DQo+ID4gPiAJCXNjID0gcnBjcmRtYV9zZW5kY3R4
X2NyZWF0ZSgmcl94cHJ0LT5yeF9pYSk7DQo+ID4gPiAJCWlmICghc2MpDQo+ID4gPiAtCQkJZ290
byBvdXRfZGVzdHJveTsNCj4gPiA+ICsJCQlyZXR1cm4gLUVOT01FTTsNCj4gPiA+IA0KPiA+ID4g
CQlzYy0+c2NfeHBydCA9IHJfeHBydDsNCj4gPiA+IAkJYnVmLT5yYl9zY19jdHhzW2ldID0gc2M7
DQo+ID4gPiAJfQ0KPiA+ID4gDQo+ID4gPiAJcmV0dXJuIDA7DQo+ID4gPiAtDQo+ID4gPiAtb3V0
X2Rlc3Ryb3k6DQo+ID4gPiAtCXJwY3JkbWFfc2VuZGN0eHNfZGVzdHJveShidWYpOw0KPiA+ID4g
LQlyZXR1cm4gLUVOT01FTTsNCj4gPiA+IH0NCj4gPiA+IA0KPiA+ID4gLyogVGhlIHNlbmRjdHgg
cXVldWUgaXMgbm90IGd1YXJhbnRlZWQgdG8gaGF2ZSBhIHNpemUgdGhhdCBpcyBhDQo+ID4gPiAt
LSANCj4gPiA+IDIuMTcuMQ0KPiA+ID4gDQo+ID4gDQo+ID4gLS0NCj4gPiBDaHVjayBMZXZlcg0K
PiA+IA0KPiA+IA0K

WARNING: multiple messages have this Message-ID (diff)
From: "Schumaker, Anna" <Anna.Schumaker@netapp.com>
To: "bfields@fieldses.org" <bfields@fieldses.org>,
	"chuck.lever@oracle.com" <chuck.lever@oracle.com>
Cc: "dan.carpenter@oracle.com" <dan.carpenter@oracle.com>,
	"trond.myklebust@hammerspace.com"
	<trond.myklebust@hammerspace.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"jlayton@kernel.org" <jlayton@kernel.org>,
	"kernel-janitors@vger.kernel.org"
	<kernel-janitors@vger.kernel.org>
Subject: Re: [PATCH 2/2] xprtrdma: Double free in rpcrdma_sendctxs_create()
Date: Mon, 7 Jan 2019 22:21:47 +0000	[thread overview]
Message-ID: <d3c36bfdf67dd7f6774f3ff7849a8392e14793d1.camel@netapp.com> (raw)
In-Reply-To: <20190107172253.GA7196@fieldses.org>


On Mon, 2019-01-07 at 12:22 -0500, Bruce Fields wrote:
> On Sat, Jan 05, 2019 at 11:24:45AM -0500, Chuck Lever wrote:
> > > On Jan 5, 2019, at 8:06 AM, Dan Carpenter <dan.carpenter@oracle.com>
> > > wrote:
> > > 
> > > The clean up is handled by the caller, rpcrdma_buffer_create(), so this
> > > call to rpcrdma_sendctxs_destroy() leads to a double free.
> > 
> > True. This fix is adequate, but I'm wondering if rpcrdma_sendctxs_destroy
> > should be made more careful about being called twice. Hm.
> > 
> > Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
> 
> I'm assuming Trond or Anna will pick this up.--b.

Yeah, I'll take this one and 1/2 for a 5.0-rc.  I might save the additional
cleanup patch Dan sent for 5.1

Anna

> 
> > 
> > > Fixes: ae72950abf99 ("xprtrdma: Add data structure to manage RDMA Send
> > > arguments")
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > ---
> > > net/sunrpc/xprtrdma/verbs.c | 6 +-----
> > > 1 file changed, 1 insertion(+), 5 deletions(-)
> > > 
> > > diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c
> > > index 3dde05892c8e..4994e75945b8 100644
> > > --- a/net/sunrpc/xprtrdma/verbs.c
> > > +++ b/net/sunrpc/xprtrdma/verbs.c
> > > @@ -845,17 +845,13 @@ static int rpcrdma_sendctxs_create(struct
> > > rpcrdma_xprt *r_xprt)
> > > 	for (i = 0; i <= buf->rb_sc_last; i++) {
> > > 		sc = rpcrdma_sendctx_create(&r_xprt->rx_ia);
> > > 		if (!sc)
> > > -			goto out_destroy;
> > > +			return -ENOMEM;
> > > 
> > > 		sc->sc_xprt = r_xprt;
> > > 		buf->rb_sc_ctxs[i] = sc;
> > > 	}
> > > 
> > > 	return 0;
> > > -
> > > -out_destroy:
> > > -	rpcrdma_sendctxs_destroy(buf);
> > > -	return -ENOMEM;
> > > }
> > > 
> > > /* The sendctx queue is not guaranteed to have a size that is a
> > > -- 
> > > 2.17.1
> > > 
> > 
> > --
> > Chuck Lever
> > 
> > 

  reply	other threads:[~2019-01-07 22:21 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-05 13:06 [PATCH 2/2] xprtrdma: Double free in rpcrdma_sendctxs_create() Dan Carpenter
2019-01-05 13:06 ` Dan Carpenter
2019-01-05 16:24 ` Chuck Lever
2019-01-05 16:24   ` Chuck Lever
2019-01-07 17:22   ` Bruce Fields
2019-01-07 17:22     ` Bruce Fields
2019-01-07 22:21     ` Schumaker, Anna [this message]
2019-01-07 22:21       ` Schumaker, Anna
2019-01-07 18:41   ` Dan Carpenter
2019-01-07 18:41     ` Dan Carpenter
2019-01-07 19:08   ` [PATCH] xprtrdma: Make rpcrdma_sendctxs_destroy() more robust Dan Carpenter
2019-01-07 19:08     ` Dan Carpenter
2019-01-07 21:25     ` Chuck Lever
2019-01-07 21:25       ` Chuck Lever

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d3c36bfdf67dd7f6774f3ff7849a8392e14793d1.camel@netapp.com \
    --to=anna.schumaker@netapp.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=dan.carpenter@oracle.com \
    --cc=jlayton@kernel.org \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.