Re: [PATCH] RDMA/ucma: Put a lock around every call to the rdma_cm layer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@mellanox.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: "linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>
Subject: Re: [PATCH] RDMA/ucma: Put a lock around every call to the rdma_cm layer
Date: Mon, 9 Mar 2020 16:30:12 -0300	[thread overview]
Message-ID: <20200309193012.GA13183@mellanox.com> (raw)
In-Reply-To: <20200307204153.GJ15444@sol.localdomain>

On Sat, Mar 07, 2020 at 12:41:53PM -0800, Eric Biggers wrote:
> On Wed, Feb 19, 2020 at 08:22:25PM +0000, Jason Gunthorpe wrote:
> > On Tue, Feb 18, 2020 at 10:07:01PM -0800, Eric Biggers wrote:
> > > > these 11 lets include them as  well. I wasn't able to find a way to
> > > > search for things, this list is from your past email, thanks.
> > > > 
> > > 
> > > Unfortunately I haven't had time to work on syzkaller bugs lately, so I can't
> > > provide an updated list until I go through the long backlog of bugs.
> > 
> > Ok
> 
> Here's an updated list:
> 
> --------------------------------------------------------------------------------
> Title:              general protection fault in rds_ib_add_one
> Last occurred:      0 days ago
> Reported:           12 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=15f96d171c64999196ac7db3de107f24b9182a8e
> Original thread:    https://lore.kernel.org/lkml/000000000000b9b7d4059f4e4ac7@google.com/T/#u
> 
> This bug has a C reproducer.

Looks like this is fixed by Hillf

> --------------------------------------------------------------------------------
> Title:              INFO: trying to register non-static key in xa_destroy
> Last occurred:      0 days ago
> Reported:           11 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=c0a75a31c5fa84e6e5d3131fd98a5b56e2141b9a
> Original thread:    https://lore.kernel.org/lkml/00000000000046895c059f5cae37@google.com/T/#u
> 
> This bug has a C reproducer.

Fixed in v5.6-rc5

> --------------------------------------------------------------------------------
> Title:              general protection fault in nldev_stat_set_doit
> Last occurred:      4 days ago
> Reported:           11 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=1fbcb607cf49d8b5a3c8e056971f045f9bfa34f3
> Original thread:    https://lore.kernel.org/lkml/0000000000004aa34d059f5caedc@google.com/T/#u
> 
> This bug has a C reproducer.

Fixed in v5.6-rc5
 
> --------------------------------------------------------------------------------
> Title:              BUG: corrupted list in _cma_attach_to_dev
> Last occurred:      2 days ago
> Reported:           6 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=067b1e60bab1b617c1208f078cd76c9087f070e0
> Original thread:    https://lore.kernel.org/lkml/000000000000cfed90059fcfdccb@google.com/T/#u
> 
> This bug has a C reproducer.

Most likely fixed by this patch, syzkaller is re-testing

> --------------------------------------------------------------------------------
> Title:              WARNING: kobject bug in ib_register_device
> Last occurred:      1 day ago
> Reported:           12 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=805ad726feb6910e35088ae7bbe61f4125e573b7
> Original thread:    https://lore.kernel.org/lkml/000000000000026ac5059f4e27f3@google.com/T/#u
> 
> This bug has a C reproducer.

Oh, this wasn't sent to rdma, yes, obvious rdma bug, made a patch

> --------------------------------------------------------------------------------
> Title:              BUG: corrupted list in cma_listen_on_dev
> Last occurred:      4 days ago
> Reported:           4 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=e8fcdea4e5a443c597c94fb6eda7d6646eafe6a2
> Original thread:    https://lore.kernel.org/lkml/00000000000020c5d205a001c308@google.com/T/#u
> 
> This bug has a C reproducer.

Fixed by this patch, syzkaller confirmed, now duped to another bug

> --------------------------------------------------------------------------------
> Title:              KASAN: use-after-free Read in rxe_query_port
> Last occurred:      0 days ago
> Reported:           6 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=f00443e97b44c466dc75edc31601110bf62a6f69
> Original thread:    https://lore.kernel.org/lkml/0000000000000c9e12059fc941ff@google.com/T/#u
> 
> Unfortunately, this bug does not have a reproducer.

Perhaps Yanjun Zhu will look at this

> --------------------------------------------------------------------------------
> Title:              WARNING in ib_free_port_attrs
> Last occurred:      1 day ago
> Reported:           6 days ago
> Branches:           net and net-next
> Dashboard link:     https://syzkaller.appspot.com/bug?id=4ec089798f282f2d2c3219151e420ed1ba10120d
> Original thread:    https://lore.kernel.org/lkml/000000000000460717059fd83734@google.com/T/#u
> 
> Unfortunately, this bug does not have a reproducer.

Parav and I looked at this for a while and couldn't figure how how it
is possible. Hoping for a reproducer

> --------------------------------------------------------------------------------
> Title:              INFO: task hung in rdma_destroy_id
> Last occurred:      3 days ago
> Reported:           5 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=e89b86960c3636f57dbb16bb25a829377ebdf43d
> Original thread:    https://lore.kernel.org/lkml/00000000000059e701059fe3ec2f@google.com/T/#u
> 
> Unfortunately, this bug does not have a reproducer.

Most likely fixed by this patch

> --------------------------------------------------------------------------------
> Title:              general protection fault in kobject_get
> Last occurred:      6 days ago
> Reported:           6 days ago
> Branches:           net-next
> Dashboard link:     https://syzkaller.appspot.com/bug?id=f8e0f99b310558dd489cc7427711a640c10b93e5
> Original thread:    https://lore.kernel.org/lkml/000000000000c4b371059fd83a92@google.com/T/#u
> 
> Unfortunately, this bug does not have a reproducer.

Really surprised no reproducer, this is not a race bug. I wrote a fix,
it is being tested now.

> --------------------------------------------------------------------------------
> Title:              WARNING: kobject bug in add_one_compat_dev
> Last occurred:      8 days ago
> Reported:           10 days ago
> Branches:           linux-next and net-next
> Dashboard link:     https://syzkaller.appspot.com/bug?id=f8880fdc3cd0ba268421672360cf79bfa7fa4272
> Original thread:    https://lore.kernel.org/lkml/0000000000005f77d6059f888f2e@google.com/T/#u
> 
> Unfortunately, this bug does not have a reproducer.

Hmm. I wonder if this is because 'dev_set_name' failed and we ignored
it? Is that possible with this log? Lets fix that at least - I have no
other idea how we could get an empty name.

> --------------------------------------------------------------------------------
> Title:              WARNING in srp_remove_one
> Last occurred:      9 days ago
> Reported:           6 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=16a5827f8f6f6ef0967e6492ffb2e2ca54c8c0fb
> Original thread:    https://lore.kernel.org/lkml/000000000000144d79059fc9415d@google.com/T/#u
> 
> Unfortunately, this bug does not have a reproducer.

This looks a lot like 'WARNING in ib_free_port_attrs' - I don't have a
clear idea how these sysfs errors are possible. I wonder if there is
something strange going on in sysfs land during net ns actions?

Thanks,
Jason

next prev parent reply	other threads:[~2020-03-09 19:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-18 21:04 [PATCH] RDMA/ucma: Put a lock around every call to the rdma_cm layer Jason Gunthorpe
2020-02-18 22:10 ` KASAN: use-after-free Read in rdma_listen (2) syzbot
2020-02-19  6:07 ` [PATCH] RDMA/ucma: Put a lock around every call to the rdma_cm layer Eric Biggers
2020-02-19 20:22   ` Jason Gunthorpe
2020-03-07 20:41     ` Eric Biggers
2020-03-09 19:30       ` Jason Gunthorpe [this message]
2020-06-27 22:57         ` Eric Biggers
2020-06-29 14:30           ` Jason Gunthorpe
2020-11-16 20:46           ` Jason Gunthorpe
2020-02-27 20:42 ` Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200309193012.GA13183@mellanox.com \
    --to=jgg@mellanox.com \
    --cc=ebiggers@kernel.org \
    --cc=linux-rdma@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.