From: Jason Gunthorpe <jgg@mellanox.com>
To: "Håkon Bugge" <haakon.bugge@oracle.com>
Cc: Doug Ledford <dledford@redhat.com>,
OFED mailing list <linux-rdma@vger.kernel.org>,
george kennedy <george.kennedy@oracle.com>
Subject: Re: [PATCH for-rc] RDMA/cma: fix race between addr_handler and resolve_route
Date: Fri, 3 Apr 2020 16:36:56 -0300 [thread overview]
Message-ID: <20200403193656.GF8514@mellanox.com> (raw)
In-Reply-To: <1720C7BF-D6E4-4779-B05D-203703042B36@oracle.com>
On Fri, Apr 03, 2020 at 09:07:10PM +0200, Håkon Bugge wrote:
>
>
> > On 3 Apr 2020, at 20:57, Jason Gunthorpe <jgg@mellanox.com> wrote:
> >
> > On Fri, Apr 03, 2020 at 08:43:28PM +0200, Håkon Bugge wrote:
> >> A syzkaller test hits a NULL pointer dereference in
> >> rdma_resolve_route():
> >
> > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-next
> >
> > This commit in 5.7 probably fixes this:
>
> I think it will not. The mutex in 7c11910783a1 ("RDMA/ucma: Put a
> lock around every call to the rdma_cm layer") will not prevent
> addr_handler() to run concurrently with rdma_resolve_route(), right?
Hmm. Perhaps so. But your patch isn't nearly enough if that is the
case, you've only considered resolve_route, but it could run
concurrently with *anything*, with the usual problems.
Plus addr_handler calls rdma_destroy_id().. Oh wow is that ever
completely screwed up. Sigh.
Probably the simplest answer is to have ucma fail operations that are
not permitted while an async_handler is pending. I'm guessing the only
operation that would be valid is rdma_destroy_id?
> And, I also suspect 7c11910783a1 to have major performance
> impact. But, that's a different story.
*shrug* I no longer care. The work to fix this in a performant way is
enormous and nobody wants to do it.
Until that time we are taking a 'Big Lock' approach to all concurrancy
problems with rdma_cm as this code is *completely* broken for
concurrency.
Which is why I'm not taking this patch..
Jason
next prev parent reply other threads:[~2020-04-03 19:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-03 18:43 [PATCH for-rc] RDMA/cma: fix race between addr_handler and resolve_route Håkon Bugge
2020-04-03 18:57 ` Jason Gunthorpe
2020-04-03 19:07 ` Håkon Bugge
2020-04-03 19:36 ` Jason Gunthorpe [this message]
2020-04-06 17:00 ` Håkon Bugge
2020-04-06 17:31 ` Jason Gunthorpe
2020-04-06 18:02 ` Håkon Bugge
2020-04-06 18:10 ` Jason Gunthorpe
2020-04-14 10:34 ` Håkon Bugge
2020-04-14 12:50 ` Jason Gunthorpe
2020-04-14 13:57 ` Håkon Bugge
2020-04-14 16:11 ` Jason Gunthorpe
2020-04-16 13:33 ` Håkon Bugge
2020-04-16 18:55 ` Jason Gunthorpe
2021-04-28 6:03 ` general protection fault in rdma_resolve_route syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200403193656.GF8514@mellanox.com \
--to=jgg@mellanox.com \
--cc=dledford@redhat.com \
--cc=george.kennedy@oracle.com \
--cc=haakon.bugge@oracle.com \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.