[net V2 11/15] net/mlx5e: kTLS, Fix napi sync and possible use-after-free

All of lore.kernel.org
 help / color / mirror / Atom feed

From: saeed@kernel.org
To: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, Tariq Toukan <tariqt@mellanox.com>,
	Maxim Mikityanskiy <maximmi@mellanox.com>,
	Saeed Mahameed <saeedm@mellanox.com>,
	Saeed Mahameed <saeedm@nvidia.com>
Subject: [net V2 11/15] net/mlx5e: kTLS, Fix napi sync and possible use-after-free
Date: Mon, 21 Sep 2020 17:30:57 -0700	[thread overview]
Message-ID: <20200922003101.529117-12-saeed@kernel.org> (raw)
In-Reply-To: <20200922003101.529117-1-saeed@kernel.org>

From: Tariq Toukan <tariqt@mellanox.com>

Using synchronize_rcu() is sufficient to wait until running NAPI quits.

See similar upstream fix with detailed explanation:
("net/mlx5e: Use synchronize_rcu to sync with NAPI")

This change also fixes a possible use-after-free as the NAPI
might be already released at this stage.

Fixes: 0419d8c9d8f8 ("net/mlx5e: kTLS, Add kTLS RX resync support")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Reviewed-by: Maxim Mikityanskiy <maximmi@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
index acf6d80a6bb7..f95aa50ab51a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
@@ -659,7 +659,7 @@ void mlx5e_ktls_del_rx(struct net_device *netdev, struct tls_context *tls_ctx)
 	priv_rx = mlx5e_get_ktls_rx_priv_ctx(tls_ctx);
 	set_bit(MLX5E_PRIV_RX_FLAG_DELETING, priv_rx->flags);
 	mlx5e_set_ktls_rx_priv_ctx(tls_ctx, NULL);
-	napi_synchronize(&priv->channels.c[priv_rx->rxq]->napi);
+	synchronize_rcu(); /* Sync with NAPI */
 	if (!cancel_work_sync(&priv_rx->rule.work))
 		/* completion is needed, as the priv_rx in the add flow
 		 * is maintained on the wqe info (wi), not on the socket.
-- 
2.26.2

next prev parent reply	other threads:[~2020-09-22  0:31 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-22  0:30 [pull request][net V2 00/15] mlx5 fixes-2020-09-18 saeed
2020-09-22  0:30 ` [net V2 01/15] net/mlx5: Fix FTE cleanup saeed
2020-09-22  0:30 ` [net V2 02/15] net/mlx5e: Use RCU to protect rq->xdp_prog saeed
2020-09-22  0:30 ` [net V2 03/15] net/mlx5e: Use synchronize_rcu to sync with NAPI saeed
2020-09-22  0:30 ` [net V2 04/15] net/mlx5e: Fix memory leak of tunnel info when rule under multipath not ready saeed
2020-09-22  0:30 ` [net V2 05/15] net/mlx5e: CT: Fix freeing ct_label mapping saeed
2020-09-22  0:30 ` [net V2 06/15] net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported saeed
2020-09-22  0:30 ` [net V2 07/15] net/mlx5e: Fix endianness when calculating pedit mask first bit saeed
2020-09-22  0:30 ` [net V2 08/15] net/mlx5e: Fix multicast counter not up-to-date in "ip -s" saeed
2020-09-22  0:30 ` [net V2 09/15] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats() saeed
2020-09-22  0:30 ` [net V2 10/15] net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported saeed
2020-09-22  0:30 ` saeed [this message]
2020-09-22  0:30 ` [net V2 12/15] net/mlx5e: kTLS, Add missing dma_unmap in RX resync saeed
2020-09-22  0:30 ` [net V2 13/15] net/mlx5e: kTLS, Fix leak on resync error flow saeed
2020-09-22  0:31 ` [net V2 14/15] net/mlx5e: kTLS, Avoid kzalloc(GFP_KERNEL) under spinlock saeed
2020-09-22  0:31 ` [net V2 15/15] net/mlx5e: mlx5e_fec_in_caps() returns a boolean saeed
2020-09-22  0:36 ` [pull request][net V2 00/15] mlx5 fixes-2020-09-18 David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:acf6d80a6bb dfblob:f95aa50ab51 )
 OR (
bs:"[net V2 11/15] net/mlx5e: kTLS, Fix napi sync and possible use-after-free" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200922003101.529117-12-saeed@kernel.org \
    --to=saeed@kernel.org \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=maximmi@mellanox.com \
    --cc=netdev@vger.kernel.org \
    --cc=saeedm@mellanox.com \
    --cc=saeedm@nvidia.com \
    --cc=tariqt@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.