From: Guoqing Jiang <guoqing.jiang@linux.dev>
To: bmt@zurich.ibm.com, jgg@ziepe.ca, leon@kernel.org
Cc: linux-rdma@vger.kernel.org
Subject: [PATCH 4/5] RDMA/siw: Set siw_crypto_shash to NULL after it is freed
Date: Thu, 27 Jul 2023 22:03:48 +0800 [thread overview]
Message-ID: <20230727140349.25369-5-guoqing.jiang@linux.dev> (raw)
In-Reply-To: <20230727140349.25369-1-guoqing.jiang@linux.dev>
In case siw module can't be inserted successfully, then remove the
module from kernel, which means both siw_cm_exit and the failure
path in siw_init_module call crypto_free_shash. We can see below
call trace appears.
[ 72.349344] ------------[ cut here ]------------
[ 72.349348] refcount_t: underflow; use-after-free.
[ 72.349386] WARNING: CPU: 1 PID: 1737 at lib/refcount.c:28 refcount_warn_saturate+0xfb/0x150
...
[ 72.349469] RIP: 0010:refcount_warn_saturate+0xfb/0x150
...
[ 72.349487] Call Trace:
[ 72.349488] <TASK>
[ 72.349490] ? show_regs+0x72/0x90
[ 72.349493] ? refcount_warn_saturate+0xfb/0x150
[ 72.349495] ? __warn+0x8d/0x1a0
[ 72.349498] ? refcount_warn_saturate+0xfb/0x150
[ 72.349500] ? report_bug+0x1f9/0x250
[ 72.349505] ? handle_bug+0x46/0x90
[ 72.349508] ? exc_invalid_op+0x19/0x80
[ 72.349511] ? asm_exc_invalid_op+0x1b/0x20
[ 72.349517] ? refcount_warn_saturate+0xfb/0x150
[ 72.349519] ? refcount_warn_saturate+0xfb/0x150
[ 72.349521] crypto_destroy_tfm+0x9b/0xe0
[ 72.349525] siw_exit_module+0xf6/0x590 [siw]
So we need to set siw_crypto_shash to null in the failure path of
siw_init_module.
Signed-off-by: Guoqing Jiang <guoqing.jiang@linux.dev>
---
drivers/infiniband/sw/siw/siw_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw_main.c b/drivers/infiniband/sw/siw/siw_main.c
index 6709ed0de3a4..f8549d01887f 100644
--- a/drivers/infiniband/sw/siw/siw_main.c
+++ b/drivers/infiniband/sw/siw/siw_main.c
@@ -589,8 +589,10 @@ static __init int siw_init_module(void)
siw_tx_thread[nr_cpu] = NULL;
}
}
- if (siw_crypto_shash)
+ if (siw_crypto_shash) {
crypto_free_shash(siw_crypto_shash);
+ siw_crypto_shash = NULL;
+ }
pr_info("SoftIWARP attach failed. Error: %d\n", rv);
--
2.34.1
next prev parent reply other threads:[~2023-07-27 14:15 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-27 14:03 [PATCH 0/5] Fix potential issues for siw Guoqing Jiang
2023-07-27 14:03 ` [PATCH 1/5] RDMA/siw: Set siw_cm_wq to NULL after it is destroyed Guoqing Jiang
2023-07-27 14:03 ` [PATCH 2/5] RDMA/siw: Ensure siw_destroy_cpulist can be called more than once Guoqing Jiang
2023-07-27 14:03 ` [PATCH 3/5] RDMA/siw: Initialize siw_link_ops.list Guoqing Jiang
2023-07-27 14:03 ` Guoqing Jiang [this message]
2023-07-27 14:03 ` [PATCH 5/5] RDMA/siw: Don't call wake_up unconditionally in siw_stop_tx_thread Guoqing Jiang
2023-07-27 17:17 ` [PATCH 0/5] Fix potential issues for siw Bernard Metzler
2023-07-27 17:29 ` Jason Gunthorpe
2023-07-27 18:15 ` Bart Van Assche
2023-07-28 1:16 ` Guoqing Jiang
2023-07-28 2:29 ` Guoqing Jiang
2023-07-28 11:10 ` Bernard Metzler
2023-07-28 9:36 ` Bernard Metzler
2023-08-09 19:04 ` Jason Gunthorpe
2023-08-10 1:14 ` Guoqing Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230727140349.25369-5-guoqing.jiang@linux.dev \
--to=guoqing.jiang@linux.dev \
--cc=bmt@zurich.ibm.com \
--cc=jgg@ziepe.ca \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.