From: Leon Romanovsky <leon@kernel.org>
To: Wenchao Hao <haowenchao2@huawei.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] RDMA/restrack: Fix potential invalid address access
Date: Sun, 3 Mar 2024 14:57:37 +0200 [thread overview]
Message-ID: <20240303125737.GB112581@unreal> (raw)
In-Reply-To: <20240301095514.3598280-1-haowenchao2@huawei.com>
On Fri, Mar 01, 2024 at 05:55:15PM +0800, Wenchao Hao wrote:
> struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME
> in ib_create_cq(), while if the module exited but forgot del this
> rdma_restrack_entry, it would cause a invalid address access in
> rdma_restrack_clean() when print the owner of this rdma_restrack_entry.
How is it possible to exit owner module without cleaning the resources?
Thanks
>
> Fix this issue by using kstrdup() to set rdma_restrack_entry's
> kern_name.
>
> Signed-off-by: Wenchao Hao <haowenchao2@huawei.com>
> ---
> drivers/infiniband/core/restrack.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/infiniband/core/restrack.c b/drivers/infiniband/core/restrack.c
> index 01a499a8b88d..6605011c4edc 100644
> --- a/drivers/infiniband/core/restrack.c
> +++ b/drivers/infiniband/core/restrack.c
> @@ -177,7 +177,8 @@ static void rdma_restrack_attach_task(struct rdma_restrack_entry *res,
> void rdma_restrack_set_name(struct rdma_restrack_entry *res, const char *caller)
> {
> if (caller) {
> - res->kern_name = caller;
> + kfree(res->kern_name);
> + res->kern_name = kstrdup(caller, GFP_KERNEL);
> return;
> }
>
> @@ -195,7 +196,7 @@ void rdma_restrack_parent_name(struct rdma_restrack_entry *dst,
> const struct rdma_restrack_entry *parent)
> {
> if (rdma_is_kernel_res(parent))
> - dst->kern_name = parent->kern_name;
> + dst->kern_name = kstrdup(parent->kern_name, GFP_KERNEL);
> else
> rdma_restrack_attach_task(dst, parent->task);
> }
> @@ -306,6 +307,7 @@ static void restrack_release(struct kref *kref)
> put_task_struct(res->task);
> res->task = NULL;
> }
> + kfree(res->kern_name);
> complete(&res->comp);
> }
>
> --
> 2.32.0
>
next prev parent reply other threads:[~2024-03-03 12:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-01 9:55 [PATCH] RDMA/restrack: Fix potential invalid address access Wenchao Hao
2024-03-03 12:57 ` Leon Romanovsky [this message]
2024-03-04 3:21 ` Wenchao Hao
2024-03-04 7:35 ` Leon Romanovsky
2024-03-04 13:33 ` Wenchao Hao
2024-03-07 9:13 ` Leon Romanovsky
2024-03-07 14:17 ` Wenchao Hao
2024-03-10 9:24 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240303125737.GB112581@unreal \
--to=leon@kernel.org \
--cc=haowenchao2@huawei.com \
--cc=jgg@ziepe.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.