From: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Matan Barak <matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>,
Eran Ben Elisha <eranbe-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Doron Tsur <doront-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH rdma-cm] IB/core: Fix memory corruption in ib_cache_gid_set_default_gid
Date: Thu, 15 Oct 2015 12:27:40 -0400 [thread overview]
Message-ID: <561FD3FC.10705@redhat.com> (raw)
In-Reply-To: <1444910463-5688-1-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 2011 bytes --]
On 10/15/2015 08:01 AM, Matan Barak wrote:
> From: Doron Tsur <doront-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>
> When ib_cache_gid_set_default_gid is called from several threads,
> updating the table could make find_gid fail, therefore a negative
> index will be retruned and an invalid table entry will be used.
> Locking find_gid as well fixes this problem.
>
> Fixes: 03db3a2d81e6 ('IB/core: Add RoCE GID table management')
> Signed-off-by: Doron Tsur <doront-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> Signed-off-by: Matan Barak <matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> ---
>
> Hi Doug,
>
> This patch fixes a bug in RoCE GID table implementation. When several
> instances executes ib_cache_gid_set_default_gid, we could try to update
> the same default GID (at the same index) simultaneously.
> Therefore, find_gid will fail finding this default GID and we'll hit the
> WARN_ON condition.
>
> We hit this bug while testing this code under pressure of doing ifup/ifdown.
>
> Thanks,
> Matan
Safe enough, applied for rc.
>
> drivers/infiniband/core/cache.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
> index 8f66c67..87471ef 100644
> --- a/drivers/infiniband/core/cache.c
> +++ b/drivers/infiniband/core/cache.c
> @@ -508,12 +508,12 @@ void ib_cache_gid_set_default_gid(struct ib_device *ib_dev, u8 port,
> memset(&gid_attr, 0, sizeof(gid_attr));
> gid_attr.ndev = ndev;
>
> + mutex_lock(&table->lock);
> ix = find_gid(table, NULL, NULL, true, GID_ATTR_FIND_MASK_DEFAULT);
>
> /* Coudn't find default GID location */
> WARN_ON(ix < 0);
>
> - mutex_lock(&table->lock);
> if (!__ib_cache_gid_get(ib_dev, port, ix,
> ¤t_gid, ¤t_gid_attr) &&
> mode == IB_CACHE_GID_DEFAULT_MODE_SET &&
>
--
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
GPG KeyID: 0E572FDD
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 884 bytes --]
prev parent reply other threads:[~2015-10-15 16:27 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-15 12:01 [PATCH rdma-cm] IB/core: Fix memory corruption in ib_cache_gid_set_default_gid Matan Barak
[not found] ` <1444910463-5688-1-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-10-15 12:01 ` [PATCH rdma-cm] IB/core: Fix use after free of ifa Matan Barak
[not found] ` <1444910463-5688-2-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-10-15 17:37 ` Doug Ledford
[not found] ` <561FE452.3050304-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-10-15 17:53 ` Jason Gunthorpe
[not found] ` <20151015175310.GA17519-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-10-18 7:51 ` Matan Barak
[not found] ` <CAAKD3BCoNmHjUvAR_SuKT_AL-823_y34QyRRV3aZ=T8cw9F9gw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-19 18:26 ` Jason Gunthorpe
2015-10-18 7:49 ` Matan Barak
[not found] ` <CAAKD3BBEfKTHPKyoTzMW3YESKJmGkcUkui=hjhsbyFRY+xDDEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-19 12:23 ` Doug Ledford
[not found] ` <5624E0AE.8050702-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-10-19 14:20 ` Matan Barak
[not found] ` <5624FC13.1090200-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-10-19 15:27 ` Doug Ledford
[not found] ` <56250BD6.2050503-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-10-20 14:50 ` Matan Barak
[not found] ` <562654B6.8090501-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-10-20 16:52 ` Doug Ledford
2015-10-20 20:17 ` Doug Ledford
[not found] ` <5626A15E.7080800-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-11-16 13:17 ` Matan Barak
2015-10-15 16:27 ` Doug Ledford [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=561FD3FC.10705@redhat.com \
--to=dledford-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=doront-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=eranbe-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.