From: Tony Lu <tonylu@linux.alibaba.com>
To: "D. Wythe" <alibuda@linux.alibaba.com>
Cc: kgraul@linux.ibm.com, wenjia@linux.ibm.com, kuba@kernel.org,
davem@davemloft.net, netdev@vger.kernel.org,
linux-s390@vger.kernel.org, linux-rdma@vger.kernel.org
Subject: Re: [PATCH net-next 09/10] net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
Date: Tue, 16 Aug 2022 16:28:25 +0800 [thread overview]
Message-ID: <YvtVKT44JuqhyWB2@TonyMac-Alibaba> (raw)
In-Reply-To: <f4c5b1ba19c926e8b3d1def2ff685f29b2631b24.1660152975.git.alibuda@linux.alibaba.com>
On Thu, Aug 11, 2022 at 01:47:40AM +0800, D. Wythe wrote:
> From: "D. Wythe" <alibuda@linux.alibaba.com>
>
> After we optimize the parallel capability of SMC-R connection
> establishment, there is a certain chance to trigger the
> following panic:
>
> PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48"
> #0 [ffff9456c1cc79a0] machine_kexec at ffffffff870665b7
> #1 [ffff9456c1cc79f0] __crash_kexec at ffffffff871b4c7a
> #2 [ffff9456c1cc7ab0] crash_kexec at ffffffff871b5b60
> #3 [ffff9456c1cc7ac0] oops_end at ffffffff87026ce7
> #4 [ffff9456c1cc7ae0] page_fault_oops at ffffffff87075715
> #5 [ffff9456c1cc7b58] exc_page_fault at ffffffff87ad0654
> #6 [ffff9456c1cc7b80] asm_exc_page_fault at ffffffff87c00b62
> [exception RIP: ib_alloc_mr+19]
> RIP: ffffffffc0c9cce3 RSP: ffff9456c1cc7c38 RFLAGS: 00010202
> RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000004
> RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: ffff88c1ea281d00 R8: 000000020a34ffff R9: ffff88c1350bbb20
> R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
> R13: 0000000000000010 R14: ffff88c1ab040a50 R15: ffff88c1ea281d00
> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
> #7 [ffff9456c1cc7c60] smc_ib_get_memory_region at ffffffffc0aff6df [smc]
> #8 [ffff9456c1cc7c88] smcr_buf_map_link at ffffffffc0b0278c [smc]
> #9 [ffff9456c1cc7ce0] __smc_buf_create at ffffffffc0b03586 [smc]
>
> The reason here is that when the server tries to create a second link,
> smc_llc_srv_add_link() has no protection and may add a new link to
> link group. This breaks the security environment protected by
> llc_conf_mutex.
>
> Signed-off-by: D. Wythe <alibuda@linux.alibaba.com>
I am curious if this patch can be merged with the previous one? It seems
that this panic is introduced by previous one?
> ---
> net/smc/af_smc.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
> index 39dbf39..0b0c53a 100644
> --- a/net/smc/af_smc.c
> +++ b/net/smc/af_smc.c
> @@ -1834,8 +1834,10 @@ static int smcr_serv_conf_first_link(struct smc_sock *smc)
> smc_llc_link_active(link);
> smcr_lgr_set_type(link->lgr, SMC_LGR_SINGLE);
>
> + down_write(&link->lgr->llc_conf_mutex);
> /* initial contact - try to establish second link */
> smc_llc_srv_add_link(link, NULL);
> + up_write(&link->lgr->llc_conf_mutex);
> return 0;
> }
>
> --
> 1.8.3.1
next prev parent reply other threads:[~2022-08-16 10:19 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-10 17:47 [PATCH net-next 00/10] net/smc: optimize the parallelism of SMC-R connections D. Wythe
2022-08-10 17:47 ` [PATCH net-next 01/10] net/smc: remove locks smc_client_lgr_pending and smc_server_lgr_pending D. Wythe
2022-08-11 3:41 ` kernel test robot
2022-08-11 11:51 ` kernel test robot
2022-08-16 9:43 ` Jan Karcher
2022-08-16 12:47 ` Tony Lu
2022-08-16 12:52 ` Tony Lu
2022-08-10 17:47 ` [PATCH net-next 02/10] net/smc: fix SMC_CLC_DECL_ERR_REGRMB without smc_server_lgr_pending D. Wythe
2022-08-16 7:58 ` Tony Lu
2022-08-10 17:47 ` [PATCH net-next 03/10] net/smc: allow confirm/delete rkey response deliver multiplex D. Wythe
2022-08-16 8:17 ` Tony Lu
2022-08-10 17:47 ` [PATCH net-next 04/10] net/smc: make SMC_LLC_FLOW_RKEY run concurrently D. Wythe
2022-08-10 17:47 ` [PATCH net-next 05/10] net/smc: llc_conf_mutex refactor, replace it with rw_semaphore D. Wythe
2022-08-10 17:47 ` [PATCH net-next 06/10] net/smc: use read semaphores to reduce unnecessary blocking in smc_buf_create() & smcr_buf_unuse() D. Wythe
2022-08-10 17:47 ` [PATCH net-next 07/10] net/smc: reduce unnecessary blocking in smcr_lgr_reg_rmbs() D. Wythe
2022-08-16 8:24 ` Tony Lu
2022-08-10 17:47 ` [PATCH net-next 08/10] net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore D. Wythe
2022-08-16 8:37 ` Tony Lu
2022-08-10 17:47 ` [PATCH net-next 09/10] net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() D. Wythe
2022-08-16 8:28 ` Tony Lu [this message]
2022-08-10 17:47 ` [PATCH net-next 10/10] net/smc: fix application data exception D. Wythe
2022-08-11 3:28 ` [PATCH net-next 00/10] net/smc: optimize the parallelism of SMC-R connections Jakub Kicinski
2022-08-11 5:13 ` Tony Lu
2022-08-11 12:31 ` Karsten Graul
2022-08-16 9:35 ` Jan Karcher
2022-08-16 12:40 ` Tony Lu
2022-08-17 4:55 ` D. Wythe
2022-08-17 16:52 ` Jan Karcher
2022-08-18 13:06 ` D. Wythe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YvtVKT44JuqhyWB2@TonyMac-Alibaba \
--to=tonylu@linux.alibaba.com \
--cc=alibuda@linux.alibaba.com \
--cc=davem@davemloft.net \
--cc=kgraul@linux.ibm.com \
--cc=kuba@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=wenjia@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.