From: Dust Li <dust.li@linux.alibaba.com>
To: Leon Romanovsky <leon@kernel.org>, Xiang Mei <xmei5@asu.edu>,
alibuda@linux.alibaba.com
Cc: netdev@vger.kernel.org, wenjia@linux.ibm.com,
sidraya@linux.ibm.com, tonylu@linux.alibaba.com,
linux-rdma@vger.kernel.org, linux-s390@vger.kernel.org,
bestswngs@gmail.com
Subject: Re: [PATCH net] net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
Date: Sun, 17 May 2026 23:08:44 +0800 [thread overview]
Message-ID: <agnZ_G9_9jZFS2An@linux.alibaba.com> (raw)
In-Reply-To: <20260517084513.GA33515@unreal>
On 2026-05-17 11:45:13, Leon Romanovsky wrote:
>On Sun, May 10, 2026 at 03:26:40PM -0700, Xiang Mei wrote:
>> The smc_msg_event tracepoint class, shared by smc_tx_sendmsg and
>> smc_rx_recvmsg, unconditionally dereferences smc->conn.lnk:
>>
>> __string(name, smc->conn.lnk->ibname)
>
>My comment is not directly related to this patch, but it was triggered
>while reviewing it. The ibname should not be cached, as users can rename
>it through rdmatool or udev.
>
>For example, this function is racy:
> 552 static int smc_nl_handle_smcr_dev(struct smc_ib_device *smcibdev,
> 553 struct sk_buff *skb,
> 554 struct netlink_callback *cb)
> 555 {
> ...
> 582 snprintf(smc_ibname, sizeof(smc_ibname), "%s", smcibdev->ibdev->name);
>
>Thanks
Hi, Leon
OK, I'll submit a patch removing all the ibvdev->name in SMC.
Best regards,
Dust
next prev parent reply other threads:[~2026-05-17 15:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-10 22:26 [PATCH net] net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint Xiang Mei
2026-05-10 22:50 ` Xiang Mei
2026-05-11 2:11 ` Dust Li
2026-05-11 5:06 ` Sidraya Jayagond
2026-05-13 3:45 ` patchwork-bot+netdevbpf
2026-05-17 8:45 ` Leon Romanovsky
2026-05-17 15:08 ` Dust Li [this message]
2026-05-18 11:41 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agnZ_G9_9jZFS2An@linux.alibaba.com \
--to=dust.li@linux.alibaba.com \
--cc=alibuda@linux.alibaba.com \
--cc=bestswngs@gmail.com \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sidraya@linux.ibm.com \
--cc=tonylu@linux.alibaba.com \
--cc=wenjia@linux.ibm.com \
--cc=xmei5@asu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.