RE: isert patch leaving resources behind

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
To: Sagi Grimberg <sagi@grimberg.me>,
	Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>,
	OFED mailing list <linux-rdma@vger.kernel.org>
Cc: Ehab Ababneh <ehab.ababneh@cornelisnetworks.com>,
	Selvin Xavier <selvin.xavier@broadcom.com>,
	leon@kernel.org
Subject: RE: isert patch leaving resources behind
Date: Mon, 14 Aug 2023 16:50:51 +0530	[thread overview]
Message-ID: <d24e75327e6a4bfea3a9cf195f233253@mail.gmail.com> (raw)
In-Reply-To: <91d94243-3741-0098-cd3c-a6ebc8f21cf2@grimberg.me>

[-- Attachment #1: Type: text/plain, Size: 2781 bytes --]

Hi Sagi,

In surprise removal case as well, isert_free_conn() should get invoked by
iSCSI target module. Right? I am trying to understand how the kernel object
leak is possible.  In your proposed patch, isert_conn is released in
isert_wait_conn() handler. Again, isert module tries to release the
connection in isert_free_conn() handler as well. Hence it will lead
use-after-free issue.

Following are the snippet of iSCSI functions where iscsit_wait_conn()  and
iscsit_free_conn() handlers are invoked in files iscsi_target_login.c &
iscsi_target.c. We need to review if there is a possibility that
iscsit_free_conn() is not invoked in any case. If yes, we may have to fix
that.

void  iscsi_target_login_sess_out
{
.
.
.
	if (conn->conn_transport->iscsit_wait_conn)
		conn->conn_transport->iscsit_wait_conn(conn);

	if (conn->conn_transport->iscsit_free_conn)
		conn->conn_transport->iscsit_free_conn(conn);
.
}

int iscsit_close_connection(
	struct iscsit_conn *conn)
{
.
.
.
	if (conn->conn_transport->iscsit_wait_conn)
		conn->conn_transport->iscsit_wait_conn(conn);
.
.
.
	if (conn->conn_transport->iscsit_free_conn)
		conn->conn_transport->iscsit_free_conn(conn);
.
.
}

@Leon,

I don't have the kernel logs in hand now. We can reproduce the issue and
share.

Thanks & Regards,
Saravanan Vajravel
+91-80-46116256

-----Original Message-----
From: Sagi Grimberg <sagi@grimberg.me>
Sent: Sunday, August 13, 2023 7:49 PM
To: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>; OFED
mailing list <linux-rdma@vger.kernel.org>
Cc: Ehab Ababneh <ehab.ababneh@cornelisnetworks.com>;
saravanan.vajravel@broadcom.com; Selvin Xavier <selvin.xavier@broadcom.com>
Subject: Re: isert patch leaving resources behind



On 8/10/23 17:44, Dennis Dalessandro wrote:
> Commit: 699826f4e30a ("IB/isert: Fix incorrect release of isert
> connection") is causing problems on OPA when we try to unload the
> driver after doing iSCI testing. Reverting this commit causes the
> problem to go away. Any ideas? Was testing done on this patch with
> removing/hotplugging drivers?

You are correct, the patch is wrong because it doesn't fully release the
connection in ib device surprise removals.

Perhaps this should address this issue?
--
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c
b/drivers/infiniband/ulp/isert/ib_isert.c
index 92e1e7587af8..274ac9361fe7 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -2570,6 +2570,9 @@ static void isert_wait_conn(struct iscsit_conn *conn)
         isert_put_unsol_pending_cmds(conn);
         isert_wait4cmds(conn);
         isert_wait4logout(isert_conn);
+
+       isert_put_conn(isert_conn);
+       conn->context = NULL;
  }

  static void isert_free_conn(struct iscsit_conn *conn)
--

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4227 bytes --]

next prev parent reply	other threads:[~2023-08-14 11:21 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-10 14:44 isert patch leaving resources behind Dennis Dalessandro
2023-08-13  8:29 ` Leon Romanovsky
2023-08-20  9:46   ` Leon Romanovsky
2023-08-20 14:46     ` Sagi Grimberg
2023-08-20 17:33       ` Leon Romanovsky
2023-08-21 10:47         ` Saravanan Vajravel
2023-08-21 11:30           ` Dennis Dalessandro
2023-08-13 14:18 ` Sagi Grimberg
2023-08-14 11:20   ` Saravanan Vajravel [this message]
2023-08-14 12:36     ` Sagi Grimberg
2023-08-16 11:33       ` Saravanan Vajravel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:92e1e7587af dfblob:274ac9361fe )
 OR (
bs:"RE: isert patch leaving resources behind" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d24e75327e6a4bfea3a9cf195f233253@mail.gmail.com \
    --to=saravanan.vajravel@broadcom.com \
    --cc=dennis.dalessandro@cornelisnetworks.com \
    --cc=ehab.ababneh@cornelisnetworks.com \
    --cc=leon@kernel.org \
    --cc=linux-rdma@vger.kernel.org \
    --cc=sagi@grimberg.me \
    --cc=selvin.xavier@broadcom.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.