* [PATCH] iser-target: Fix possible use-after-free in connection establishment error
@ 2017-11-26 13:31 Sagi Grimberg
[not found] ` <20171126133104.22710-1-sagi-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org>
0 siblings, 1 reply; 12+ messages in thread
From: Sagi Grimberg @ 2017-11-26 13:31 UTC (permalink / raw)
To: Doug Ledford, linux-rdma-u79uwXL29TY76Z2rM5mHXA
In case we fail to establish the connection we must drain our pre-posted
login recieve work request before continuing safely with connection
teardown.
Reported-by: Amrani, Ram <Ram.Amrani-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org>
Signed-off-by: Sagi Grimberg <sagi-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index ceabdb85df8b..9d4785ba24cb 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -741,6 +741,7 @@ isert_connect_error(struct rdma_cm_id *cma_id)
{
struct isert_conn *isert_conn = cma_id->qp->qp_context;
+ ib_drain_qp(isert_conn->qp);
list_del_init(&isert_conn->node);
isert_conn->cm_id = NULL;
isert_put_conn(isert_conn);
--
2.14.1
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 12+ messages in thread[parent not found: <20171126133104.22710-1-sagi-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org>]
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error [not found] ` <20171126133104.22710-1-sagi-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org> @ 2017-11-26 13:59 ` Sagi Grimberg 2017-11-28 11:51 ` Amrani, Ram [not found] ` <3676820c-544e-8ced-859a-ade8e6a0ef53-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org> 0 siblings, 2 replies; 12+ messages in thread From: Sagi Grimberg @ 2017-11-26 13:59 UTC (permalink / raw) To: Doug Ledford, linux-rdma-u79uwXL29TY76Z2rM5mHXA, target-devel, Nicholas A. Bellinger Oops, This should go via the target tree, CCing target-devel and nab On 11/26/2017 03:31 PM, Sagi Grimberg wrote: > In case we fail to establish the connection we must drain our pre-posted > login recieve work request before continuing safely with connection > teardown. > > Reported-by: Amrani, Ram <Ram.Amrani-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org> > Signed-off-by: Sagi Grimberg <sagi-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org> > --- > drivers/infiniband/ulp/isert/ib_isert.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c > index ceabdb85df8b..9d4785ba24cb 100644 > --- a/drivers/infiniband/ulp/isert/ib_isert.c > +++ b/drivers/infiniband/ulp/isert/ib_isert.c > @@ -741,6 +741,7 @@ isert_connect_error(struct rdma_cm_id *cma_id) > { > struct isert_conn *isert_conn = cma_id->qp->qp_context; > > + ib_drain_qp(isert_conn->qp); > list_del_init(&isert_conn->node); > isert_conn->cm_id = NULL; > isert_put_conn(isert_conn); > -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2017-11-26 13:59 ` Sagi Grimberg @ 2017-11-28 11:51 ` Amrani, Ram [not found] ` <3676820c-544e-8ced-859a-ade8e6a0ef53-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org> 1 sibling, 0 replies; 12+ messages in thread From: Amrani, Ram @ 2017-11-28 11:51 UTC (permalink / raw) To: Sagi Grimberg, Doug Ledford, linux-rdma@vger.kernel.org, target-devel, Nicholas A. Bellinger > On 11/26/2017 03:31 PM, Sagi Grimberg wrote: > > In case we fail to establish the connection we must drain our pre-posted > > login recieve work request before continuing safely with connection > > teardown. > > > > Reported-by: Amrani, Ram <Ram.Amrani@cavium.com> > > Signed-off-by: Sagi Grimberg <sagi@grimberg.me> > > --- > > drivers/infiniband/ulp/isert/ib_isert.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c > > index ceabdb85df8b..9d4785ba24cb 100644 > > --- a/drivers/infiniband/ulp/isert/ib_isert.c > > +++ b/drivers/infiniband/ulp/isert/ib_isert.c > > @@ -741,6 +741,7 @@ isert_connect_error(struct rdma_cm_id *cma_id) > > { > > struct isert_conn *isert_conn = cma_id->qp->qp_context; > > > > + ib_drain_qp(isert_conn->qp); > > list_del_init(&isert_conn->node); > > isert_conn->cm_id = NULL; > > isert_put_conn(isert_conn); With this patch our test behaves as expected. Thanks, Ram ^ permalink raw reply [flat|nested] 12+ messages in thread
[parent not found: <3676820c-544e-8ced-859a-ade8e6a0ef53-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org>]
* RE: [PATCH] iser-target: Fix possible use-after-free in connection establishment error [not found] ` <3676820c-544e-8ced-859a-ade8e6a0ef53-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org> @ 2017-11-29 5:55 ` Amrani, Ram 2017-11-29 22:46 ` Sagi Grimberg 0 siblings, 1 reply; 12+ messages in thread From: Amrani, Ram @ 2017-11-29 5:55 UTC (permalink / raw) To: Sagi Grimberg, Doug Ledford, linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, target-devel, Nicholas A. Bellinger Hi Sagi, > > Reported-by: Amrani, Ram <Ram.Amrani@cavium.com> > > Signed-off-by: Sagi Grimberg <sagi@grimberg.me> > > --- > > drivers/infiniband/ulp/isert/ib_isert.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c > > index ceabdb85df8b..9d4785ba24cb 100644 > > --- a/drivers/infiniband/ulp/isert/ib_isert.c > > +++ b/drivers/infiniband/ulp/isert/ib_isert.c > > @@ -741,6 +741,7 @@ isert_connect_error(struct rdma_cm_id *cma_id) > > { > > struct isert_conn *isert_conn = cma_id->qp->qp_context; > > > > + ib_drain_qp(isert_conn->qp); > > list_del_init(&isert_conn->node); > > isert_conn->cm_id = NULL; > > isert_put_conn(isert_conn); > > > -- If it's not already committed, can you add a "Fixes:" so stable maintainers will catch it? Thanks, Ram ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2017-11-29 5:55 ` Amrani, Ram @ 2017-11-29 22:46 ` Sagi Grimberg 2018-01-09 17:04 ` Max Gurtovoy 0 siblings, 1 reply; 12+ messages in thread From: Sagi Grimberg @ 2017-11-29 22:46 UTC (permalink / raw) To: Amrani, Ram, Doug Ledford, linux-rdma@vger.kernel.org, target-devel, Nicholas A. Bellinger > If it's not already committed, can you add a "Fixes:" so stable maintainers will catch it? I'm not sure at all that there is a clear cut commit that this fixes, both the target code and the rdma interface code changed a lot so I can't find any clear indication which broke this. I can send a separate patch to stable from when we introduced ib_drain_qp though. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2017-11-29 22:46 ` Sagi Grimberg @ 2018-01-09 17:04 ` Max Gurtovoy 2018-01-09 17:17 ` Jason Gunthorpe 0 siblings, 1 reply; 12+ messages in thread From: Max Gurtovoy @ 2018-01-09 17:04 UTC (permalink / raw) To: Sagi Grimberg, Amrani, Ram, Doug Ledford, linux-rdma@vger.kernel.org, target-devel, Nicholas A. Bellinger, Jason Gunthorpe hi Guys, did we forget taking this fix to mainline/stable or we found another solution ? On 11/30/2017 12:46 AM, Sagi Grimberg wrote: > >> If it's not already committed, can you add a "Fixes:" so stable >> maintainers will catch it? > > I'm not sure at all that there is a clear cut commit that this fixes, > both the target code and the rdma interface code changed a lot so I > can't find any clear indication which broke this. > > I can send a separate patch to stable from when we introduced > ib_drain_qp though. > -- > To unsubscribe from this list: send the line "unsubscribe target-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvger.kernel.org%2Fmajordomo-info.html&data=02%7C01%7Cmaxg%40mellanox.com%7C18cac1be99bb4d99661c08d5377b08c6%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636475923920075321&sdata=WDJ6wr2o8jFyyGdHcLo06EhE18GTz9wUbF%2BezWzkGbc%3D&reserved=0 > -Max. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2018-01-09 17:04 ` Max Gurtovoy @ 2018-01-09 17:17 ` Jason Gunthorpe [not found] ` <20180109171718.GC4518-uk2M96/98Pc@public.gmane.org> 2018-01-10 21:54 ` Doug Ledford 0 siblings, 2 replies; 12+ messages in thread From: Jason Gunthorpe @ 2018-01-09 17:17 UTC (permalink / raw) To: Max Gurtovoy Cc: Sagi Grimberg, Amrani, Ram, Doug Ledford, linux-rdma@vger.kernel.org, target-devel, Nicholas A. Bellinger On Tue, Jan 09, 2018 at 07:04:16PM +0200, Max Gurtovoy wrote: > hi Guys, > did we forget taking this fix to mainline/stable or we found another > solution ? I thought it was going to NAB's tree.. My mistake, I put it back into patchworks and it will get into for-next Jason ^ permalink raw reply [flat|nested] 12+ messages in thread
[parent not found: <20180109171718.GC4518-uk2M96/98Pc@public.gmane.org>]
* RE: [PATCH] iser-target: Fix possible use-after-free in connection establishment error [not found] ` <20180109171718.GC4518-uk2M96/98Pc@public.gmane.org> @ 2018-01-10 7:42 ` Amrani, Ram 0 siblings, 0 replies; 12+ messages in thread From: Amrani, Ram @ 2018-01-10 7:42 UTC (permalink / raw) To: Jason Gunthorpe, Max Gurtovoy Cc: Sagi Grimberg, Doug Ledford, linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, target-devel, Nicholas A. Bellinger > I thought it was going to NAB's tree.. My mistake, I put it back into > patchworks and it will get into for-next > > Jason Thanks. BTW, you can use for-rc, as it is a bug fix. Ram -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2018-01-09 17:17 ` Jason Gunthorpe [not found] ` <20180109171718.GC4518-uk2M96/98Pc@public.gmane.org> @ 2018-01-10 21:54 ` Doug Ledford 2018-01-13 5:46 ` Nicholas A. Bellinger 1 sibling, 1 reply; 12+ messages in thread From: Doug Ledford @ 2018-01-10 21:54 UTC (permalink / raw) To: Jason Gunthorpe, Max Gurtovoy Cc: Sagi Grimberg, Amrani, Ram, linux-rdma@vger.kernel.org, target-devel, Nicholas A. Bellinger [-- Attachment #1: Type: text/plain, Size: 727 bytes --] On Tue, 2018-01-09 at 10:17 -0700, Jason Gunthorpe wrote: > On Tue, Jan 09, 2018 at 07:04:16PM +0200, Max Gurtovoy wrote: > > hi Guys, > > did we forget taking this fix to mainline/stable or we found another > > solution ? > > I thought it was going to NAB's tree.. My mistake, I put it back into > patchworks and it will get into for-next In fairness, the email thread said exactly that. But, it never got picked up by NAB. And being that it's in our tree and calling an rdma- core function, it can easily enough go through our tree, so I applied it to for-rc. -- Doug Ledford <dledford@redhat.com> GPG KeyID: B826A3330E572FDD Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2018-01-10 21:54 ` Doug Ledford @ 2018-01-13 5:46 ` Nicholas A. Bellinger 2018-01-13 18:08 ` Jason Gunthorpe 0 siblings, 1 reply; 12+ messages in thread From: Nicholas A. Bellinger @ 2018-01-13 5:46 UTC (permalink / raw) To: Doug Ledford Cc: Jason Gunthorpe, Max Gurtovoy, Sagi Grimberg, Amrani, Ram, linux-rdma@vger.kernel.org, target-devel On Wed, 2018-01-10 at 16:54 -0500, Doug Ledford wrote: > On Tue, 2018-01-09 at 10:17 -0700, Jason Gunthorpe wrote: > > On Tue, Jan 09, 2018 at 07:04:16PM +0200, Max Gurtovoy wrote: > > > hi Guys, > > > did we forget taking this fix to mainline/stable or we found another > > > solution ? > > > > I thought it was going to NAB's tree.. My mistake, I put it back into > > patchworks and it will get into for-next > > In fairness, the email thread said exactly that. But, it never got > picked up by NAB. And being that it's in our tree and calling an rdma- > core function, it can easily enough go through our tree, so I applied it > to for-rc. Thanks Sagi + Ram, and Doug for picking this up. Per the earlier discussion, it looks like this needs a stable CC, right..? As Sagi mentioned, it's not clear if this is a regression vs. generic RDMA READ/WRITE API logic, or a day one issue. So how about adding a 4.7+ stable tag, to match commit a060b5629..? ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error 2018-01-13 5:46 ` Nicholas A. Bellinger @ 2018-01-13 18:08 ` Jason Gunthorpe [not found] ` <20180113180841.GB32353-uk2M96/98Pc@public.gmane.org> 0 siblings, 1 reply; 12+ messages in thread From: Jason Gunthorpe @ 2018-01-13 18:08 UTC (permalink / raw) To: Nicholas A. Bellinger Cc: Doug Ledford, Max Gurtovoy, Sagi Grimberg, Amrani, Ram, linux-rdma@vger.kernel.org, target-devel On Fri, Jan 12, 2018 at 09:46:05PM -0800, Nicholas A. Bellinger wrote: > On Wed, 2018-01-10 at 16:54 -0500, Doug Ledford wrote: > > On Tue, 2018-01-09 at 10:17 -0700, Jason Gunthorpe wrote: > > > On Tue, Jan 09, 2018 at 07:04:16PM +0200, Max Gurtovoy wrote: > > > > hi Guys, > > > > did we forget taking this fix to mainline/stable or we found another > > > > solution ? > > > > > > I thought it was going to NAB's tree.. My mistake, I put it back into > > > patchworks and it will get into for-next > > > > In fairness, the email thread said exactly that. But, it never got > > picked up by NAB. And being that it's in our tree and calling an rdma- > > core function, it can easily enough go through our tree, so I applied it > > to for-rc. > > Thanks Sagi + Ram, and Doug for picking this up. > > Per the earlier discussion, it looks like this needs a stable CC, > right..? As Sagi mentioned, it's not clear if this is a regression vs. > generic RDMA READ/WRITE API logic, or a day one issue. > > So how about adding a 4.7+ stable tag, to match commit a060b5629..? That can be done: Fixes: a060b5629ab0 ("IB/core: generic RDMA READ/WRITE API") Cc: <stable@vger.kernel.org> # 4.7+ Reported-by: Amrani, Ram <Ram.Amrani@cavium.com> Signed-off-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Doug Ledford <dledford@redhat.com> Doug: I took your wip/dl-for-rc branch, revised the commit message and pushed it to for-rc. Jason ^ permalink raw reply [flat|nested] 12+ messages in thread
[parent not found: <20180113180841.GB32353-uk2M96/98Pc@public.gmane.org>]
* Re: [PATCH] iser-target: Fix possible use-after-free in connection establishment error [not found] ` <20180113180841.GB32353-uk2M96/98Pc@public.gmane.org> @ 2018-01-14 9:24 ` Sagi Grimberg 0 siblings, 0 replies; 12+ messages in thread From: Sagi Grimberg @ 2018-01-14 9:24 UTC (permalink / raw) To: Jason Gunthorpe, Nicholas A. Bellinger Cc: Doug Ledford, Max Gurtovoy, Amrani, Ram, linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, target-devel Thanks Jason for picking it up, and sorry for the late reply on this. > That can be done: > > Fixes: a060b5629ab0 ("IB/core: generic RDMA READ/WRITE API") This patch is not the offending patch, if at all its this one: Fixes: 572a143489a1 ("iser-target: Use ib_drain_qp") But, the missing qp drain existed way before this commit. I think any fixes tag would be confusing as there isn't a clear culprit for this one... -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2018-01-14 9:24 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-26 13:31 [PATCH] iser-target: Fix possible use-after-free in connection establishment error Sagi Grimberg
[not found] ` <20171126133104.22710-1-sagi-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org>
2017-11-26 13:59 ` Sagi Grimberg
2017-11-28 11:51 ` Amrani, Ram
[not found] ` <3676820c-544e-8ced-859a-ade8e6a0ef53-NQWnxTmZq1alnMjI0IkVqw@public.gmane.org>
2017-11-29 5:55 ` Amrani, Ram
2017-11-29 22:46 ` Sagi Grimberg
2018-01-09 17:04 ` Max Gurtovoy
2018-01-09 17:17 ` Jason Gunthorpe
[not found] ` <20180109171718.GC4518-uk2M96/98Pc@public.gmane.org>
2018-01-10 7:42 ` Amrani, Ram
2018-01-10 21:54 ` Doug Ledford
2018-01-13 5:46 ` Nicholas A. Bellinger
2018-01-13 18:08 ` Jason Gunthorpe
[not found] ` <20180113180841.GB32353-uk2M96/98Pc@public.gmane.org>
2018-01-14 9:24 ` Sagi Grimberg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox