From: Jason Gunthorpe <jgg-uk2M96/98Pc@public.gmane.org>
To: Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
RDMA mailing list
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Mark Bloch <markb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Steve Wise
<swise-7bPotxP6k4+P2YhJcF5u+vpXobYPEAuW@public.gmane.org>,
Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH rdma-next v5 3/8] RDMA/restrack: Add general infrastructure to track RDMA resources
Date: Tue, 23 Jan 2018 10:54:33 -0700 [thread overview]
Message-ID: <20180123175433.GI30670@ziepe.ca> (raw)
In-Reply-To: <20180122125119.26419-4-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
On Mon, Jan 22, 2018 at 02:51:14PM +0200, Leon Romanovsky wrote:
> + mutex_lock(&dev->res.mutex);
> + hash_del_rcu(&res->node);
> + mutex_unlock(&dev->res.mutex);
> +
> + res->valid = false;
> +
> + if (res->task)
> + put_task_struct(res->task);
> + synchronize_srcu(&dev->res.srcu);
> +}
This locking is wrong..
Nothing can invalidate internal elements of 'res' until
synchronize_srcu() returns, otherwise it creates races.
Eg here:
+ key = srcu_read_lock(&device->res.srcu);
+ hash_for_each_possible_rcu(device->res.hash, res, node, RDMA_RESTRACK_QP) {
+ if (idx < start) {
+ idx++;
+ continue;
+ }
+
+ if ((rdma_is_kernel_res(res) &&
+ task_active_pid_ns(current) != &init_pid_ns) ||
+ (!rdma_is_kernel_res(res) &&
+ task_active_pid_ns(current) != task_active_pid_ns(res->task)))
Will use-after-put res->task
Didn't audit closely enough to tell if valid is OK or not. Why isn't
the hash_del sufficient? Why does valid exist?
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-01-23 17:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-22 12:51 [PATCH rdma-next v5 0/8] RDMA resource tracking Leon Romanovsky
[not found] ` <20180122125119.26419-1-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2018-01-22 12:51 ` [PATCH rdma-next v5 1/8] RDMA/core: Print caller name instead of function name Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 2/8] RDMA/core: Save kernel caller name in PD and CQ objects Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 3/8] RDMA/restrack: Add general infrastructure to track RDMA resources Leon Romanovsky
[not found] ` <20180122125119.26419-4-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2018-01-23 17:54 ` Jason Gunthorpe [this message]
[not found] ` <20180123175433.GI30670-uk2M96/98Pc@public.gmane.org>
2018-01-23 17:58 ` Jason Gunthorpe
[not found] ` <20180123175848.GK30670-uk2M96/98Pc@public.gmane.org>
2018-01-23 18:35 ` Leon Romanovsky
[not found] ` <20180123183552.GW1393-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2018-01-23 22:00 ` Jason Gunthorpe
2018-01-23 18:31 ` Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 4/8] RDMA/core: Add resource tracking for create and destroy QPs Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 5/8] RDMA/core: Add resource tracking for create and destroy CQs Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 6/8] RDMA/core: Add resource tracking for create and destroy PDs Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 7/8] RDMA/nldev: Provide global resource utilization Leon Romanovsky
2018-01-22 12:51 ` [PATCH rdma-next v5 8/8] RDMA/nldev: Provide detailed QP information Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180123175433.GI30670@ziepe.ca \
--to=jgg-uk2m96/98pc@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=markb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=swise-7bPotxP6k4+P2YhJcF5u+vpXobYPEAuW@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox