From: Jason Gunthorpe <jgg@nvidia.com>
To: Bob Pearson <rpearsonhpe@gmail.com>
Cc: zyjzyj2000@gmail.com, linux-rdma@vger.kernel.org
Subject: Re: [PATCH for-next v11 08/13] RDMA/rxe: Replace red-black trees by xarrays
Date: Tue, 15 Mar 2022 20:45:09 -0300 [thread overview]
Message-ID: <20220315234509.GU11336@nvidia.com> (raw)
In-Reply-To: <20220304000808.225811-9-rpearsonhpe@gmail.com>
On Thu, Mar 03, 2022 at 06:08:04PM -0600, Bob Pearson wrote:
> void rxe_pool_cleanup(struct rxe_pool *pool)
> {
> struct rxe_pool_elem *elem;
> + struct xarray *xa = &pool->xa;
> + unsigned long index = 0;
> + unsigned long max = ULONG_MAX;
> + unsigned int elem_count = 0;
> + unsigned int obj_count = 0;
> +
> + do {
> + elem = xa_find(xa, &index, max, XA_PRESENT);
> + if (elem) {
> + elem_count++;
> + xa_erase(xa, index);
> + if (pool->flags & RXE_POOL_ALLOC) {
> + kfree(elem->obj);
> + obj_count++;
> + }
> }
> + } while (elem);
>
> + if (WARN_ON(elem_count || obj_count))
> + pr_debug("Freed %d indices and %d objects from pool %s\n",
> + elem_count, obj_count, pool->name);
Can this just be
WARN_ON(!xa_empty(xa));
?
Freeing memory that is still in use upgrades a resource leak to a UAF
security bug, so that is usually not good.
Jason
next prev parent reply other threads:[~2022-03-15 23:45 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-04 0:07 [PATCH for-next v11 00/13] Fix race conditions in rxe_pool Bob Pearson
2022-03-04 0:07 ` [PATCH for-next v11 01/13] RDMA/rxe: Fix ref error in rxe_av.c Bob Pearson
2022-03-04 0:07 ` [PATCH for-next v11 02/13] RDMA/rxe: Replace mr by rkey in responder resources Bob Pearson
2022-03-04 0:07 ` [PATCH for-next v11 03/13] RDMA/rxe: Reverse the sense of RXE_POOL_NO_ALLOC Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 04/13] RDMA/rxe: Delete _locked() APIs for pool objects Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 05/13] RDMA/rxe: Replace obj by elem in declaration Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 06/13] RDMA/rxe: Move max_elem into rxe_type_info Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 07/13] RDMA/rxe: Shorten pool names in rxe_pool.c Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 08/13] RDMA/rxe: Replace red-black trees by xarrays Bob Pearson
2022-03-15 23:45 ` Jason Gunthorpe [this message]
2022-03-16 3:05 ` Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 09/13] RDMA/rxe: Use standard names for ref counting Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 10/13] RDMA/rxe: Stop lookup of partially built objects Bob Pearson
2022-03-16 0:16 ` Jason Gunthorpe
2022-03-16 3:55 ` Bob Pearson
2022-03-16 13:42 ` Jason Gunthorpe
2022-03-04 0:08 ` [PATCH for-next v11 11/13] RDMA/rxe: Add wait_for_completion to pool objects Bob Pearson
2022-03-16 0:17 ` Jason Gunthorpe
2022-03-16 3:57 ` Bob Pearson
2022-03-16 13:43 ` Jason Gunthorpe
2022-03-04 0:08 ` [PATCH for-next v11 12/13] RDMA/rxe: Convert read side locking to rcu Bob Pearson
2022-03-16 0:18 ` Jason Gunthorpe
2022-03-16 4:05 ` Bob Pearson
2022-03-04 0:08 ` [PATCH for-next v11 13/13] RDMA/rxe: Cleanup rxe_pool.c Bob Pearson
2022-03-16 0:25 ` [PATCH for-next v11 00/13] Fix race conditions in rxe_pool Jason Gunthorpe
2022-03-16 4:05 ` Bob Pearson
2022-03-16 16:08 ` Jason Gunthorpe
2022-03-16 16:09 ` Pearson, Robert B
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220315234509.GU11336@nvidia.com \
--to=jgg@nvidia.com \
--cc=linux-rdma@vger.kernel.org \
--cc=rpearsonhpe@gmail.com \
--cc=zyjzyj2000@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox