From: Leon Romanovsky <leon@kernel.org>
To: Xiang Mei <xmei5@asu.edu>, alibuda@linux.alibaba.com
Cc: netdev@vger.kernel.org, dust.li@linux.alibaba.com,
wenjia@linux.ibm.com, sidraya@linux.ibm.com,
tonylu@linux.alibaba.com, linux-rdma@vger.kernel.org,
linux-s390@vger.kernel.org, bestswngs@gmail.com
Subject: Re: [PATCH net] net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
Date: Sun, 17 May 2026 11:45:13 +0300 [thread overview]
Message-ID: <20260517084513.GA33515@unreal> (raw)
In-Reply-To: <20260510222640.1230720-1-xmei5@asu.edu>
On Sun, May 10, 2026 at 03:26:40PM -0700, Xiang Mei wrote:
> The smc_msg_event tracepoint class, shared by smc_tx_sendmsg and
> smc_rx_recvmsg, unconditionally dereferences smc->conn.lnk:
>
> __string(name, smc->conn.lnk->ibname)
My comment is not directly related to this patch, but it was triggered
while reviewing it. The ibname should not be cached, as users can rename
it through rdmatool or udev.
For example, this function is racy:
552 static int smc_nl_handle_smcr_dev(struct smc_ib_device *smcibdev,
553 struct sk_buff *skb,
554 struct netlink_callback *cb)
555 {
...
582 snprintf(smc_ibname, sizeof(smc_ibname), "%s", smcibdev->ibdev->name);
Thanks
next prev parent reply other threads:[~2026-05-17 8:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-10 22:26 [PATCH net] net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint Xiang Mei
2026-05-10 22:50 ` Xiang Mei
2026-05-11 2:11 ` Dust Li
2026-05-11 5:06 ` Sidraya Jayagond
2026-05-13 3:45 ` patchwork-bot+netdevbpf
2026-05-17 8:45 ` Leon Romanovsky [this message]
2026-05-17 15:08 ` Dust Li
2026-05-18 11:41 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260517084513.GA33515@unreal \
--to=leon@kernel.org \
--cc=alibuda@linux.alibaba.com \
--cc=bestswngs@gmail.com \
--cc=dust.li@linux.alibaba.com \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sidraya@linux.ibm.com \
--cc=tonylu@linux.alibaba.com \
--cc=wenjia@linux.ibm.com \
--cc=xmei5@asu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox