From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A1A4C433E6 for ; Wed, 2 Sep 2020 08:11:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F3762072A for ; Wed, 2 Sep 2020 08:11:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599034290; bh=/kbh7IvQHNBhwATreOI8CPiuQC2q08fvANf2M+lhQxw=; h=From:To:Cc:Subject:Date:List-ID:From; b=16O1hCSktVyftfF+211quzMFH0Y0GY0Va47J2Pn0dgupKDiJbL1c+dXUqXMy6gyZt u5tVMBuUBbRgCNFVxGQPYeOShxSNUaHlSjbO5qYxUlXOI7Pq948YmfG4H5ukRDNSci Fr0cJIy3b9cQ4x3tLD680Us3XH/go19bTN8x2630= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726936AbgIBIL3 (ORCPT ); Wed, 2 Sep 2020 04:11:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:34006 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726140AbgIBIL2 (ORCPT ); Wed, 2 Sep 2020 04:11:28 -0400 Received: from localhost (unknown [213.57.247.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BA2BF2072A; Wed, 2 Sep 2020 08:11:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599034287; bh=/kbh7IvQHNBhwATreOI8CPiuQC2q08fvANf2M+lhQxw=; h=From:To:Cc:Subject:Date:From; b=cf6rR8SDpzuSHCX5L+kKdOEY94dO3oh9d2rIXfm+HWULp4L0pWw9WhAmJKQ6wQJE8 zkuadQfl4aO1T8yMb/fz2v0WK4Sr1O+70ZTQU/S0N9hBZHfYHYPfbey++VEg4zXcwp XBOMvK4P0NRusNDTECU4aorLOitadPjWU/dHP4o0= From: Leon Romanovsky To: Doug Ledford , Jason Gunthorpe Cc: Leon Romanovsky , Eli Cohen , linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org, Roland Dreier Subject: [PATCH rdma-next 0/8] Cleanup and fix the CMA state machine Date: Wed, 2 Sep 2020 11:11:14 +0300 Message-Id: <20200902081122.745412-1-leon@kernel.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Leon Romanovsky >From Jason: The RDMA CMA continues to attract syzkaller bugs due to its somewhat loose operation of its FSM. Audit and scrub the whole thing to follow modern expectations. Overall the design elements are broadly: - The ULP entry points MUST NOT run in parallel with each other. The ULP is solely responsible for preventing this. - If the ULP returns !0 from it's event callback it MUST guarentee that no other ULP threads are touching the cm_id or calling into any RDMA CM entry point. - ULP entry points can sometimes run conurrently with handler callbacks, although it is tricky because there are many entry points that exist in the flow before the handler is registered. - Some ULP entry points are called from the ULP event handler callback, under the handler_mutex. (however ucma never does this) - state uses a weird double locking scheme, in most cases one should hold the handler_mutex. (It is somewhat unclear what exactly the spinlock is for) - Reading the state without holding the spinlock should use READ_ONCE, even if the handler_mutex is held. - There are certain states which are 'stable' under the handler_mutex, exit from that state requires also holding the handler_mutex. This explains why testing the test under only the handler_mutex makes sense. Thanks Jason Gunthorpe (8): RDMA/cma: Fix locking for the RDMA_CM_CONNECT state RDMA/cma: Make the locking for automatic state transition more clear RDMA/cma: Fix locking for the RDMA_CM_LISTEN state RDMA/cma: Remove cma_comp() RDMA/cma: Combine cma_ndev_work with cma_work RDMA/cma: Remove dead code for kernel rdmacm multicast RDMA/cma: Consolidate the destruction of a cma_multicast in one place RDMA/cma: Fix use after free race in roce multicast join drivers/infiniband/core/cma.c | 466 ++++++++++++++++------------------ 1 file changed, 218 insertions(+), 248 deletions(-) -- 2.26.2