From: Robert Walsh <rjwalsh@pathscale.com>
To: Roland Dreier <rdreier@cisco.com>
Cc: "Bryan O'Sullivan" <bos@pathscale.com>,
openib-general@openfabrics.org, linux-kernel@vger.kernel.org
Subject: Re: [ofa-general] Re: [PATCH 00 of 33] Set of ipath patches for 2.6.22
Date: Wed, 11 Apr 2007 15:24:14 -0700 [thread overview]
Message-ID: <461D600E.4070709@pathscale.com> (raw)
In-Reply-To: <aday7kzooa7.fsf@cisco.com>
Roland Dreier wrote:
> I just queued all of this for 2.6.22.
>
> Is there any chance of getting a fix for the use-after-free that can
> be caused by allocating something from userspace, failing to mmap the
> buffer and then exiting? To see what happens, look at how
> ipath_create_cq sticks a struct ipath_mmap_info into the pending mmap
> "list" (and yes it would be much cleaner to just use struct list_head
> here rather than reimplementing a linked list yourself), and then look
> at how ipath_destroy_cq() frees the same structure without checking if
> it has been removed from the pending mmap list.
BTW: any idea how this ever got triggered? The only way I can see is if
you're either not using libipathverbs and libibverbs and you just create
the CQ some other way, which seems unlikely. Do you know how Jason
triggered this bug?
I'm also going to fix a problem where hitting the maximum number of CQs
causes an error return, but doesn't clean up the pending list and thus
leaks memory.
Regards,
Robert.
next prev parent reply other threads:[~2007-04-11 22:23 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-15 21:44 [PATCH 00 of 33] Set of ipath patches for 2.6.22 Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 01 of 33] IB/ipath - add ability to set and clear IB local loopback Bryan O'Sullivan
2007-03-19 21:22 ` Roland Dreier
2007-03-21 18:50 ` Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 02 of 33] IB/ipath - fix user memory region creation when IOMMU present Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 03 of 33] IB/ipath - definitions of two of RXE parity error bits were reversed Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 04 of 33] IB/ipath - don't initialize port memory for subports Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 05 of 33] IB/ipath - fix case where SRQ limit event causes CQ entry to be dropped Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 06 of 33] IB/ipath - NMI cpu lockup if local loopback used Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 07 of 33] IB/ipath - support larger IB_QP_MAX_DEST_RD_ATOMIC and IB_QP_MAX_QP_RD_ATOMIC Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 08 of 33] IB/ipath - fix up some debug messages Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 09 of 33] IB/ipath - fix QP error completion queue entries Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 10 of 33] IB/ipath - fix PSN update for RC retries Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 11 of 33] IB/ipath - Change packet problems vs chip errors handling and reporting Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 12 of 33] IB/ipath - fix bad argument to clear_bit that trashed memory and/or crashed Bryan O'Sullivan
2007-03-19 21:24 ` Roland Dreier
2007-03-15 21:44 ` [PATCH 13 of 33] IB/ipath - Fix CQ flushing when QP is modified to error state Bryan O'Sullivan
2007-03-15 21:44 ` [PATCH 14 of 33] IB/ipath - fix port sharing on powerpc Bryan O'Sullivan
2007-03-19 21:27 ` Roland Dreier
2007-04-10 22:32 ` Roland Dreier
2007-03-15 21:44 ` [PATCH 15 of 33] IB/ipath - allow receive ports mapped into userspace to be shared Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 16 of 33] IB/ipath - fix RDMA reads of length zero and error handling Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 17 of 33] IB/ipath - remove unused register read routine ipath_read_kreg64_port() Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 18 of 33] IB/ipath - Fix calculation for number of kernel PIO buffers Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 19 of 33] IB/ipath - Discard multicast packets without a GRH Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 20 of 33] IB/ipath - call free_irq on chip specific initialization failure Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 21 of 33] IB/ipath - force PIOAvail update entry point Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 22 of 33] IB/ipath - print better error messages if kernel is misconfigured Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 23 of 33] IB/ipath - Improve handling and reporting of parity errors, mostly cleanup Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 24 of 33] IB/ipath - fix driver crash (in interrupt or during unload) after chip reset Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 25 of 33] IB/ipath - On unrecoverable errors, force link dow, LEDs off Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 26 of 33] IB/ipath - prevent random program use of diags interface Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 27 of 33] IB/ipath - cleaner shutdown at driver unload, disable IB link earlier Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 28 of 33] IB/ipath - Don't allow QP's 0 and 1 to be opened multiple times Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 29 of 33] IB/ipath - fix unit selection due to all cpu affinity bits set Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 30 of 33] IB/ipath - check reserved keys Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 31 of 33] IB/ipath - remove duplicate stuff from ipath_verbs.h Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 32 of 33] IB/ipath - check that a UD work request's address handle is valid Bryan O'Sullivan
2007-03-15 21:45 ` [PATCH 33 of 33] IB/ipath - fix drift between WCs in user and kernel space Bryan O'Sullivan
2007-03-19 21:23 ` Roland Dreier
2007-03-19 21:17 ` [PATCH 00 of 33] Set of ipath patches for 2.6.22 Roland Dreier
2007-04-10 22:30 ` Roland Dreier
2007-04-11 0:35 ` [ofa-general] " Roland Dreier
2007-04-11 0:48 ` Robert Walsh
2007-04-11 22:24 ` Robert Walsh [this message]
2007-04-11 22:33 ` Roland Dreier
2007-04-11 22:47 ` Robert Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=461D600E.4070709@pathscale.com \
--to=rjwalsh@pathscale.com \
--cc=bos@pathscale.com \
--cc=linux-kernel@vger.kernel.org \
--cc=openib-general@openfabrics.org \
--cc=rdreier@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox