From: Sowmini Varadhan <sowmini.varadhan-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Girish Moodalbail
<girish.moodalbail-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Cc: syzbot
<bot+643ecad3f5bb49700e839363b608c4928f6db8f0-Pl5Pbv+GP7P466ipTTIvnc23WoclnBCfAL8bYrjMMd8@public.gmane.org>,
davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
rds-devel-N0ozoZBvEnrZJqsBc5GL+g@public.gmane.org,
santosh.shilimkar-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org,
syzkaller-bugs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Subject: Re: KASAN: use-after-free Read in rds_tcp_dev_event
Date: Tue, 14 Nov 2017 01:57:00 -0500 [thread overview]
Message-ID: <20171114065700.GK26261@oracle.com> (raw)
In-Reply-To: <9e71dff9-7ba8-a3c2-6862-fb8557546a54-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
On (11/13/17 19:30), Girish Moodalbail wrote:
> (L538-540). However, it leaves behind some of the rds_tcp connections that
> shared the same underlying RDS connection (L534 and 535). These connections
> with pointer to stale network namespace are left behind in the global list.
It leaves behind no such thing. After mprds, you want to collect
only one instance of the conn that is being removed, that's why
lines 534-535 skips over duplicat instances of the same conn
(for multiple paths in the same conn).
> When the 2nd network namespace is deleted, we will hit the above stale
> pointer and hit UAF panic.
> I think we should move away from global list to a per-namespace list. The
> global list are used only in two places (both of which are per-namespace
> operations):
Nice try, but not so.
Let me look at this tomorrow, I missed this mail in my mbox.
--Sowmini
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-11-14 6:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-07 20:28 KASAN: use-after-free Read in rds_tcp_dev_event syzbot
2017-11-14 3:30 ` Girish Moodalbail
[not found] ` <9e71dff9-7ba8-a3c2-6862-fb8557546a54-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2017-11-14 6:57 ` Sowmini Varadhan [this message]
2017-11-14 13:22 ` Sowmini Varadhan
2017-11-14 14:04 ` Dmitry Vyukov
2017-11-14 14:26 ` Dmitry Vyukov
2017-11-14 18:02 ` Girish Moodalbail
2018-02-13 18:52 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171114065700.GK26261@oracle.com \
--to=sowmini.varadhan-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
--cc=bot+643ecad3f5bb49700e839363b608c4928f6db8f0-Pl5Pbv+GP7P466ipTTIvnc23WoclnBCfAL8bYrjMMd8@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=girish.moodalbail-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rds-devel-N0ozoZBvEnrZJqsBc5GL+g@public.gmane.org \
--cc=santosh.shilimkar-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=syzkaller-bugs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).