From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Subject: Re: KASAN: out-of-bounds Read in rds_cong_queue_updates (2)
Date: Wed, 13 Jun 2018 06:19:29 -0400
Message-ID: <20180613101929.GA19385@oracle.com>
References: <00000000000081bd9d056e813e48@google.com>
 <CACT4Y+bM4jA4Ptrdb1x8xVONJOCurcwYKL+kgxFCdk7R4g9Nvw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: David Miller <davem@davemloft.net>,
        netdev <netdev@vger.kernel.org>, rds-devel@oss.oracle.com,
        Santosh Shilimkar <santosh.shilimkar@oracle.com>
To: Dmitry Vyukov <dvyukov@google.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from aserp2120.oracle.com ([141.146.126.78]:60076 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934947AbeFMKTl (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 13 Jun 2018 06:19:41 -0400
Content-Disposition: inline
In-Reply-To: <CACT4Y+bM4jA4Ptrdb1x8xVONJOCurcwYKL+kgxFCdk7R4g9Nvw@mail.gmail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On (06/13/18 09:52), Dmitry Vyukov wrote:
> I think this is:
> 
> #syz dup: KASAN: use-after-free Read in rds_cong_queue_updates

Indeed. We'd had a discussion about getting a dump of threads
using sysrq (or similar), given the challenges around actually
getting a crash dump, is that now possible? That will certainly help.

another missing bit is that we still need the sychronize_net()
in rds_release(). I realize synchronize_net() is sub-optimal for perf, 
but leaving this existing hole where races can occur in unexpected
manifestations is not ideal either.
(See https://www.spinics.net/lists/netdev/msg475074.html for earlier
discussion thread)

--Sowmini