From patchwork Wed Jan 31 06:24:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Kucharski X-Patchwork-Id: 19707 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2087:b0:106:209c:c626 with SMTP id gs7csp1702813dyb; Tue, 30 Jan 2024 22:25:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IGzc/nZOmffKmssXZUAXI1/ac23Ja4SmL3YGhf9pcqple3ugwOZxg5Y7JMlniWbVSgibIfu X-Received: by 2002:a17:906:3912:b0:a35:f266:f5f4 with SMTP id f18-20020a170906391200b00a35f266f5f4mr456190eje.42.1706682329890; Tue, 30 Jan 2024 22:25:29 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706682329; cv=pass; d=google.com; s=arc-20160816; b=UZvgqEEZ4mHr4u9S/CGWeOVI5gQpqvbl+dO/bCyIxTsvO7MqSWG5Z/eM3BAurdlr4M RoYNrk2yKdV2m3SzmjtUJeScRoBGTxvDj1Hu14NzwaT3aZVKt1JGTU80084doUzFJhZ0 1f8wdZ9wOnDU6JLvlTyEJ0n33zkbGs9jLF1CqYCn7Yp+fvljDYdEMrumi/VvWyRbj2de TJWRQNyqFj6rxY7vLNBIi8PohltTr8sRwFJChj7CqqcA1tFwPYI9eS6A7IgaXsOsUoXT qbBkfJ5ryqQl2DPHkxte3e6IP7TnRM/IUw7H9PzYsX7e43HiIenk1iMiE3LZP2HiHcZw wFGg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=A9/Y6j4xelEy7IoU7lyY7odQxgra+0pw5+1WBLZmJ7k=; fh=uYim6gJFEZiKfl2WCzesntgXFPdLKUdIvJZnCkNo83k=; b=XlD85EAmhEI50KKAu9b/DeFdf8Pq1FYANzuUhbW8V/wF4k6D3tt8sgeKpbSaYWx/RH i6cMWeDGHLP4iToZccrvbbQN9tA+cvz/3QpvsIp8v4DbxsPNeg/7xGDKwWiauyh9SAda nsOg6jJLsnv3FZUNGcLye4X8zOGAAPavsAldjX0XLMgIMoXamK0UG5SjrDnC7eU8Bczq z6bfBlgooc2Ub+ciVFPv6unOqBqQDF8VwEV9Va49nOx3wlekjiZEulj9PQ1osz0lAfem jBleaS6Fq4Lpb8UfLJSY9s64ztwaNcLrNQmiqrEpTkerJC+Ct/p7ZX3ExFZjlpvS/frB e+4g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-11-20 header.b=TPI6HSO2; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel+bounces-45818-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45818-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com X-Forwarded-Encrypted: i=1; AJvYcCUUCvRu3b+Y1jOIIDD8c+qhN/P9Oc+NAZRn88eUqlVqgsh05dKrnUUS1nOJ/D5fmnBTd+PSEheATJGCgfoubsetiZfoUg== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id lx27-20020a170906af1b00b00a35202ccc29si4589020ejb.666.2024.01.30.22.25.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jan 2024 22:25:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-45818-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-11-20 header.b=TPI6HSO2; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel+bounces-45818-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45818-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 846701F28808 for ; Wed, 31 Jan 2024 06:25:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C75033EA78; Wed, 31 Jan 2024 06:25:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="TPI6HSO2" Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE0213F8C0; Wed, 31 Jan 2024 06:25:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706682306; cv=none; b=oXqOqlNcw+DvZIb9pIUzUEhoSmff5zagElnO9g8oBOXZU0tuPL7EttgECvD5VeqGwp70iGjZZRoXIjR4ZLW+Sy8Lx0yfmQgEtDLskaU3Qb2b8fIjtEDmMxMeafkKeiNE0PZoD4RFJM8cNV9YDWlEnClAjgsq47/k3Vh/Z4AEjcc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706682306; c=relaxed/simple; bh=2OixQkP1XzLT6upfkeYL3L91QeFp8NUr/iLMR5vPQMY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=QP7TXhG+nZYEkgpnU9SFzuYmHmHJWngiri5rcJXcspF3hu/yEUGfUPY88CZmMgHdTZDnu5EleUcTCuyQAI5KY6/O4gbL80QvCgG8xaecFr+IoP3e6kzu8Kx2LL3+MFkBHrEDSMgZR2DTn4QuQMqjbKmQlvIQsPDpzhT8zZ4ZBQs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=TPI6HSO2; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 40UKwxjD003144; Wed, 31 Jan 2024 06:24:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=corp-2023-11-20; bh=A9/Y6j4xelEy7IoU7lyY7odQxgra+0pw5+1WBLZmJ7k=; b=TPI6HSO2w83Qx1uoOHnVArIxRnARz65gejBZ4keH4l89p9Y8If16XQeo6/2q7d3NBTh7 qBIFeSeQeKCDvZH8D6DScanCHXQYI7gOpwPFYN7KL2jOObRdzuJcYMrv4H6EycrCsrdm zuYHM2YezVEXJwvxIO6S0zRQH4rmvrQgNa9y2TnN0ozmFgaF709XmbTFXFvCx2nD3T1l i7tJOPZUhmUO7hLJRfAo1xlkoBRPTvE/kvr6QAoGocB9bILCs9qe6YdcECOVZqHvkDT9 2yAx99StaGOZcMlLVkaLVVc1EItnh2Wx1XZd2H7EbUkdOjPf2sTBZYeo6zmiHBEr2s+i aw== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3vvr8egtm5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 31 Jan 2024 06:24:57 +0000 Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 40V61JUE035424; Wed, 31 Jan 2024 06:24:57 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3vvr9ebs2x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 31 Jan 2024 06:24:57 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 40V6MZN0010633; Wed, 31 Jan 2024 06:24:56 GMT Received: from brm-x62-14.us.oracle.com (brm-x62-14.us.oracle.com [10.80.150.231]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 3vvr9ebs27-1; Wed, 31 Jan 2024 06:24:56 +0000 From: William Kucharski To: Bart Van Assche , Jason Gunthorpe , Leon Romanovsky , linux-rdma@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org Cc: William Kucharski Subject: [PATCH 0/1] RDMA/srpt: Do not register event handler until srpt device is fully setup Date: Tue, 30 Jan 2024 23:24:37 -0700 Message-Id: <20240131062438.869370-1-william.kucharski@oracle.com> X-Mailer: git-send-email 2.39.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-31_02,2024-01-30_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 bulkscore=5 spamscore=0 phishscore=0 adultscore=0 mlxlogscore=999 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2401310047 X-Proofpoint-ORIG-GUID: OEhXAkNA8GtjUwouApNKrZKbVXLcMT5v X-Proofpoint-GUID: OEhXAkNA8GtjUwouApNKrZKbVXLcMT5v X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789586130592834826 X-GMAIL-MSGID: 1789586130592834826 Upon occasion, KASAN testing would report a use-after-free Write in srpt_refresh_port(). In the course of trying to diagnose this, I noticed that the code in srpt_add_one() registers an event handler for the srpt device and then initializes the ports on the device. If any portion of the device port initialization fails, it removes the registration for the event handler in the error leg. This felt like a race condition, where an event handler was registered before the device ports were fully initialized. While I can't definitively say this was the issue - this change may just modify timing to mask the real issue - when modified to not register the event handler until all of the device ports are intialized, the issue no longer reproduces in KASAN. I'm submitting this patch if only so those better acquainted with the details of this procedure can analyze whether this was an actual issue or just intellectual uncomfortableness with the code. William Kucharski (1): Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)