Re: use-after-free in srpt_enable_tpg()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/5/22 04:40, Hillf Danton wrote:
If no compat devices can be added to ib_device with DEVICE_REGISTERED
cleared then they can be removed without ib_device's refcount dropping
to zero.
Even if that is not strictly true, a new flag that marks ib device
disabled and prevents new compact devices from being added can be added
in bid to cut the wait for completion.

Hillf

+++ b/drivers/infiniband/core/device.c
@@ -1265,6 +1265,7 @@ static void disable_device(struct ib_dev
down_write(&devices_rwsem);
  	xa_clear_mark(&devices, device->index, DEVICE_REGISTERED);
+	// device->disabled = true;
  	up_write(&devices_rwsem);
/*
@@ -1282,17 +1283,10 @@ static void disable_device(struct ib_dev
  	}
ib_cq_pool_cleanup(device);
+	remove_compat_devs(device);
/* Pairs with refcount_set in enable_device */
  	ib_device_put(device);
-	wait_for_completion(&device->unreg_completion);
-
-	/*
-	 * compat devices must be removed after device refcount drops to zero.
-	 * Otherwise init_net() may add more compatdevs after removing compat
-	 * devices and before device is disabled.
-	 */
-	remove_compat_devs(device);
  }

I'm not convinced the above patch is a step in the right direction nor that it is correct. Anyway, since the RDMA maintainers know this code better than I do I will let them comment on the above patch.

Bart.



[Index of Archives]     [Linux SCSI]     [Kernel Newbies]     [Linux SCSI Target Infrastructure]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Device Mapper]

  Powered by Linux