Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1381021imm; Sun, 2 Sep 2018 21:38:02 -0700 (PDT) X-Google-Smtp-Source: ANB0VdazEAdUUb9pnOhIqanuQ8dBo3pAQWxqy34RkPHuLqHCw64Qpaip4fUhhkvdHiAgpMngVULf X-Received: by 2002:a17:902:2e01:: with SMTP id q1-v6mr26611320plb.40.1535949482711; Sun, 02 Sep 2018 21:38:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535949482; cv=none; d=google.com; s=arc-20160816; b=mcYkgRReJZwcNbhdOlJM+aF17Sgz/AzeVLuweGBsC7H3tKjURfspDn+GnfBM9r0V+b +6xqlpzB41frEkmZJA0S3uzKj1IAo6fkWcuVfAFw/JFLXBj+n7uVWM+AlEaby/9WzB+R 86Cl3pXrxxSvNjC6mgbBFxmoi/b3F2Bwv69OfdGFnCw8J2uxmAsACsO20BpeWTUTwULG w6diYegH9RrJBXj3C+aPe8LEOGLdxSH6i4pby02wLkIZ2UO01Mkqnc+QZFh22fvQT/X7 yOxbF9prRbUNS78v/1rOShVuCVQpr0S9bpKfzxSkW6LKwaG/x+qtG+s5kW85TlWYpiwa LRJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=z6i6d4JCcLydK4401YYPCFn4tjRxdj3EdhV1QD05pTQ=; b=C9jJOH31Xhf6eyP2Y2szkDTYI5KaWRJI2QbIYyUe4jG/5miyo9ER7Xujr7IWw2L6vz jLuGUPRqiZpUphA+9o6cqqMyDPThoaVhCPtrgGKh+A6cVc1KfZQhg6CR533lMlh9FOnb fR1BWXjkj311NyRAVr0b8Pu6ePcHutRN9rP+dlIoeW1M3T8s+no3MFRuaWdGGPrFyYOf Iyu3OceOxZVTUVDOpf/zTw5fYX2NwNWsxNZnLiMDw+LucHB2dTnLmNPWNMrkn5E0JEos PC6rRqPi5m8rO4FwuGvcWgwSQhPVNeywxQOkIaKp22fM/9RiOoUdow/y87x2XYP0ErB+ e3aw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 15-v6si16674250pgu.205.2018.09.02.21.37.47; Sun, 02 Sep 2018 21:38:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726108AbeICIzB (ORCPT + 99 others); Mon, 3 Sep 2018 04:55:01 -0400 Received: from nautica.notk.org ([91.121.71.147]:52120 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725892AbeICIzB (ORCPT ); Mon, 3 Sep 2018 04:55:01 -0400 Received: by nautica.notk.org (Postfix, from userid 1001) id C2AA9C009; Mon, 3 Sep 2018 06:36:35 +0200 (CEST) Date: Mon, 3 Sep 2018 06:36:20 +0200 From: Dominique Martinet To: Tomas Bortoli Cc: Eric Van Hensbergen , Latchesar Ionkov , v9fs-developer@lists.sourceforge.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller@googlegroups.com, Dominique Martinet Subject: Re: [PATCH v4] 9p: Add refcount to p9_req_t Message-ID: <20180903043620.GA11460@nautica> References: <1535518779-28551-1-git-send-email-asmadeus@codewreck.org> <1535626341-20693-1-git-send-email-asmadeus@codewreck.org> <96b44210-3c4d-b5c9-0806-ad4b53fe911f@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <96b44210-3c4d-b5c9-0806-ad4b53fe911f@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tomas Bortoli wrote on Fri, Aug 31, 2018: > On 08/30/2018 12:52 PM, Dominique Martinet wrote: > > From: Tomas Bortoli > > > > To avoid use-after-free(s), use a refcount to keep track of the > > usable references to any instantiated struct p9_req_t. > > > > This commit adds p9_req_put(), p9_req_get() and p9_req_try_get() as > > wrappers to kref_put(), kref_get() and kref_get_unless_zero(). > > These are used by the client and the transports to keep track of > > valid requests' references. > > > > p9_free_req() is added back and used as callback by kref_put(). > > > > Add SLAB_TYPESAFE_BY_RCU as it ensures that the memory freed by > > kmem_cache_free() will not be reused for another type until the rcu > > synchronisation period is over, so an address gotten under rcu read > > lock is safe to inc_ref() without corrupting random memory while > > the lock is held. > > > > Co-developed-by: Dominique Martinet > > Signed-off-by: Tomas Bortoli > > Reported-by: syzbot+467050c1ce275af2a5b8@syzkaller.appspotmail.com > > Signed-off-by: Dominique Martinet > > --- > > v3: > > - add req put if virtio zc request fails > > - add req put if cancelled callback is not defined for virtio > > - (incorrectly) add req put in rdma cancelled callback > > > > v4: > > - removed rdma's cancelled callback put again > > - changed the else if no cancelled callback into actually giving virtio > > a callback, xen does not need to call put in that case either because > > both function rely on tag_lookup to find the request. trans_fd only > > needs to put in cancelled because it also keeps the req in a list around > > for cancel. > > - add req put for trans xen's request(), I'm not sure why that one was > > missing either.. > > > > And with that I believe I am done testing all four transports. > > I'll do a second round of tests next week just to make sure, but it > > should be good enoughâ„¢ > > Sorry for the multiple iterations. > > LGTM, thanks Dominique! Thanks. I've pushed this with the other patches to my '9p-next' branch, which will get merged to linux-next today/tomorrow, so they can soak up some syzbot testing as well. That doesn't mean they cannot get reviews anymore, so don't be shy! Tomas, I didn't see you reply about the 'rename req to rreq' requested patch for trans_fd, but it's trivial so if you're not going to do it I will submit something around next week. -- Dominique