Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2565849ybi;
        Thu, 4 Jul 2019 14:03:17 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwZHhir7FyT/fZOl0IV88S3FSgvt0s75oHy68RfnK0po0/m0A5oBa3C//wrYXSKqcFPpJGm
X-Received: by 2002:a17:902:a607:: with SMTP id u7mr270486plq.43.1562274197646;
        Thu, 04 Jul 2019 14:03:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562274197; cv=none;
        d=google.com; s=arc-20160816;
        b=Y/UAZLPo0Hz+uVHSzgU/p3vg70brStoYXBbhIFmhyL/YEM8oBr983Zp2OoS8aDH8N5
         DxMa1xRcJ7YG+41HePY/ZBdENIXd7wMSH+B5NdEIR1eD7fYq6NrJnu/sQ1u3ETCzWLfi
         oZ78QuaZMJ4pq7HHe9ca206cnAzl5GqMXeLAuUBI1yaRSOzXqbSY4IfTtmaB0bcjqtlP
         KXxs4GE28sBCFfemN6M50TceJ9xgSART5E8LfuVfoLNWwbUgJMv77pfFGQNVkMWpZprm
         RfpJqpgsbs8KagQJC4+ChOYrwlbpeanwpxG+Qts7x2/1Zbk1RSycMjED+Q1Nn9Y12Ell
         Itog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to;
        bh=zTPe23FnL3mMjHqOf0VfgMQ3LZnN7LUht/iurmiQtDI=;
        b=TjLmytnQrYf7UcWrj07kKFqXxsxgfoicLxACLPeIDqJFv2BS6OZC6zsowDSZqWBpUt
         cT59NotFXs0TrXVp9dkiSfsg4DMOlSsofEdYuUJ1P8YGB9JumK4xEWCHROC84r5uhkKj
         fNqbVS15WtCK0/eTlwQxvSI3/jEEFWd374WEn1KFmidU2VlxIOH6aeyiT9Cr1rdz9gh4
         4lPcg6zoIvJwbQ1sCFIpvtwLqXT82iHSD1cgtcMiW3WB0HpPKm6kaKgZ0AaXSL3dmJJ9
         Le5j5mNgE708UUzFjoCj3lGWUdFUuhYFGxtLqtHY5akt8hZzMWn6ejP9n5LBMp1sqq3I
         zlxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j37si6154651plb.58.2019.07.04.14.03.02;
        Thu, 04 Jul 2019 14:03:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727516AbfGDVCB (ORCPT <rfc822;hackukernel@gmail.com>
        + 99 others); Thu, 4 Jul 2019 17:02:01 -0400
Received: from ale.deltatee.com ([207.54.116.67]:53414 "EHLO ale.deltatee.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726038AbfGDVCA (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Jul 2019 17:02:00 -0400
Received: from s01061831bf6ec98c.cg.shawcable.net ([68.147.80.180] helo=[192.168.6.132])
        by ale.deltatee.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.89)
        (envelope-from <logang@deltatee.com>)
        id 1hj8rW-0003V8-PO; Thu, 04 Jul 2019 15:01:51 -0600
To:     Max Gurtovoy <maxg@mellanox.com>, linux-kernel@vger.kernel.org,
        linux-nvme@lists.infradead.org, Christoph Hellwig <hch@lst.de>,
        Sagi Grimberg <sagi@grimberg.me>
Cc:     Stephen Bates <sbates@raithlin.com>
References: <20190703230304.22905-1-logang@deltatee.com>
 <20190703230304.22905-2-logang@deltatee.com>
 <786259e6-ffed-8db3-74d0-71ed5a760079@mellanox.com>
From:   Logan Gunthorpe <logang@deltatee.com>
Message-ID: <d79a4c2d-9326-2805-b2a2-ca265ab2a717@deltatee.com>
Date:   Thu, 4 Jul 2019 15:01:49 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <786259e6-ffed-8db3-74d0-71ed5a760079@mellanox.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 68.147.80.180
X-SA-Exim-Rcpt-To: sbates@raithlin.com, sagi@grimberg.me, hch@lst.de, linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, maxg@mellanox.com
X-SA-Exim-Mail-From: logang@deltatee.com
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ale.deltatee.com
X-Spam-Level: 
X-Spam-Status: No, score=-8.7 required=5.0 tests=ALL_TRUSTED,BAYES_00,
        GREYLIST_ISWHITE,MYRULES_FREE autolearn=ham autolearn_force=no
        version=3.4.2
Subject: Re: [PATCH v2 1/2] nvmet: Fix use-after-free bug when a port is
 removed
X-SA-Exim-Version: 4.2.1 (built Tue, 02 Aug 2016 21:08:31 +0000)
X-SA-Exim-Scanned: Yes (on ale.deltatee.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2019-07-04 3:00 p.m., Max Gurtovoy wrote:
> Hi Logan,
> 
> On 7/4/2019 2:03 AM, Logan Gunthorpe wrote:
>> When a port is removed through configfs, any connected controllers
>> are still active and can still send commands. This causes a
>> use-after-free bug which is detected by KASAN for any admin command
>> that dereferences req->port (like in nvmet_execute_identify_ctrl).
>>
>> To fix this, disconnect all active controllers when a subsystem is
>> removed from a port. This ensures there are no active controllers
>> when the port is eventually removed.
> 
> so now we are enforcing controller existence with port configfs, right ?
> sounds reasonable.

Correct.

> Did you run your patches with other transport (RDMA/TCP/FC) ?

Just RDMA and loop. I suppose I could test with TCP but I don't have FC
hardware.

Logan