Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp2493978rdh; Sun, 26 Nov 2023 08:13:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0DhdZnVSXFqc25Cpcp1WlWs+hxUWkWO//7APnOZ7VBmAwzxpB+xMiDtDwYHAFbmsG5MyL X-Received: by 2002:a17:903:264f:b0:1cf:6584:4860 with SMTP id je15-20020a170903264f00b001cf65844860mr7319490plb.10.1701015236446; Sun, 26 Nov 2023 08:13:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701015236; cv=pass; d=google.com; s=arc-20160816; b=w+/6qAupMaB0eJZxFfNOou9pr0sDDyewI0noOIHa2I7msvciHd2Zt6568coiJY/r+g Vk/wdLqmFTRIbBavem/jlyopGPvTyZgeQfztyHSM2EEcgb7ByNdy5ciU0PNirEJVFJ3p 3RicFfvPASt+UPYFeGENza8uIxoggxSxvb1FxYRbuurSv5RXFxrwonw/xl6aVXPA5Bj8 ZTskzhTm9diUwHG7bVNuR4LSfGuR/Z8e6E2sV6i4WS0GW025Hb/RQC162uzzooXGH+Wm O00jIRvr4SghE7DHiXGj3q09MVDu/8/hIkQaeFDEjEvkpc9hKdQYwY2uLIXCdzMvqkzP iiow== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=lLjzXSMHnbjJsR/ugFNlzb4q3NlYAfJdVaa+o/lOjnY=; fh=j1+QR0nIFvG6EuXE9dbNz0mbAKm9m3fbGnQ1fAfLnGE=; b=kAOAVNMz3Xe4YUmESsWeBFiCuZV93p/dgRkPdac9xO24OZxe2uHm71n9FjcJFBi8OO R7OG31QcxunybDb+jSnpprujgCxIZyn5LlK6Qb1vWALdgJ2Bg3VPSE6kCkgZDAcGFVr0 ct081SDYFXuvO6RiIRN6jxkOK/FNSiMWknLYf2lTCbZh0sV5evuIud+BuY8wXMZ/pfAP 1gttPpEAdUWZXAeTsJ6O4filYzJ6mVJCYA0S2p0J41rUhxBjmcOcuMY/1IbImNXouPuW N3CFA3g72HCizFGP+BUFB67/3amVPLOjFWI+RbOmFY+qlOvHAFKFjsKBX9WS4UOcYLv/ 9oKA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=cwvHzDFO; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id b19-20020a170902d89300b001ce5b9a512fsi7406911plz.606.2023.11.26.08.13.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Nov 2023 08:13:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=cwvHzDFO; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 899628073842; Sun, 26 Nov 2023 08:13:53 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230091AbjKZQNa (ORCPT + 99 others); Sun, 26 Nov 2023 11:13:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229456AbjKZQN3 (ORCPT ); Sun, 26 Nov 2023 11:13:29 -0500 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2065.outbound.protection.outlook.com [40.107.223.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC46FD3; Sun, 26 Nov 2023 08:13:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mUaB22GmpLlwiSjHWFC+ZV+lmIdtpCGgrJCk1/EVBN51FhkX6BZMXnILjc2k8a2py9Q7ys8etdaJ1KKkfeLfux81Zj/S+rz7LXSx+ZzC5SXbsxUtuj+7L43hSYdEvCwHnvvna+odeN3j2uHgcwSEAzg9N+3UCja0J68eJjsb6EJ8STf0LcuGLS/87Dc/KLO9GdiV+vKacvL2W9H8tHGZrQHckywFliQOzkoHVlnow0y4Giv5QvCQtdPGI50sa3AoBQBB810t5MqmOuWpodUAkm3gWgYNtanUtzzCwkweHsMttoLK1DM1jr85tZNXI+h/464yp7tM8eOvaeKSg78Nxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lLjzXSMHnbjJsR/ugFNlzb4q3NlYAfJdVaa+o/lOjnY=; b=LErVmaFNX52/JBeJJAaZ73T3RM0DmBTMzBczRA5N4t9+K23HgOCH5uNhUPRWktcyALd4WWWGyTK3Ev1w1zCQt45ftdvUAZHTRBySy4E/mmGSsblvgTFTWXdqFBEShhPLg4COVLHdRudwktnl50AfN38/eP+uXs0OtKtZCZ7bUNN6FNqiZ8Ko4JvoMfBgvCIDa+2M/wLeVB4BZQgyrSZ6QwTOQRsATwtiOAIotW1MuDvN0T1exArSOndiwzDq9bxAyUKFQsoq3Z6NYPTQSZnaUpssGsXaMKJ3Q7wqagtTEO66+0sQjNQT9M3r/nwuqh7DiGqY6VbGlpMl5TRztYSRfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=126.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lLjzXSMHnbjJsR/ugFNlzb4q3NlYAfJdVaa+o/lOjnY=; b=cwvHzDFOk2Y+hKRpNdBY5+HB3OaQ1ApAroyxpu8drGQHA4eDCtx064a0rZDKmJMhw62tb6pNBhTQda4OF/IwUd6fiY3eoNtvNvKJ0ZPwl2sViYxyyHHn9BNEO6oBwr6Mzp8SP2nHVjnJaybToDWpbPTFIwcE2ZVlRSvY2ap0z41cLJU3VsdwHQ1CDRltDovCEdhv9Zd1KKpy/dT4FY7XcnFVWBtGPep1Cdc7Fd0vvNUZNVAmrjYKk26ExW65u/jCGr/9VzHJEw0vtISD4+3wZhbeEpJYQ4t0CsfinkNMK4FrhPi4ekC6l3CN8wYTTWY+ecD3T7uY1O8UrIfwjXpkKA== Received: from BL0PR02CA0089.namprd02.prod.outlook.com (2603:10b6:208:51::30) by DM4PR12MB5069.namprd12.prod.outlook.com (2603:10b6:5:388::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.27; Sun, 26 Nov 2023 16:13:31 +0000 Received: from BL02EPF0001A106.namprd05.prod.outlook.com (2603:10b6:208:51:cafe::ae) by BL0PR02CA0089.outlook.office365.com (2603:10b6:208:51::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.26 via Frontend Transport; Sun, 26 Nov 2023 16:13:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BL02EPF0001A106.mail.protection.outlook.com (10.167.241.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.17 via Frontend Transport; Sun, 26 Nov 2023 16:13:30 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 26 Nov 2023 08:13:17 -0800 Received: from [172.27.56.188] (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 26 Nov 2023 08:13:13 -0800 Message-ID: Date: Sun, 26 Nov 2023 18:13:11 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH v2] net/mlx5e: Fix a race in command alloc flow Content-Language: en-US To: Shifeng Li , , , , , , , , , , CC: , , , References: <20231121115251.588436-1-lishifeng1992@126.com> From: Moshe Shemesh In-Reply-To: <20231121115251.588436-1-lishifeng1992@126.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF0001A106:EE_|DM4PR12MB5069:EE_ X-MS-Office365-Filtering-Correlation-Id: 98551c5f-6d47-4692-b3dd-08dbee9aa199 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: q9YvePutvtnY8czUX2qm40YtIyTZiBA6eC4CMgMN7GrLt1e2XkmtBvDfDjNpY4D8ssm/SxY9JWO9gqSRiNLSW4HQL9ggpb/5buRMamLZ6baPLLEj860k9h3ZOmoMiVPhMPQTdY8x33ALhVH8e/tu3Sk0oPSzw9JlR0rXF41OpjUvKiAFiz9pFHdVP/atSLfPe3YizYOzM/pMTjLUuqRPoHSwsmIIXzBNdyaWuKi7EtGj2NmMBWKL34xGcHl1WcAOmcugwh+p2RHWNeOfFRxtjUw+2DzkPF/GgCURvR+BppzsFL6mwwgsJjuHrYJa5Jt8x29UlsdGQcc58bfd6fhWLBPIIl/bHVAi1KItFD9K16YXXWvdv+jd5Ev+WG6zmSS+xlm5eBt+cost++BH/TK2AMAqFKnk3jwkeByHfODKu4sAbTpuArf6neT3pSGPeSiCXl61zPV3+PdKfyZtVIw6NJekNhHWHA9Gjt6RSic7wfqU/ydmLX6lu+taoKS47TpkWEIxvbvzXVzBd7EfYdxueGoY95H7sVJABflpMZKzXAzPx/CJrB0qk2C0/QRC083+gC0iJ2W06MThQ4xrk/WojotAz6z+zBY1Fnvt6ht8n6bPGZpZgTV5w3NyzdNVEL95Pqrh17Ad/yOpyv9mrKysZ3L0ZcOvHYjTAOcnSrgvOGMdmnWG3zz6YAkVhDVYRtIsNmhGQwHVllwpTPQvwJ1uDMAAws2BWiRn2ZY8/DucwqHa+xM14NxDIfilpI7bLDMH/68YeXv1jIZayon6kBF2i7l1avgRN0KBaCxmBXCWtMee+7+0U37fgSt6HjExqxap X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230031)(4636009)(346002)(396003)(136003)(39860400002)(376002)(230922051799003)(451199024)(186009)(64100799003)(82310400011)(1800799012)(40470700004)(36840700001)(46966006)(40460700003)(2616005)(16526019)(26005)(53546011)(336012)(426003)(82740400003)(31696002)(8936002)(4326008)(8676002)(7416002)(86362001)(5660300002)(478600001)(316002)(110136005)(70586007)(70206006)(16576012)(54906003)(36860700001)(83380400001)(47076005)(7636003)(356005)(31686004)(921008)(40480700001)(41300700001)(2906002)(36756003)(525324003)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Nov 2023 16:13:30.4604 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 98551c5f-6d47-4692-b3dd-08dbee9aa199 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0001A106.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5069 X-Spam-Status: No, score=-4.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Sun, 26 Nov 2023 08:13:53 -0800 (PST) On 11/21/2023 1:52 PM, Shifeng Li wrote: > Fix a cmd->ent use after free due to a race on command entry. > Such race occurs when one of the commands releases its last refcount and > frees its index and entry while another process running command flush > flow takes refcount to this command entry. The process which handles > commands flush may see this command as needed to be flushed if the other > process allocated a ent->idx but didn't set ent to cmd->ent_arr in > cmd_work_handler(). Fix it by moving the assignment of cmd->ent_arr into > the spin lock. > > [70013.081955] BUG: KASAN: use-after-free in mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] > [70013.081967] Write of size 4 at addr ffff88880b1510b4 by task kworker/26:1/1433361 > [70013.081968] > [70013.081989] CPU: 26 PID: 1433361 Comm: kworker/26:1 Kdump: loaded Tainted: G OE 4.19.90-25.17.v2101.osc.sfc.6.10.0.0030.ky10.x86_64+debug #1 > [70013.082001] Hardware name: SANGFOR 65N32-US/ASERVER-G-2605, BIOS SSSS5203 08/19/2020 > [70013.082028] Workqueue: events aer_isr > [70013.082053] Call Trace: > [70013.082067] dump_stack+0x8b/0xbb > [70013.082086] print_address_description+0x6a/0x270 > [70013.082102] kasan_report+0x179/0x2c0 > [70013.082133] ? mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] > [70013.082173] mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] > [70013.082213] ? mlx5_cmd_use_polling+0x20/0x20 [mlx5_core] > [70013.082223] ? kmem_cache_free+0x1ad/0x1e0 > [70013.082267] mlx5_cmd_flush+0x80/0x180 [mlx5_core] > [70013.082304] mlx5_enter_error_state+0x106/0x1d0 [mlx5_core] > [70013.082338] mlx5_try_fast_unload+0x2ea/0x4d0 [mlx5_core] > [70013.082377] remove_one+0x200/0x2b0 [mlx5_core] > [70013.082390] ? __pm_runtime_resume+0x58/0x70 > [70013.082409] pci_device_remove+0xf3/0x280 > [70013.082426] ? pcibios_free_irq+0x10/0x10 > [70013.082439] device_release_driver_internal+0x1c3/0x470 > [70013.082453] pci_stop_bus_device+0x109/0x160 > [70013.082468] pci_stop_and_remove_bus_device+0xe/0x20 > [70013.082485] pcie_do_fatal_recovery+0x167/0x550 > [70013.082493] aer_isr+0x7d2/0x960 > [70013.082510] ? aer_get_device_error_info+0x420/0x420 > [70013.082526] ? __schedule+0x821/0x2040 > [70013.082536] ? strscpy+0x85/0x180 > [70013.082543] process_one_work+0x65f/0x12d0 > [70013.082556] worker_thread+0x87/0xb50 > [70013.082563] ? __kthread_parkme+0x82/0xf0 > [70013.082569] ? process_one_work+0x12d0/0x12d0 > [70013.082571] kthread+0x2e9/0x3a0 > [70013.082579] ? kthread_create_worker_on_cpu+0xc0/0xc0 > [70013.082592] ret_from_fork+0x1f/0x40 > > Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") > Signed-off-by: Shifeng Li Fixes tag should be : Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") Reviewed-by: Moshe Shemesh Thanks!