[PATCH v2] RDMA/cma: prevent rdma id destroy during cma_iw_handler
Shinichiro Kawasaki
shinichiro.kawasaki at wdc.com
Wed Jun 14 17:45:38 PDT 2023
On Jun 14, 2023 / 14:36, Jason Gunthorpe wrote:
> On Wed, Jun 14, 2023 at 07:53:49AM +0000, Shinichiro Kawasaki wrote:
[...]
> > As another fix approach, I reverted the commit 59c68ac31e15 ("iw_cm: free cm_id
> > resources on the last deref") so that iw_destroy_cm_id() waits for deref of
> > cm_id. With that revert, the KASAN slab-use-after-free disappeared. Is this
> > the right fix approach?
>
> That seems like it would bring back the bug it was fixing, though it
> isn't totally clear what that is
>
> There is something wrong with the iwarp cm if it is destroying IDs in
> handlers, IB cm avoids doing that to avoid the deadlock, the same
> solution will be needed for iwarp too.
>
> Also the code this patch removed is quite ugly, if we are going back
> to waiting it should be written in a more modern way without the test
> bit and so on.
I see, thanks for the clarifications. I took a look in ib_destroy_cm_id() and
fount it does differently from iw_destroy_cm_id(). I guess certain amount of
changes will be required for the good fix in iwarp code.
I stop my fix attempt here, since it looks beyond my bandwidth now. If anyone
provides fix patches, I'm willing to test them.
More information about the Linux-nvme
mailing list