Date: Tue, 21 Jun 2022 09:34:08 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 9fc6a635220f - main - ibcore: Fix a race with disassociate and exit_mmap() Message-ID: <202206210934.25L9Y8Le090210@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by hselasky: URL: https://cgit.FreeBSD.org/src/commit/?id=9fc6a635220fdd8a0a29de0a985a4a0c3a6890fd commit 9fc6a635220fdd8a0a29de0a985a4a0c3a6890fd Author: Hans Petter Selasky <hselasky@FreeBSD.org> AuthorDate: 2022-06-21 09:23:55 +0000 Commit: Hans Petter Selasky <hselasky@FreeBSD.org> CommitDate: 2022-06-21 09:33:27 +0000 ibcore: Fix a race with disassociate and exit_mmap() If uverbs_user_mmap_disassociate() is called while the mmap is concurrently doing exit_mmap then the ordering of the rdma_user_mmap_entry_put() is not reliable. The put must be done before uvers_user_mmap_disassociate() returns, otherwise there can be a use after free on the ucontext, and a left over entry in the xarray. If the put is not done here then it is done during rdma_umap_close() later. Add the missing put to the error exit path. Linux commit: 39c011a538272589b9eb02ff1228af528522a22c PR: 264473 MFC after: 3 days Sponsored by: NVIDIA Networking --- sys/ofed/drivers/infiniband/core/ib_uverbs_main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/ofed/drivers/infiniband/core/ib_uverbs_main.c b/sys/ofed/drivers/infiniband/core/ib_uverbs_main.c index 1661458c689b..432d46760ecb 100644 --- a/sys/ofed/drivers/infiniband/core/ib_uverbs_main.c +++ b/sys/ofed/drivers/infiniband/core/ib_uverbs_main.c @@ -778,6 +778,10 @@ void uverbs_user_mmap_disassociate(struct ib_uverbs_file *ufile) ret = mmget_not_zero(mm); if (!ret) { list_del_init(&priv->list); + if (priv->entry) { + rdma_user_mmap_entry_put(priv->entry); + priv->entry = NULL; + } mm = NULL; continue; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206210934.25L9Y8Le090210>