Re: [PATCH V3] rxe: Fix a sleep-in-atomic bug in post_one_send

From: Jia-Ju Bai
Date: Mon Jun 05 2017 - 04:39:17 EST

Next message: Richard Weinberger: "Re: [PATCH] ubifs: Fix a sleep-in-atomic bug in ubifs_read_nnode"
Previous message: Christoph Hellwig: "Re: [PATCH v4 8/8] nvmet: use NVME_IDENTIFY_DATA_SIZE"
In reply to: Moni Shoua: "Re: [PATCH V3] rxe: Fix a sleep-in-atomic bug in post_one_send"
Next in thread: Moni Shoua: "Re: [PATCH V3] rxe: Fix a sleep-in-atomic bug in post_one_send"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/05/2017 04:30 PM, Moni Shoua wrote:

- if (qp->is_user&& copy_from_user(p, (__user void *)
- (uintptr_t)sge->addr, sge->length))
+ spin_unlock_irqrestore(&qp->sq.sq_lock, *flags);
+ err = copy_from_user(p, (__user void *)
+ (uintptr_t)sge->addr, sge->length);
+ spin_lock_irqsave(&qp->sq.sq_lock, *flags);
+ if (qp->is_user&& err)
return -EFAULT;

qp-_is_user is always false in this function (flow starts from
rxe_post_send_kernel) so this line is a dead code
In fact, this patch seems to add a serious bug when it uses
copy_from_user() from a non user pointer.
Do you agree?

I agree.
So, it is fine to me to remove this line, as you said in the former email:

Second, I think that there is no flow that leads to this function
when qp->is user is true so maybe the correct action is to remove this
line completely
if (qp->is_user&& copy_from_user(p, (__user void *)

Next message: Richard Weinberger: "Re: [PATCH] ubifs: Fix a sleep-in-atomic bug in ubifs_read_nnode"
Previous message: Christoph Hellwig: "Re: [PATCH v4 8/8] nvmet: use NVME_IDENTIFY_DATA_SIZE"
In reply to: Moni Shoua: "Re: [PATCH V3] rxe: Fix a sleep-in-atomic bug in post_one_send"
Next in thread: Moni Shoua: "Re: [PATCH V3] rxe: Fix a sleep-in-atomic bug in post_one_send"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]