mbox series

[rds,linux-next,v4,0/2] WARNING in rds_message_alloc_sgs

Message ID 20181216070109.6758-1-shamir.rabinovitch@oracle.com (mailing list archive)
Headers show
Series WARNING in rds_message_alloc_sgs | expand

Message

Shamir Rabinovitch Dec. 16, 2018, 7:01 a.m. UTC
From: shamir rabinovitch <shamir.rabinovitch@oracle.com>

This patch set fix google syzbot rds bug found in linux-next.
The first patch solve the syzbot issue.
The second patch fix issue mentioned by Leon Romanovsky that
drivers should not call WARN_ON as result from user input.

syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28

v1->v2:
- patch 1: make rds_iov_vector fields name more descriptive (Hakon)
- patch 1: fix potential mem leak in rds_rm_size if krealloc fail
  (Hakon)
v2->v3:
- patch 2: harden rds_sendmsg for invalid number of sgs (Gerd)
v3->v4
- Santosh a.b. on both patches + repost to net-dev

shamir rabinovitch (2):
  net/rds: fix warn in rds_message_alloc_sgs
  net/rds: remove user triggered WARN_ON in rds_sendmsg

 net/rds/message.c | 24 +++++++++++----
 net/rds/rdma.c    | 75 +++++++++++++++++++++++------------------------
 net/rds/rds.h     | 23 +++++++++++----
 net/rds/send.c    | 59 ++++++++++++++++++++++++++++++-------
 4 files changed, 120 insertions(+), 61 deletions(-)

Comments

David Miller Dec. 18, 2018, 10:57 p.m. UTC | #1
From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com>
Date: Sun, 16 Dec 2018 09:01:07 +0200

> From: shamir rabinovitch <shamir.rabinovitch@oracle.com>
> 
> This patch set fix google syzbot rds bug found in linux-next.
> The first patch solve the syzbot issue.
> The second patch fix issue mentioned by Leon Romanovsky that
> drivers should not call WARN_ON as result from user input.
> 
> syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28
> 
> v1->v2:
> - patch 1: make rds_iov_vector fields name more descriptive (Hakon)
> - patch 1: fix potential mem leak in rds_rm_size if krealloc fail
>   (Hakon)
> v2->v3:
> - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd)
> v3->v4
> - Santosh a.b. on both patches + repost to net-dev

Does this bug exist in 'net' too?  It really should target the 'net'
tree if so, and then we can queue these fixes up for -stable too.

Thank you.
Santosh Shilimkar Dec. 18, 2018, 11:02 p.m. UTC | #2
On 12/18/2018 2:57 PM, David Miller wrote:
> From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com>
> Date: Sun, 16 Dec 2018 09:01:07 +0200
> 
>> From: shamir rabinovitch <shamir.rabinovitch@oracle.com>
>>
>> This patch set fix google syzbot rds bug found in linux-next.
>> The first patch solve the syzbot issue.
>> The second patch fix issue mentioned by Leon Romanovsky that
>> drivers should not call WARN_ON as result from user input.
>>
>> syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28
>>
>> v1->v2:
>> - patch 1: make rds_iov_vector fields name more descriptive (Hakon)
>> - patch 1: fix potential mem leak in rds_rm_size if krealloc fail
>>    (Hakon)
>> v2->v3:
>> - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd)
>> v3->v4
>> - Santosh a.b. on both patches + repost to net-dev
> 
> Does this bug exist in 'net' too?  It really should target the 'net'
> tree if so, and then we can queue these fixes up for -stable too.
> 
yes, the bug exist in net too.

Shamir, please check if these apply cleanly to Dave's 'net' tree.

Regards,
Santosh
Shamir Rabinovitch Dec. 19, 2018, 10:54 a.m. UTC | #3
On Tue, Dec 18, 2018 at 03:02:24PM -0800, Santosh Shilimkar wrote:
> On 12/18/2018 2:57 PM, David Miller wrote:
> > From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com>
> > Date: Sun, 16 Dec 2018 09:01:07 +0200
> > 
> > > From: shamir rabinovitch <shamir.rabinovitch@oracle.com>
> > > 
> > > This patch set fix google syzbot rds bug found in linux-next.
> > > The first patch solve the syzbot issue.
> > > The second patch fix issue mentioned by Leon Romanovsky that
> > > drivers should not call WARN_ON as result from user input.
> > > 
> > > syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28
> > > 
> > > v1->v2:
> > > - patch 1: make rds_iov_vector fields name more descriptive (Hakon)
> > > - patch 1: fix potential mem leak in rds_rm_size if krealloc fail
> > >    (Hakon)
> > > v2->v3:
> > > - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd)
> > > v3->v4
> > > - Santosh a.b. on both patches + repost to net-dev
> > 
> > Does this bug exist in 'net' too?  It really should target the 'net'
> > tree if so, and then we can queue these fixes up for -stable too.
> > 
> yes, the bug exist in net too.
> 
> Shamir, please check if these apply cleanly to Dave's 'net' tree.
> 
> Regards,
> Santosh

Santosh, 

The patches apply cleanly on the master branch of 
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git . 

See below the snippet of the log with the patches applied.

8472aa4edfcb (HEAD -> net/master#rds-syzbot-bug) net/rds: remove user triggered WARN_ON in rds_sendmsg
3f8d6b898c5e net/rds: fix warn in rds_message_alloc_sgs
3061169a47ee (net/master) Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
78abe3d0dfad net/smc: fix TCP fallback socket release
f7db2beb4c2c vxge: ensure data0 is initialized in when fetching firmware version information

Thanks, Shamir
Santosh Shilimkar Dec. 19, 2018, 6 p.m. UTC | #4
On 12/19/2018 2:54 AM, Shamir Rabinovitch wrote:
> On Tue, Dec 18, 2018 at 03:02:24PM -0800, Santosh Shilimkar wrote:
[...]

>>
>> Shamir, please check if these apply cleanly to Dave's 'net' tree.
>>

> 
> Santosh,
> 
> The patches apply cleanly on the master branch of
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git .
> 
> See below the snippet of the log with the patches applied.
>
> 8472aa4edfcb (HEAD -> net/master#rds-syzbot-bug) net/rds: remove user triggered WARN_ON in rds_sendmsg
> 3f8d6b898c5e net/rds: fix warn in rds_message_alloc_sgs
> 3061169a47ee (net/master) Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
> 78abe3d0dfad net/smc: fix TCP fallback socket release
> f7db2beb4c2c vxge: ensure data0 is initialized in when fetching firmware version information
> 
Great. On patchwork I see the patches marked under review by Dave so
lets wait for his instruction(s).

Regards,
Santosh
David Miller Dec. 19, 2018, 6:22 p.m. UTC | #5
From: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Date: Wed, 19 Dec 2018 10:00:20 -0800

> On 12/19/2018 2:54 AM, Shamir Rabinovitch wrote:
>> On Tue, Dec 18, 2018 at 03:02:24PM -0800, Santosh Shilimkar wrote:
> [...]
> 
>>>
>>> Shamir, please check if these apply cleanly to Dave's 'net' tree.
>>>
> 
>> Santosh,
>> The patches apply cleanly on the master branch of
>> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git .
>> See below the snippet of the log with the patches applied.
>>
>> 8472aa4edfcb (HEAD -> net/master#rds-syzbot-bug) net/rds: remove user
>> triggered WARN_ON in rds_sendmsg
>> 3f8d6b898c5e net/rds: fix warn in rds_message_alloc_sgs
>> 3061169a47ee (net/master) Merge
>> git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
>> 78abe3d0dfad net/smc: fix TCP fallback socket release
>> f7db2beb4c2c vxge: ensure data0 is initialized in when fetching
>> firmware version information
>> 
> Great. On patchwork I see the patches marked under review by Dave so
> lets wait for his instruction(s).

Since they apply cleanly to 'net' I'll apply them directly and queue up
for -stable.

Thanks for checking.
Santosh Shilimkar Dec. 19, 2018, 6:26 p.m. UTC | #6
On 12/19/2018 10:22 AM, David Miller wrote:
> From: Santosh Shilimkar <santosh.shilimkar@oracle.com>
> Date: Wed, 19 Dec 2018 10:00:20 -0800
> 
>> On 12/19/2018 2:54 AM, Shamir Rabinovitch wrote:

[...]

>> Great. On patchwork I see the patches marked under review by Dave so
>> lets wait for his instruction(s).
> 
> Since they apply cleanly to 'net' I'll apply them directly and queue up
> for -stable.
> 
> Thanks for checking.
> 
Thanks Dave !!

Regards,
Santosh
David Miller Dec. 19, 2018, 6:30 p.m. UTC | #7
From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com>
Date: Sun, 16 Dec 2018 09:01:07 +0200

> From: shamir rabinovitch <shamir.rabinovitch@oracle.com>
> 
> This patch set fix google syzbot rds bug found in linux-next.
> The first patch solve the syzbot issue.
> The second patch fix issue mentioned by Leon Romanovsky that
> drivers should not call WARN_ON as result from user input.
> 
> syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28
> 
> v1->v2:
> - patch 1: make rds_iov_vector fields name more descriptive (Hakon)
> - patch 1: fix potential mem leak in rds_rm_size if krealloc fail
>   (Hakon)
> v2->v3:
> - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd)
> v3->v4
> - Santosh a.b. on both patches + repost to net-dev

Series applied to 'net' and queued up for -stable.

Thanks.