[rdma-next] RDMA/cma: Initialize traffic_class to 0 for multicast path records

Commit Message

Mark Zhang Sept. 26, 2023, 7:25 a.m. UTC

Initialize traffic_class to 0 so that it wouldn't have a random value,
which causes a random IP DSCP in RoCEv2.

Fixes: b5de0c60cc30 ("RDMA/cma: Fix use after free race in roce multicast join")
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
---
 drivers/infiniband/core/cma.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Leon Romanovsky Sept. 26, 2023, 11:09 a.m. UTC | #1

On Tue, Sep 26, 2023 at 10:25:41AM +0300, Mark Zhang wrote:
> Initialize traffic_class to 0 so that it wouldn't have a random value,
> which causes a random IP DSCP in RoCEv2.

It will be great to see call trace which explains how. I think that
ib.rec.sl has same issue.

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index c343edf2f664..1e2cd7c8716e 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -4968,7 +4968,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
        int err = 0;
        struct sockaddr *addr = (struct sockaddr *)&mc->addr;
        struct net_device *ndev = NULL;
-       struct ib_sa_multicast ib;
+       struct ib_sa_multicast ib = {};
        enum ib_gid_type gid_type;
        bool send_only;

Thanks

> 
> Fixes: b5de0c60cc30 ("RDMA/cma: Fix use after free race in roce multicast join")
> Signed-off-by: Mark Zhang <markzhang@nvidia.com>
> ---
>  drivers/infiniband/core/cma.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
> index c343edf2f664..d3a72f4b9863 100644
> --- a/drivers/infiniband/core/cma.c
> +++ b/drivers/infiniband/core/cma.c
> @@ -4990,6 +4990,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
>  	ib.rec.rate = IB_RATE_PORT_CURRENT;
>  	ib.rec.hop_limit = 1;
>  	ib.rec.mtu = iboe_get_mtu(ndev->mtu);
> +	ib.rec.traffic_class = 0;
>  
>  	if (addr->sa_family == AF_INET) {
>  		if (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) {
> -- 
> 2.37.1
>

Mark Zhang Sept. 27, 2023, 2:30 a.m. UTC | #2

On 9/26/2023 7:09 PM, Leon Romanovsky wrote:
> On Tue, Sep 26, 2023 at 10:25:41AM +0300, Mark Zhang wrote:
>> Initialize traffic_class to 0 so that it wouldn't have a random value,
>> which causes a random IP DSCP in RoCEv2.
> 
> It will be great to see call trace which explains how. I think that
> ib.rec.sl has same issue.

Yes ib.rec.sl and ib.rec.flow_label should have the same issue, I just 
not able to reproduce as somehow they are 0 in my setups.

These fields will be used to generate the ah:
   cma_iboe_join_multicast
     cma_make_mc_event
       ib_init_ah_from_mcmember

> diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
> index c343edf2f664..1e2cd7c8716e 100644
> --- a/drivers/infiniband/core/cma.c
> +++ b/drivers/infiniband/core/cma.c
> @@ -4968,7 +4968,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
>          int err = 0;
>          struct sockaddr *addr = (struct sockaddr *)&mc->addr;
>          struct net_device *ndev = NULL;
> -       struct ib_sa_multicast ib;
> +       struct ib_sa_multicast ib = {};
>          enum ib_gid_type gid_type;
>          bool send_only;

I think this patch is great. So what should I do now? Send this as v1, 
or you will do it?

Thanks

> Thanks
> 
>>
>> Fixes: b5de0c60cc30 ("RDMA/cma: Fix use after free race in roce multicast join")
>> Signed-off-by: Mark Zhang <markzhang@nvidia.com>
>> ---
>>   drivers/infiniband/core/cma.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
>> index c343edf2f664..d3a72f4b9863 100644
>> --- a/drivers/infiniband/core/cma.c
>> +++ b/drivers/infiniband/core/cma.c
>> @@ -4990,6 +4990,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
>>   	ib.rec.rate = IB_RATE_PORT_CURRENT;
>>   	ib.rec.hop_limit = 1;
>>   	ib.rec.mtu = iboe_get_mtu(ndev->mtu);
>> +	ib.rec.traffic_class = 0;
>>   
>>   	if (addr->sa_family == AF_INET) {
>>   		if (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) {
>> -- 
>> 2.37.1
>>

Leon Romanovsky Sept. 27, 2023, 5:49 a.m. UTC | #3

On Wed, Sep 27, 2023 at 10:30:47AM +0800, Mark Zhang wrote:
> On 9/26/2023 7:09 PM, Leon Romanovsky wrote:
> > On Tue, Sep 26, 2023 at 10:25:41AM +0300, Mark Zhang wrote:
> > > Initialize traffic_class to 0 so that it wouldn't have a random value,
> > > which causes a random IP DSCP in RoCEv2.
> > 
> > It will be great to see call trace which explains how. I think that
> > ib.rec.sl has same issue.
> 
> Yes ib.rec.sl and ib.rec.flow_label should have the same issue, I just not
> able to reproduce as somehow they are 0 in my setups.
> 
> These fields will be used to generate the ah:
>   cma_iboe_join_multicast
>     cma_make_mc_event
>       ib_init_ah_from_mcmember
> 
> > diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
> > index c343edf2f664..1e2cd7c8716e 100644
> > --- a/drivers/infiniband/core/cma.c
> > +++ b/drivers/infiniband/core/cma.c
> > @@ -4968,7 +4968,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
> >          int err = 0;
> >          struct sockaddr *addr = (struct sockaddr *)&mc->addr;
> >          struct net_device *ndev = NULL;
> > -       struct ib_sa_multicast ib;
> > +       struct ib_sa_multicast ib = {};
> >          enum ib_gid_type gid_type;
> >          bool send_only;
> 
> I think this patch is great. So what should I do now? Send this as v1, or
> you will do it?

Send v1 with updated commit message.

Thanks

> 
> Thanks
> 
> > Thanks
> > 
> > > 
> > > Fixes: b5de0c60cc30 ("RDMA/cma: Fix use after free race in roce multicast join")
> > > Signed-off-by: Mark Zhang <markzhang@nvidia.com>
> > > ---
> > >   drivers/infiniband/core/cma.c | 1 +
> > >   1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
> > > index c343edf2f664..d3a72f4b9863 100644
> > > --- a/drivers/infiniband/core/cma.c
> > > +++ b/drivers/infiniband/core/cma.c
> > > @@ -4990,6 +4990,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
> > >   	ib.rec.rate = IB_RATE_PORT_CURRENT;
> > >   	ib.rec.hop_limit = 1;
> > >   	ib.rec.mtu = iboe_get_mtu(ndev->mtu);
> > > +	ib.rec.traffic_class = 0;
> > >   	if (addr->sa_family == AF_INET) {
> > >   		if (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) {
> > > -- 
> > > 2.37.1
> > > 
>

Patch

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index c343edf2f664..d3a72f4b9863 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -4990,6 +4990,7 @@  static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
 	ib.rec.rate = IB_RATE_PORT_CURRENT;
 	ib.rec.hop_limit = 1;
 	ib.rec.mtu = iboe_get_mtu(ndev->mtu);
+	ib.rec.traffic_class = 0;
 
 	if (addr->sa_family == AF_INET) {
 		if (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) {