| Message ID | 20210527194748.662636-1-rpearsonhpe@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Fix memory ordering errors in queues | expand |
On Thu, May 27, 2021 at 02:47:45PM -0500, Bob Pearson wrote: > These patches optimize the memory ordering in rxe_queue.h so > that user space and not kernel space indices are protected for loads > with smp_load_acquire() and stores with smp_store_release(). The > original implementation of this did not apply to all index references > which has recently caused test case errors traced to stale memory loads. > These patches fix those errors and also protect kernel indices from > malicious modification by user space. I didn't read it carefully, but I think this captures the basic solution Jason
On Sat, May 29, 2021 at 4:30 AM Jason Gunthorpe <jgg@nvidia.com> wrote: > > On Thu, May 27, 2021 at 02:47:45PM -0500, Bob Pearson wrote: > > These patches optimize the memory ordering in rxe_queue.h so > > that user space and not kernel space indices are protected for loads > > with smp_load_acquire() and stores with smp_store_release(). The > > original implementation of this did not apply to all index references > > which has recently caused test case errors traced to stale memory loads. > > These patches fix those errors and also protect kernel indices from > > malicious modification by user space. > > I didn't read it carefully, but I think this captures the basic > solution I made tests with rdma-core. With or without changes of kernel-headers/rdma/rdma_user_rxe.h, the previously mentioned 17 errors disappear. So this patch series takes effect. Zhu Yanjun > > Jason
On Thu, May 27, 2021 at 02:47:45PM -0500, Bob Pearson wrote: > These patches optimize the memory ordering in rxe_queue.h so > that user space and not kernel space indices are protected for loads > with smp_load_acquire() and stores with smp_store_release(). The > original implementation of this did not apply to all index references > which has recently caused test case errors traced to stale memory loads. > These patches fix those errors and also protect kernel indices from > malicious modification by user space. > > Reported-by: Zhu Yanjun <zyjzyj2000@gmail.com> > Fixes: d21a1240f516 ("RDMA/rxe: Use acquire/release for memory ordering") > Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> > --- > v3: > Protected kernel index in shared queues from modification by user space. > Pass queue type to allow compiler to optimize queue methods. > v2: > Add a way to distinguish between user and kernel indices. > v1: > Add missing smp_load_acquire() calls. > --- > Bob Pearson (3): > RDMA/rxe: Add a type flag to rxe_queue structs > RDMA/rxe: Protect user space index loads/stores > RDMA/rxe: Protext kernel index from user space Applied to for-next, thanks Jason
These patches optimize the memory ordering in rxe_queue.h so that user space and not kernel space indices are protected for loads with smp_load_acquire() and stores with smp_store_release(). The original implementation of this did not apply to all index references which has recently caused test case errors traced to stale memory loads. These patches fix those errors and also protect kernel indices from malicious modification by user space. Reported-by: Zhu Yanjun <zyjzyj2000@gmail.com> Fixes: d21a1240f516 ("RDMA/rxe: Use acquire/release for memory ordering") Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com> --- v3: Protected kernel index in shared queues from modification by user space. Pass queue type to allow compiler to optimize queue methods. v2: Add a way to distinguish between user and kernel indices. v1: Add missing smp_load_acquire() calls. --- Bob Pearson (3): RDMA/rxe: Add a type flag to rxe_queue structs RDMA/rxe: Protect user space index loads/stores RDMA/rxe: Protext kernel index from user space drivers/infiniband/sw/rxe/rxe_comp.c | 31 ++- drivers/infiniband/sw/rxe/rxe_cq.c | 32 ++- drivers/infiniband/sw/rxe/rxe_qp.c | 22 ++- drivers/infiniband/sw/rxe/rxe_queue.c | 21 +- drivers/infiniband/sw/rxe/rxe_queue.h | 272 ++++++++++++++++++++------ drivers/infiniband/sw/rxe/rxe_req.c | 46 +++-- drivers/infiniband/sw/rxe/rxe_resp.c | 44 ++++- drivers/infiniband/sw/rxe/rxe_srq.c | 5 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 80 ++++++-- drivers/infiniband/sw/rxe/rxe_verbs.h | 5 +- 10 files changed, 423 insertions(+), 135 deletions(-)