linux-nvme.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Israel Rukshin <israelr@mellanox.com>
To: Linux-nvme <linux-nvme@lists.infradead.org>,
	Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>
Cc: Shlomi Nimrodi <shlomin@mellanox.com>,
	Israel Rukshin <israelr@mellanox.com>,
	Max Gurtovoy <maxg@mellanox.com>
Subject: [PATCH 4/6] nvme: Fix controller creation races with teardown flow
Date: Sun, 22 Mar 2020 19:59:47 +0200	[thread overview]
Message-ID: <1584899989-14623-5-git-send-email-israelr@mellanox.com> (raw)
In-Reply-To: <1584899989-14623-1-git-send-email-israelr@mellanox.com>

Calling nvme_sysfs_delete() when the controller is in the middle of
creation may cause several bugs. If the controller is in NEW state we
remove delete_controller file and don't delete the controller. The user
will not be able to use nvme disconnect command on that controller again,
although the controller may be active. Other bugs may happen if the
controller is in the middle of create_ctrl callback and
nvme_do_delete_ctrl() starts. For example, freeing I/O tagset at
nvme_do_delete_ctrl() before it was allocated at create_ctrl callback.

To fix all those races don't allow the user to delete the controller
before it was fully created.

Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
---
 drivers/nvme/host/core.c | 5 +++++
 drivers/nvme/host/nvme.h | 1 +
 2 files changed, 6 insertions(+)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index ba064fd..9961d0e 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -3228,6 +3228,10 @@ static ssize_t nvme_sysfs_delete(struct device *dev,
 {
 	struct nvme_ctrl *ctrl = dev_get_drvdata(dev);
 
+	/* Can't delete non-created controllers */
+	if (!ctrl->created)
+		return -EBUSY;
+
 	if (device_remove_file_self(dev, attr))
 		nvme_delete_ctrl_sync(ctrl);
 	return count;
@@ -4039,6 +4043,7 @@ void nvme_start_ctrl(struct nvme_ctrl *ctrl)
 		nvme_queue_scan(ctrl);
 		nvme_start_queues(ctrl);
 	}
+	ctrl->created = true;
 }
 EXPORT_SYMBOL_GPL(nvme_start_ctrl);
 
diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h
index d800b9a..2e04a36 100644
--- a/drivers/nvme/host/nvme.h
+++ b/drivers/nvme/host/nvme.h
@@ -259,6 +259,7 @@ struct nvme_ctrl {
 	struct nvme_command ka_cmd;
 	struct work_struct fw_act_work;
 	unsigned long events;
+	bool created;
 
 #ifdef CONFIG_NVME_MULTIPATH
 	/* asymmetric namespace access: */
-- 
1.8.3.1


_______________________________________________
linux-nvme mailing list
linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

  parent reply	other threads:[~2020-03-22 18:00 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-22 17:59 [PATCH 0/6 V2] nvme: Fixes for deleting a ctrl before it was created Israel Rukshin
2020-03-22 17:59 ` [PATCH 1/6] nvme: Remove unused return code from nvme_delete_ctrl_sync Israel Rukshin
2020-03-22 17:59 ` [PATCH 2/6] nvme-pci: Make nvme_pci_free_ctrl symmetric to nvme_probe Israel Rukshin
2020-03-23  7:27   ` Christoph Hellwig
2020-03-23 16:21   ` Keith Busch
2020-03-22 17:59 ` [PATCH 3/6] nvme: Fix ctrl use-after-free during sysfs deletion Israel Rukshin
2020-03-23  7:32   ` Christoph Hellwig
2020-03-23 16:10     ` Israel Rukshin
2020-03-23 17:23       ` Christoph Hellwig
2020-03-22 17:59 ` Israel Rukshin [this message]
2020-03-23  7:34   ` [PATCH 4/6] nvme: Fix controller creation races with teardown flow Christoph Hellwig
2020-03-22 17:59 ` [PATCH 5/6] nvme-rdma: Add warning on state change failure at nvme_rdma_setup_ctrl Israel Rukshin
2020-03-23  7:34   ` Christoph Hellwig
2020-03-22 17:59 ` [PATCH 6/6] nvme-tcp: Add warning on state change failure at nvme_tcp_setup_ctrl Israel Rukshin
2020-03-23  7:34   ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1584899989-14623-5-git-send-email-israelr@mellanox.com \
    --to=israelr@mellanox.com \
    --cc=hch@lst.de \
    --cc=linux-nvme@lists.infradead.org \
    --cc=maxg@mellanox.com \
    --cc=sagi@grimberg.me \
    --cc=shlomin@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).