From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: John Garry <john.garry@huawei.com>, Jens Axboe <axboe@kernel.dk>,
Sasha Levin <sashal@kernel.org>,
linux-ide@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 34/71] libata: Ensure ata_port probe has completed before detach
Date: Tue, 10 Dec 2019 17:32:39 -0500 [thread overview]
Message-ID: <20191210223316.14988-34-sashal@kernel.org> (raw)
In-Reply-To: <20191210223316.14988-1-sashal@kernel.org>
From: John Garry <john.garry@huawei.com>
[ Upstream commit 130f4caf145c3562108b245a576db30b916199d2 ]
With CONFIG_DEBUG_TEST_DRIVER_REMOVE set, we may find the following WARN:
[ 23.452574] ------------[ cut here ]------------
[ 23.457190] WARNING: CPU: 59 PID: 1 at drivers/ata/libata-core.c:6676 ata_host_detach+0x15c/0x168
[ 23.466047] Modules linked in:
[ 23.469092] CPU: 59 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc1-00010-g5b83fd27752b-dirty #296
[ 23.477776] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[ 23.486286] pstate: a0c00009 (NzCv daif +PAN +UAO)
[ 23.491065] pc : ata_host_detach+0x15c/0x168
[ 23.495322] lr : ata_host_detach+0x88/0x168
[ 23.499491] sp : ffff800011cabb50
[ 23.502792] x29: ffff800011cabb50 x28: 0000000000000007
[ 23.508091] x27: ffff80001137f068 x26: ffff8000112c0c28
[ 23.513390] x25: 0000000000003848 x24: ffff0023ea185300
[ 23.518689] x23: 0000000000000001 x22: 00000000000014c0
[ 23.523987] x21: 0000000000013740 x20: ffff0023bdc20000
[ 23.529286] x19: 0000000000000000 x18: 0000000000000004
[ 23.534584] x17: 0000000000000001 x16: 00000000000000f0
[ 23.539883] x15: ffff0023eac13790 x14: ffff0023eb76c408
[ 23.545181] x13: 0000000000000000 x12: ffff0023eac13790
[ 23.550480] x11: ffff0023eb76c228 x10: 0000000000000000
[ 23.555779] x9 : ffff0023eac13798 x8 : 0000000040000000
[ 23.561077] x7 : 0000000000000002 x6 : 0000000000000001
[ 23.566376] x5 : 0000000000000002 x4 : 0000000000000000
[ 23.571674] x3 : ffff0023bf08a0bc x2 : 0000000000000000
[ 23.576972] x1 : 3099674201f72700 x0 : 0000000000400284
[ 23.582272] Call trace:
[ 23.584706] ata_host_detach+0x15c/0x168
[ 23.588616] ata_pci_remove_one+0x10/0x18
[ 23.592615] ahci_remove_one+0x20/0x40
[ 23.596356] pci_device_remove+0x3c/0xe0
[ 23.600267] really_probe+0xdc/0x3e0
[ 23.603830] driver_probe_device+0x58/0x100
[ 23.608000] device_driver_attach+0x6c/0x90
[ 23.612169] __driver_attach+0x84/0xc8
[ 23.615908] bus_for_each_dev+0x74/0xc8
[ 23.619730] driver_attach+0x20/0x28
[ 23.623292] bus_add_driver+0x148/0x1f0
[ 23.627115] driver_register+0x60/0x110
[ 23.630938] __pci_register_driver+0x40/0x48
[ 23.635199] ahci_pci_driver_init+0x20/0x28
[ 23.639372] do_one_initcall+0x5c/0x1b0
[ 23.643199] kernel_init_freeable+0x1a4/0x24c
[ 23.647546] kernel_init+0x10/0x108
[ 23.651023] ret_from_fork+0x10/0x18
[ 23.654590] ---[ end trace 634a14b675b71c13 ]---
With KASAN also enabled, we may also get many use-after-free reports.
The issue is that when CONFIG_DEBUG_TEST_DRIVER_REMOVE is set, we may
attempt to detach the ata_port before it has been probed.
This is because the ata_ports are async probed, meaning that there is no
guarantee that the ata_port has probed prior to detach. When the ata_port
does probe in this scenario, we get all sorts of issues as the detach may
have already happened.
Fix by ensuring synchronisation with async_synchronize_full(). We could
alternatively use the cookie returned from the ata_port probe
async_schedule() call, but that means managing the cookie, so more
complicated.
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index a352f09baef68..fc4bf8ff40ead 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -6355,6 +6355,9 @@ void ata_host_detach(struct ata_host *host)
{
int i;
+ /* Ensure ata_port probe has completed */
+ async_synchronize_full();
+
for (i = 0; i < host->n_ports; i++)
ata_port_detach(host->ports[i]);
--
2.20.1
next prev parent reply other threads:[~2019-12-10 22:36 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 22:32 [PATCH AUTOSEL 4.4 01/71] drm: mst: Fix query_payload ack reply struct Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 02/71] iio: light: bh1750: Resolve compiler warning and make code more readable Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 03/71] iio: tcs3414: fix iio_triggered_buffer_{pre,post}enable positions Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 04/71] spi: Add call to spi_slave_abort() function when spidev driver is released Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 05/71] staging: rtl8188eu: fix possible null dereference Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 06/71] rtlwifi: prevent memory leak in rtl_usb_probe Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 07/71] IB/iser: bound protection_sg size by data_sg size Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 08/71] media: am437x-vpfe: Setting STD to current value is not an error Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 09/71] media: i2c: ov2659: fix s_stream return value Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 10/71] media: i2c: ov2659: Fix missing 720p register config Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 11/71] media: ov6650: Fix stored frame format not in sync with hardware Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 12/71] tools/power/cpupower: Fix initializer override in hsw_ext_cstates Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 13/71] usb: renesas_usbhs: add suspend event support in gadget mode Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 14/71] hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 15/71] regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 16/71] media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 17/71] samples: pktgen: fix proc_cmd command result check logic Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 18/71] iio: proximity: sx9500: fix iio_triggered_buffer_{predisable,postenable} positions Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 19/71] mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 20/71] media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 21/71] media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 22/71] media: ti-vpe: vpe: Make sure YUYV is set as default format Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 23/71] extcon: sm5502: Reset registers during initialization Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 24/71] x86/mm: Use the correct function type for native_set_fixmap() Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 25/71] perf report: Add warning when libunwind not compiled in Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 26/71] usb: usbfs: Suppress problematic bind and unbind uevents Sasha Levin
2019-12-11 7:47 ` Greg Kroah-Hartman
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 27/71] iio: adc: max1027: Reset the device at probe time Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 28/71] iio: dac: ad7303: replace mlock with own lock Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 29/71] Bluetooth: hci_core: fix init for HCI_USER_CHANNEL Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 30/71] drm/gma500: fix memory disclosures due to uninitialized bytes Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 31/71] x86/ioapic: Prevent inconsistent state when moving an interrupt Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 32/71] arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 33/71] ALSA: hda - Fix pending unsol events at shutdown Sasha Levin
2019-12-10 22:32 ` Sasha Levin [this message]
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 35/71] ata: sata_mv, avoid trigerrable BUG_ON Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 36/71] pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 37/71] bnx2x: Fix PF-VF communication over multi-cos queues Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 38/71] spi: img-spfi: fix potential double release Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 39/71] rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 40/71] perf probe: Fix to find range-only function instance Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 41/71] perf probe: Fix to list probe event with correct line number Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 42/71] perf probe: Walk function lines in lexical blocks Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 43/71] perf probe: Fix to probe an inline function which has no entry pc Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 44/71] perf probe: Fix to show ranges of variables in functions without entry_pc Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 45/71] perf probe: Fix to show inlined function callsite " Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 46/71] perf probe: Skip overlapped location on searching variables Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 47/71] perf probe: Return a better scope DIE if there is no best scope Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 48/71] perf probe: Fix to show calling lines of inlined functions Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 49/71] perf probe: Skip end-of-sequence and non statement lines Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 50/71] perf probe: Filter out instances except for inlined subroutine and subprogram Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 51/71] ath10k: fix get invalid tx rate for Mesh metric Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 52/71] media: pvrusb2: Fix oops on tear-down when radio support is not present Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 53/71] media: si470x-i2c: add missed operations in remove Sasha Levin
2019-12-10 22:32 ` [PATCH AUTOSEL 4.4 54/71] EDAC/ghes: Fix grain calculation Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 55/71] spi: pxa2xx: Add missed security checks Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 56/71] ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 57/71] net: bcmgenet: Add RGMII_RXID support Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 58/71] parport: load lowlevel driver if ports not found Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 59/71] cpufreq: Register drivers only after CPU devices have been registered Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 60/71] x86/crash: Add a forward declaration of struct kimage Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 61/71] RDMA/qib: Validate ->show()/store() callbacks before calling them Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 62/71] spi: tegra20-slink: add missed clk_unprepare Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 63/71] btrfs: don't prematurely free work in end_workqueue_fn() Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 64/71] iwlwifi: check kasprintf() return value Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 65/71] fbtft: Make sure string is NULL terminated Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 66/71] crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 67/71] crypto: vmx - Avoid weird build failures Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 68/71] libtraceevent: Fix memory leakage in copy_filter_type Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 69/71] perf parse: Fix potential memory leak when handling tracepoint errors Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 70/71] perf intel-bts: Does not support AUX area sampling Sasha Levin
2019-12-10 22:33 ` [PATCH AUTOSEL 4.4 71/71] net: phy: initialise phydev speed and duplex sanely Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191210223316.14988-34-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=axboe@kernel.dk \
--cc=john.garry@huawei.com \
--cc=linux-ide@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).