From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Sagi Grimberg <sagi@grimberg.me>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 15/58] nvme-rdma: fix possible use-after-free in transport error_recovery work
Date: Mon, 21 Feb 2022 09:49:08 +0100 [thread overview]
Message-ID: <20220221084912.382212952@linuxfoundation.org> (raw)
In-Reply-To: <20220221084911.895146879@linuxfoundation.org>
From: Sagi Grimberg <sagi@grimberg.me>
[ Upstream commit b6bb1722f34bbdbabed27acdceaf585d300c5fd2 ]
While nvme_rdma_submit_async_event_work is checking the ctrl and queue
state before preparing the AER command and scheduling io_work, in order
to fully prevent a race where this check is not reliable the error
recovery work must flush async_event_work before continuing to destroy
the admin queue after setting the ctrl state to RESETTING such that
there is no race .submit_async_event and the error recovery handler
itself changing the ctrl state.
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/rdma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index 1f41cf80f827c..55f4999525037 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -1050,6 +1050,7 @@ static void nvme_rdma_error_recovery_work(struct work_struct *work)
struct nvme_rdma_ctrl, err_work);
nvme_stop_keep_alive(&ctrl->ctrl);
+ flush_work(&ctrl->ctrl.async_event_work);
nvme_rdma_teardown_io_queues(ctrl, false);
nvme_start_queues(&ctrl->ctrl);
nvme_rdma_teardown_admin_queue(ctrl, false);
--
2.34.1
next prev parent reply other threads:[~2022-02-21 9:00 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-21 8:48 [PATCH 4.19 00/58] 4.19.231-rc1 review Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 01/58] Makefile.extrawarn: Move -Wunaligned-access to W=1 Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 02/58] net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 03/58] serial: parisc: GSC: fix build when IOSAPIC is not set Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 04/58] parisc: Fix data TLB miss in sba_unmap_sg Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 05/58] parisc: Fix sglist access in ccio-dma.c Greg Kroah-Hartman
2022-02-21 8:48 ` [PATCH 4.19 06/58] btrfs: send: in case of IO error log it Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 07/58] net: ieee802154: at86rf230: Stop leaking skbs Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 08/58] selftests/zram: Skip max_comp_streams interface on newer kernel Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 09/58] selftests/zram01.sh: Fix compression ratio calculation Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 10/58] selftests/zram: Adapt the situation that /dev/zram0 is being used Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 11/58] ax25: improve the incomplete fix to avoid UAF and NPD bugs Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 12/58] vfs: make freeze_super abort when sync_filesystem returns error Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 13/58] quota: make dquot_quota_sync return errors from ->sync_fs Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 14/58] nvme: fix a possible use-after-free in controller reset during load Greg Kroah-Hartman
2022-02-21 8:49 ` Greg Kroah-Hartman [this message]
2022-02-21 8:49 ` [PATCH 4.19 16/58] Revert "module, async: async_synchronize_full() on module init iff async is used" Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 17/58] iwlwifi: fix use-after-free Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 18/58] drm/radeon: Fix backlight control on iMac 12,1 Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 19/58] xfrm: Dont accidentally set RTO_ONLINK in decode_session4() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 20/58] taskstats: Cleanup the use of task->exit_code Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 21/58] mmc: block: fix read single on recovery logic Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 22/58] vsock: remove vsock from connected table when connect is interrupted by a signal Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 23/58] iwlwifi: pcie: fix locking when "HW not ready" Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 24/58] iwlwifi: pcie: gen2: " Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 25/58] net: dsa: lan9303: fix reset on probe Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 26/58] net: ieee802154: ca8210: Fix lifs/sifs periods Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 27/58] ping: fix the dif and sdif check in ping_lookup Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 28/58] drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 29/58] bonding: fix data-races around agg_select_timer Greg Kroah-Hartman
2022-02-22 15:35 ` Pavel Machek
2022-02-22 16:27 ` Eric Dumazet
2022-02-21 8:49 ` [PATCH 4.19 30/58] libsubcmd: Fix use-after-free for realloc(..., 0) Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 31/58] ALSA: hda: Fix regression on forced probe mask option Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 32/58] ALSA: hda: Fix missing codec probe on Shenker Dock 15 Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 33/58] ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 34/58] ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 35/58] powerpc/lib/sstep: fix ptesync build error Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 36/58] ext4: check for out-of-order index extents in ext4_valid_extent_entries() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 37/58] block/wbt: fix negative inflight counter when remove scsi device Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 38/58] NFS: LOOKUP_DIRECTORY is also ok with symlinks Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 39/58] NFS: Do not report writeback errors in nfs_getattr() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 40/58] mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 41/58] EDAC: Fix calculation of returned address and next offset in edac_align_ptr() Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 42/58] net: sched: limit TC_ACT_REPEAT loops Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 43/58] dmaengine: sh: rcar-dmac: Check for error num after setting mask Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 44/58] i2c: brcmstb: fix support for DSL and CM variants Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 45/58] mtd: rawnand: brcmnand: Refactored code to introduce helper functions Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 46/58] mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 47/58] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 48/58] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 49/58] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW Greg Kroah-Hartman
2022-02-22 15:37 ` Pavel Machek
2022-02-21 8:49 ` [PATCH 4.19 50/58] ARM: OMAP2+: hwmod: Add of_node_put() before break Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 51/58] irqchip/sifive-plic: Add missing thead,c900-plic match string Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 52/58] netfilter: conntrack: dont refresh sctp entries in closed state Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 53/58] arm64: dts: meson-gx: add ATF BL32 reserved-memory region Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 54/58] kconfig: let shell return enough output for deep path names Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 55/58] ata: libata-core: Disable TRIM on M88V29 Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 56/58] tracing: Fix tp_printk option related with tp_printk_stop_on_boot Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 57/58] net: usb: qmi_wwan: Add support for Dell DW5829e Greg Kroah-Hartman
2022-02-21 8:49 ` [PATCH 4.19 58/58] net: macb: Align the dma and coherent dma masks Greg Kroah-Hartman
2022-02-21 12:17 ` [PATCH 4.19 00/58] 4.19.231-rc1 review Samuel Zou
2022-02-21 12:23 ` Pavel Machek
2022-02-21 14:16 ` Greg Kroah-Hartman
2022-02-21 17:44 ` Pavel Machek
2022-02-21 20:32 ` Slade Watkins
2022-02-21 21:18 ` Guenter Roeck
2022-02-21 21:38 ` Shuah Khan
2022-02-22 10:09 ` Naresh Kamboju
2022-02-22 12:02 ` Sudip Mukherjee
2022-02-22 14:34 ` Jeffrin Thalakkottoor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220221084912.382212952@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sagi@grimberg.me \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).