UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Maurizio Lombardi 4ed32cc093 nvme-pci: fix race condition between reset and nvme_dev_disable() 
[ Upstream commit 26bc0a81f64ce00fc4342c38eeb2eddaad084dd2 ]

nvme_dev_disable() modifies the dev->online_queues field, therefore
nvme_pci_update_nr_queues() should avoid racing against it, otherwise
we could end up passing invalid values to blk_mq_update_nr_hw_queues().

 WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347
          pci_irq_get_affinity+0x187/0x210
 Workqueue: nvme-reset-wq nvme_reset_work [nvme]
 RIP: 0010:pci_irq_get_affinity+0x187/0x210
 Call Trace:
  <TASK>
  ? blk_mq_pci_map_queues+0x87/0x3c0
  ? pci_irq_get_affinity+0x187/0x210
  blk_mq_pci_map_queues+0x87/0x3c0
  nvme_pci_map_queues+0x189/0x460 [nvme]
  blk_mq_update_nr_hw_queues+0x2a/0x40
  nvme_reset_work+0x1be/0x2a0 [nvme]

Fix the bug by locking the shutdown_lock mutex before using
dev->online_queues. Give up if nvme_dev_disable() is running or if
it has been executed already.

Fixes: 949928c1c7 ("NVMe: Fix possible queue use after freed")
Tested-by: Yi Zhang <yi.zhang@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-11-01 01:58:25 +01:00
..
accel accel/qaic: Fix the for loop used to walk SG table 2024-11-01 01:58:21 +01:00
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-06-12 11:11:18 +02:00
acpi ACPI: battery: Fix possible crash when unregistering a battery hook 2024-10-10 11:58:06 +02:00
amba
android binder: fix UAF caused by offsets overwrite 2024-09-12 11:11:41 +02:00
ata ata: libata: avoid superfluous disk spin down + spin up during hibernation 2024-10-17 15:24:35 +02:00
atm atm: idt77252: prevent use after free in dequeue_rx() 2024-08-29 17:33:18 +02:00
auxdisplay auxdisplay: ht16k33: Drop reference after LED registration 2024-08-03 08:54:39 +02:00
base driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute 2024-10-17 15:24:21 +02:00
bcma
block ublk: don't allow user copy for unprivileged device 2024-10-22 15:46:27 +02:00
bluetooth Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 2024-10-22 15:46:31 +02:00
bus bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone 2024-10-17 15:24:10 +02:00
cache
cdrom cdrom: rearrange last_media_change check to avoid unintentional overflow 2024-07-11 12:49:10 +02:00
cdx
char virtio_console: fix misc probe bugs 2024-10-17 15:24:14 +02:00
clk clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D 2024-10-17 15:24:19 +02:00
clocksource clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() 2024-10-04 16:29:04 +02:00
comedi comedi: ni_routing: tools: Check when the file could not be opened 2024-10-17 15:24:20 +02:00
connector
counter counter: ti-eqep: enable clock at probe 2024-07-05 09:33:56 +02:00
cpufreq cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems 2024-11-01 01:58:18 +01:00
cpuidle cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put 2024-10-04 16:29:56 +02:00
crypto crypto: octeontx* - Select CRYPTO_AUTHENC 2024-10-10 11:58:09 +02:00
cxl cxl/pci: Fix to record only non-zero ranges 2024-10-04 16:29:40 +02:00
dax device-dax: correct pgoff align in dax_set_mapping() 2024-10-17 15:24:36 +02:00
dca
devfreq
dio
dma dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor 2024-09-08 07:54:46 +02:00
dma-buf dma-buf: heaps: Fix off-by-one in CMA heap fault handler 2024-09-18 19:24:09 +02:00
edac EDAC/igen6: Fix conversion of system address to physical memory address 2024-10-04 16:29:56 +02:00
eisa
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-06-12 11:12:27 +02:00
firewire firewire: core: correct range of block for case of switch statement 2024-10-04 16:29:28 +02:00
firmware firmware: arm_scmi: Queue in scmi layer for mailbox implementation 2024-11-01 01:58:22 +01:00
fpga fpga: region: add owner module and take its refcount 2024-06-12 11:12:23 +02:00
fsi
gnss
gpio gpio: aspeed: Use devm_clk api to manage clock source 2024-10-17 15:24:26 +02:00
gpu drm/msm/dpu: don't always program merge_3d block 2024-11-01 01:58:23 +01:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-06-21 14:38:48 +02:00
hid hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma 2024-10-17 15:24:34 +02:00
hsi
hte
hv Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-09-12 11:11:41 +02:00
hwmon hwmon: (adt7470) Add missing dependency on REGMAP_I2C 2024-10-17 15:24:32 +02:00
hwspinlock hwspinlock: Introduce hwspin_lock_bust() 2024-09-08 07:54:43 +02:00
hwtracing coresight: tmc: sg: Do not leak sg_table 2024-10-04 16:29:40 +02:00
i2c i2c: i801: Use a different adapter-name for IDF adapters 2024-10-17 15:24:17 +02:00
i3c i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition 2024-10-17 15:24:17 +02:00
idle
iio iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig 2024-11-01 01:58:20 +01:00
infiniband RDMA/bnxt_re: Fix the GID table length 2024-11-01 01:58:21 +01:00
input Input: xpad - add support for MSI Claw A1M 2024-10-22 15:46:27 +02:00
interconnect interconnect: icc-clk: Add missed num_nodes initialization 2024-10-04 16:29:40 +02:00
iommu iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices 2024-10-22 15:46:25 +02:00
ipack
irqchip irqchip/renesas-rzg2l: Fix missing put_device 2024-11-01 01:58:23 +01:00
isdn mISDN: fix MISDN_TIME_STAMP handling 2024-08-19 06:04:28 +02:00
leds leds: pca995x: Fix device child node usage in pca995x_probe() 2024-10-04 16:29:29 +02:00
macintosh macintosh/therm_windtunnel: fix module unload. 2024-08-03 08:54:02 +02:00
mailbox mailbox: bcm2835: Fix timeout during suspend mode 2024-10-10 11:57:14 +02:00
mcb
md Revert: "dm-verity: restart or panic on an I/O error" 2024-10-04 16:30:05 +02:00
media media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() 2024-10-17 15:24:19 +02:00
memory memory: tegra186-emc: drop unused to_tegra186_emc() 2024-10-10 11:57:44 +02:00
memstick
message
mfd mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict 2024-10-17 15:24:18 +02:00
misc misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for OTP device 2024-10-22 15:46:33 +02:00
mmc mmc: cqhci: Fix checking of CQHCI_HALT state 2024-09-12 11:11:26 +02:00
most
mtd mtd: rawnand: mtk: Fix init error path 2024-10-04 16:29:07 +02:00
mux
net net/mlx5: Unregister notifier on eswitch init failure 2024-11-01 01:58:24 +01:00
nfc nfc: pn533: Add poll mod list filling check 2024-09-04 13:28:28 +02:00
ntb ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition 2024-10-17 15:24:18 +02:00
nubus
nvdimm virtio_pmem: Check device status before requesting flush 2024-10-17 15:24:20 +02:00
nvme nvme-pci: fix race condition between reset and nvme_dev_disable() 2024-11-01 01:58:25 +01:00
nvmem nvmem: u-boot-env: error if NVMEM device is too small 2024-09-18 19:24:04 +02:00
of of/irq: Support #msi-cells=<0> in of_msi_get_domain 2024-10-10 11:57:50 +02:00
opp OPP: ti: Fix ti_opp_supply_probe wrong return values 2024-08-03 08:53:27 +02:00
parisc Revert "change alloc_pages name in dma_map_ops to avoid name conflicts" 2024-09-04 13:28:24 +02:00
parport parport: Proper fix for array out-of-bounds access 2024-10-22 15:46:33 +02:00
pci PCI: Mark Creative Labs EMU20k2 INTx masking as broken 2024-10-17 15:24:17 +02:00
pcmcia pcmcia: Use resource_size function on resource object 2024-09-12 11:11:31 +02:00
peci
perf drivers/perf: arm_spe: Use perf_allow_kernel() for permissions 2024-10-10 11:57:27 +02:00
phy phy: qualcomm: eusb2-repeater: Rework init to drop redundant zero-out loop 2024-10-17 15:24:08 +02:00
pinctrl pinctrl: apple: check devm_kasprintf() returned value 2024-10-22 15:46:34 +02:00
platform platform/x86: think-lmi: Fix password opcode ordering for workstations 2024-10-10 11:58:08 +02:00
pmdomain pmdomain: imx: wait SSAR when i.MX93 power domain on 2024-08-29 17:33:54 +02:00
pnp
power power: supply: hwmon: Fix missing temp1_max_alarm attribute 2024-10-10 11:57:45 +02:00
powercap powercap: intel_rapl_tpmi: Fix bogus register reading 2024-10-17 15:24:36 +02:00
pps pps: add an error check in parport_attach 2024-10-04 16:29:58 +02:00
ps3
ptp ptp: fix integer overflow in max_vclocks_store 2024-06-27 13:49:07 +02:00
pwm pwm: atmel-tcb: Fix race condition and convert to guards 2024-08-03 08:53:23 +02:00
rapidio
ras
regulator regulator: Return actual error in of_regulator_bulk_get_all() 2024-10-04 16:29:02 +02:00
remoteproc remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table 2024-10-17 15:24:19 +02:00
reset reset: k210: fix OF node leak in probe() error path 2024-10-04 16:29:04 +02:00
rpmsg
rtc rtc: at91sam9: fix OF node leak in probe() error path 2024-10-10 11:57:57 +02:00
s390 s390/sclp_vt220: Convert newlines to CRLF instead of LFCR 2024-10-22 15:46:25 +02:00
sbus
scsi scsi: Revert "scsi: sd: Do not repeat the starting disk message" 2024-10-17 15:24:38 +02:00
sh
siox
slimbus
soc soc: versatile: realview: fix soc_dev leak during device remove 2024-10-04 16:29:57 +02:00
soundwire soundwire: cadence: re-check Peripheral status with delayed_work 2024-10-17 15:24:18 +02:00
spi spi: spi-fsl-lpspi: remove redundant spi_controller_put call 2024-10-17 15:24:11 +02:00
spmi spmi: hisi-spmi-controller: Do not override device identifier 2024-06-21 14:38:40 +02:00
ssb ssb: Fix division by zero issue in ssb_calc_clock_rate 2024-08-29 17:33:22 +02:00
staging staging: vme_user: added bound check to geoid 2024-10-17 15:24:20 +02:00
target scsi: target: core: Fix null-ptr-deref in target_alloc_device() 2024-11-01 01:58:24 +01:00
tc
tee tee: optee: ffa: Fix missing-field-initializers warning 2024-07-25 09:50:53 +02:00
thermal thermal: intel: int340x: processor: Fix warning during module unload 2024-10-17 15:24:24 +02:00
thunderbolt thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() 2024-10-04 16:30:04 +02:00
tty serial: qcom-geni: fix receiver enable 2024-10-22 15:46:35 +02:00
ufs scsi: ufs: core: Fix the issue of ICU failure 2024-10-22 15:46:28 +02:00
uio Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-09-12 11:11:41 +02:00
usb usb: typec: altmode should keep reference to parent 2024-11-01 01:58:24 +01:00
vdpa vduse: Temporarily fail if control queue feature requested 2024-07-05 09:33:50 +02:00
vfio vfio/spapr: Always clear TCEs before unsetting the window 2024-09-12 11:11:31 +02:00
vhost vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() 2024-10-10 11:58:08 +02:00
video fbdev: sisfb: Fix strbuf array overflow 2024-10-17 15:24:22 +02:00
virt drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() 2024-06-12 11:12:09 +02:00
virtio virtio_ring: fix KMSAN error for premapped mode 2024-09-12 11:11:36 +02:00
vlynq
w1
watchdog watchdog: imx_sc_wdt: Don't disable WDT in suspend 2024-10-04 16:29:33 +02:00
xen xen/swiotlb: fix allocated size 2024-10-04 16:29:14 +02:00
zorro
Kconfig
Makefile