From: keith.busch@intel.com (Keith Busch)
Subject: IRQ/nvme_pci_complete_rq: NULL pointer dereference yet again
Date: Mon, 9 Apr 2018 13:11:10 -0600 [thread overview]
Message-ID: <20180409191109.GP10098@localhost.localdomain> (raw)
In-Reply-To: <64cb047e-aa2b-2693-643a-6dac6eba2487@gmail.com>
On Mon, Apr 09, 2018@01:23:54PM -0500, Alex G. wrote:
> On 04/06/2018 05:00 PM, Keith Busch wrote:
> (snip)
> > ---
> > diff --git a/drivers/pci/pcie/aer/aerdrv_core.c b/drivers/pci/pcie/aer/aerdrv_core.c
> > index a4bfea52e7d4..16ecbcd76373 100644
> > --- a/drivers/pci/pcie/aer/aerdrv_core.c
> > +++ b/drivers/pci/pcie/aer/aerdrv_core.c
> > @@ -805,8 +805,10 @@ void aer_isr(struct work_struct *work)
> > struct pcie_device *p_device = rpc->rpd;
> > struct aer_err_source uninitialized_var(e_src);
> >
> > + pci_lock_rescan_remove();
> > mutex_lock(&rpc->rpc_mutex);
> > while (get_e_source(rpc, &e_src))
> > aer_isr_one_error(p_device, &e_src);
> > mutex_unlock(&rpc->rpc_mutex);
> > + pci_unlock_rescan_remove();
> > }
> > --
>
> With this patch, I'm not seeing issues without LVM mirrors, but as soon
> as I enable the mirror, we get the
> * use-after-free in swiotlb_unmap_sg_attrs
> * double-free or invalid-free in nvme_pci_complete_rq
>
> Alex
Awesome, thank you for the update. We'll do some more work on the
above fixing the use-after-free in AER handling to make it ready for
consideration.
Still not sure on the nvme double/incorrect completion, but have not
given up yet.
next prev parent reply other threads:[~2018-04-09 19:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <5d6d1a8c-6490-4046-0fba-da0a0df3d00c@gmail.com>
2018-04-05 21:38 ` IRQ/nvme_pci_complete_rq: NULL pointer dereference yet again Keith Busch
2018-04-05 21:22 ` Scott Bauer
2018-04-05 22:21 ` Alex G.
2018-04-05 22:41 ` Keith Busch
2018-04-05 22:48 ` Keith Busch
2018-04-05 23:05 ` Keith Busch
2018-04-05 23:39 ` Alex G.
2018-04-05 23:44 ` Alex G.
2018-04-06 15:32 ` Keith Busch
2018-04-06 15:46 ` Alex G.
[not found] ` <94d77cb7-759f-595a-2264-37305dfa96c4@gmail.com>
2018-04-06 17:16 ` Scott Bauer
2018-04-06 17:46 ` Alex G.
2018-04-06 18:04 ` Keith Busch
2018-04-06 19:00 ` Scott Bauer
2018-04-06 19:34 ` Keith Busch
2018-04-06 19:08 ` Alex G.
2018-04-06 22:00 ` Keith Busch
2018-04-09 18:23 ` Alex G.
2018-04-09 19:11 ` Keith Busch [this message]
2018-04-09 19:36 ` Alex G.
2018-04-09 19:47 ` Keith Busch
2018-04-10 0:07 ` Alex G.
2018-04-10 14:19 ` Alex G.
2018-05-02 15:39 ` Alex G.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180409191109.GP10098@localhost.localdomain \
--to=keith.busch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.