From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yonatan Cohen <yonatanc@mellanox.com>,
Leon Romanovsky <leonro@mellanox.com>,
Jason Gunthorpe <jgg@mellanox.com>
Subject: [PATCH 5.5 52/80] IB/umad: Fix kernel crash while unloading ib_umad
Date: Tue, 18 Feb 2020 20:55:13 +0100 [thread overview]
Message-ID: <20200218190437.172007798@linuxfoundation.org> (raw)
In-Reply-To: <20200218190432.043414522@linuxfoundation.org>
From: Yonatan Cohen <yonatanc@mellanox.com>
commit 9ea04d0df6e6541c6736b43bff45f1e54875a1db upstream.
When disassociating a device from umad we must ensure that the sysfs
access is prevented before blocking the fops, otherwise assumptions in
syfs don't hold:
CPU0 CPU1
ib_umad_kill_port() ibdev_show()
port->ib_dev = NULL
dev_name(port->ib_dev)
The prior patch made an error in moving the device_destroy(), it should
have been split into device_del() (above) and put_device() (below). At
this point we already have the split, so move the device_del() back to its
original place.
kernel stack
PF: error_code(0x0000) - not-present page
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
RIP: 0010:ibdev_show+0x18/0x50 [ib_umad]
RSP: 0018:ffffc9000097fe40 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffffffa0441120 RCX: ffff8881df514000
RDX: ffff8881df514000 RSI: ffffffffa0441120 RDI: ffff8881df1e8870
RBP: ffffffff81caf000 R08: ffff8881df1e8870 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000003 R12: ffff88822f550b40
R13: 0000000000000001 R14: ffffc9000097ff08 R15: ffff8882238bad58
FS: 00007f1437ff3740(0000) GS:ffff888236940000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000004e8 CR3: 00000001e0dfc001 CR4: 00000000001606e0
Call Trace:
dev_attr_show+0x15/0x50
sysfs_kf_seq_show+0xb8/0x1a0
seq_read+0x12d/0x350
vfs_read+0x89/0x140
ksys_read+0x55/0xd0
do_syscall_64+0x55/0x1b0
entry_SYSCALL_64_after_hwframe+0x44/0xa9:
Fixes: cf7ad3030271 ("IB/umad: Avoid destroying device while it is accessed")
Link: https://lore.kernel.org/r/20200212072635.682689-9-leon@kernel.org
Signed-off-by: Yonatan Cohen <yonatanc@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/user_mad.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/core/user_mad.c
+++ b/drivers/infiniband/core/user_mad.c
@@ -1312,6 +1312,9 @@ static void ib_umad_kill_port(struct ib_
struct ib_umad_file *file;
int id;
+ cdev_device_del(&port->sm_cdev, &port->sm_dev);
+ cdev_device_del(&port->cdev, &port->dev);
+
mutex_lock(&port->file_mutex);
/* Mark ib_dev NULL and block ioctl or other file ops to progress
@@ -1331,8 +1334,6 @@ static void ib_umad_kill_port(struct ib_
mutex_unlock(&port->file_mutex);
- cdev_device_del(&port->sm_cdev, &port->sm_dev);
- cdev_device_del(&port->cdev, &port->dev);
ida_free(&umad_ida, port->dev_num);
/* balances device_initialize() */
next prev parent reply other threads:[~2020-02-18 20:04 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-18 19:54 [PATCH 5.5 00/80] 5.5.5-stable review Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 01/80] io_uring: fix deferred req iovec leak Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 02/80] io_uring: retry raw bdev writes if we hit -EOPNOTSUPP Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 03/80] Input: synaptics - switch T470s to RMI4 by default Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 04/80] Input: synaptics - enable SMBus on ThinkPad L470 Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 05/80] Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 06/80] ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 07/80] ALSA: usb-audio: Fix UAC2/3 effect unit parsing Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 08/80] ALSA: pcm: Fix double hw_free calls Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 09/80] ALSA: hda/realtek - Add more codec supported Headset Button Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 10/80] ALSA: hda/realtek - Fix silent output on MSI-GL73 Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 11/80] ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 12/80] ACPI: EC: Fix flushing of pending work Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 13/80] ACPI: PM: s2idle: Avoid possible race related to the EC GPE Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 14/80] ACPICA: Introduce acpi_any_gpe_status_set() Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 15/80] ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 16/80] ext4: dont assume that mmp_nodename/bdevname have NUL Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 17/80] ext4: fix support for inode sizes > 1024 bytes Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 18/80] ext4: fix checksum errors with indexed dirs Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 19/80] ext4: add cond_resched() to ext4_protect_reserved_inode Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 20/80] ext4: improve explanation of a mount failure caused by a misconfigured kernel Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 21/80] Btrfs: fix race between using extent maps and merging them Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 22/80] btrfs: ref-verify: fix memory leaks Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 23/80] btrfs: print message when tree-log replay starts Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 24/80] btrfs: log message when rw remount is attempted with unclean tree-log Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 25/80] ARM: npcm: Bring back GPIOLIB support Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 26/80] gpio: xilinx: Fix bug where the wrong GPIO register is written to Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 27/80] arm64: ssbs: Fix context-switch when SSBS is present on all CPUs Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 28/80] cgroup: init_tasks shouldnt be linked to the root cgroup Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 29/80] xprtrdma: Fix DMA scatter-gather list mapping imbalance Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 30/80] cifs: make sure we do not overflow the max EA buffer size Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 31/80] jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 32/80] jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 33/80] EDAC/sysfs: Remove csrow objects on errors Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 34/80] EDAC/mc: Fix use-after-free and memleaks during device removal Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 35/80] KVM: nVMX: Use correct root level for nested EPT shadow page tables Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 36/80] KVM: x86/mmu: Fix struct guest_walker arrays for 5-level paging Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 37/80] perf/x86/amd: Add missing L2 misses event spec to AMD Family 17hs event map Greg Kroah-Hartman
2020-02-18 19:54 ` [PATCH 5.5 38/80] s390/pkey: fix missing length of protected key on return Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 39/80] s390/uv: Fix handling of length extensions Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 40/80] drm/vgem: Close use-after-free race in vgem_gem_create Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 41/80] drm/mst: Fix possible NULL pointer dereference in drm_dp_mst_process_up_req() Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 42/80] drm/panfrost: Make sure the shrinker does not reclaim referenced BOs Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 43/80] drm/amdgpu: update smu_v11_0_pptable.h Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 44/80] drm/amdgpu:/navi10: use the ODCAP enum to index the caps array Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 45/80] bus: moxtet: fix potential stack buffer overflow Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 46/80] nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 47/80] drivers: ipmi: fix off-by-one bounds check that leads to a out-of-bounds write Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 48/80] IB/mlx5: Return failure when rts2rts_qp_counters_set_id is not supported Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 49/80] IB/hfi1: Acquire lock to release TID entries when user file is closed Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 50/80] IB/hfi1: Close window for pq and request coliding Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 51/80] IB/rdmavt: Reset all QPs when the device is shut down Greg Kroah-Hartman
2020-02-18 19:55 ` Greg Kroah-Hartman [this message]
2020-02-18 19:55 ` [PATCH 5.5 53/80] RDMA/core: Fix invalid memory access in spec_filter_size Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 54/80] RDMA/iw_cxgb4: initiate CLOSE when entering TERM Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 55/80] RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 56/80] RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 57/80] RDMA/core: Fix protection fault in get_pkey_idx_qp_list Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 58/80] s390/time: Fix clk type in get_tod_clock Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 59/80] Input: ili210x - fix return value of is_visible function Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 60/80] sched/uclamp: Reject negative values in cpu_uclamp_write() Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 61/80] mac80211: use more bits for ack_frame_id Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 62/80] spmi: pmic-arb: Set lockdep class for hierarchical irq domains Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 63/80] perf/x86/intel: Fix inaccurate period in context switch for auto-reload Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 64/80] hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 65/80] mac80211: fix quiet mode activation in action frames Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 66/80] cifs: fix mount option display for sec=krb5i Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 67/80] ceph: noacl mount option is effectively ignored Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 68/80] arm64: dts: fast models: Fix FVP PCI interrupt-map property Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 69/80] KVM: x86: Mask off reserved bit from #DB exception payload Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 70/80] KVM: nVMX: Handle pending #DB when injecting INIT VM-exit Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 71/80] perf stat: Dont report a null stalled cycles per insn metric Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 72/80] NFSv4.1 make cachethis=no for writes Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 73/80] NFSv4: Ensure the delegation cred is pinned when we call delegreturn Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 74/80] Revert "drm/sun4i: drv: Allow framebuffer modifiers in mode config" Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 75/80] drm/i915/pmu: Correct the rc6 offset upon enabling Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 76/80] ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 77/80] io-wq: add support for inheriting ->fs Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 78/80] NFSv4: Add accounting for the number of active delegations held Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 79/80] gpio: add gpiod_toggle_active_low() Greg Kroah-Hartman
2020-02-18 19:55 ` [PATCH 5.5 80/80] mmc: core: Rework wp-gpio handling Greg Kroah-Hartman
2020-02-18 23:02 ` [PATCH 5.5 00/80] 5.5.5-stable review shuah
2020-02-19 18:50 ` Greg Kroah-Hartman
2020-02-19 4:30 ` Naresh Kamboju
2020-02-19 18:50 ` Greg Kroah-Hartman
[not found] ` <20200218190432.043414522-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
2020-02-19 11:06 ` Jon Hunter
2020-02-19 11:06 ` Jon Hunter
2020-02-19 18:52 ` Greg Kroah-Hartman
2020-02-19 18:09 ` Guenter Roeck
2020-02-19 18:52 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200218190437.172007798@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jgg@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yonatanc@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.