From: Ming Lei <ming.lei@redhat.com>
To: Hannes Reinecke <hare@suse.de>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org, Sagi Grimberg <sagi@grimberg.me>,
Mark O'Donovan <shiftee@posteo.net>,
Changhui Zhong <czhong@redhat.com>
Subject: Re: [PATCH] nvme: move stopping keep-alive into nvme_uninit_ctrl()
Date: Mon, 12 Aug 2024 22:59:22 +0800 [thread overview]
Message-ID: <ZrojSva2rQXY+CT+@fedora> (raw)
In-Reply-To: <17cbd822-daae-4954-b184-974432ca2fe1@suse.de>
On Mon, Aug 12, 2024 at 01:56:01PM +0200, Hannes Reinecke wrote:
> On 8/9/24 15:54, Ming Lei wrote:
> > Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")
> > moves starting keep-alive from nvme_start_ctrl() into
> > nvme_init_ctrl_finish(), but don't move stopping keep-alive into
> > nvme_uninit_ctrl(), so keep-alive work can be started and keep pending
> > after failing to start controller, finally use-after-free is triggered if
> > nvme host driver is unloaded.
> >
> > This patch fixes kernel panic when running nvme/004 in case that connection
> > failure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().
> >
> > This way is reasonable because keep-alive is now started in
> > nvme_init_ctrl_finish().
> >
> > Fixes: 4733b65d82bd ("nvme: start keep-alive after admin queue setup")
> > Cc: Hannes Reinecke <hare@suse.de>
> > Cc: Mark O'Donovan <shiftee@posteo.net>
> > Reported-by: Changhui Zhong <czhong@redhat.com>
> > Signed-off-by: Ming Lei <ming.lei@redhat.com>
> > ---
> > drivers/nvme/host/core.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> > index 053d5b4909cd..562afa71ea85 100644
> > --- a/drivers/nvme/host/core.c
> > +++ b/drivers/nvme/host/core.c
> > @@ -4612,7 +4612,6 @@ void nvme_stop_ctrl(struct nvme_ctrl *ctrl)
> > {
> > nvme_mpath_stop(ctrl);
> > nvme_auth_stop(ctrl);
> > - nvme_stop_keep_alive(ctrl);
> > nvme_stop_failfast_work(ctrl);
> > flush_work(&ctrl->async_event_work);
> > cancel_work_sync(&ctrl->fw_act_work);
>
> Huh? What happened here?
> Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")
> has _exactly_ the same hunk.
> Someone else must've changed it afterwards, so please update the 'fixes'
> tag to refer to the correct commit.
It is exactly 4733b65d82bd ("nvme: start keep-alive after admin
queue setup"), which moves nvme_start_keep_alive() into
nvme_init_ctrl_finish(), but not move nvme_stop_keep_alive() to
nvme_uninit_ctrl().
Thanks,
Ming
next prev parent reply other threads:[~2024-08-12 14:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-09 13:54 [PATCH] nvme: move stopping keep-alive into nvme_uninit_ctrl() Ming Lei
2024-08-12 8:29 ` Christoph Hellwig
2024-08-12 8:37 ` Sagi Grimberg
2024-08-12 11:56 ` Hannes Reinecke
2024-08-12 14:59 ` Ming Lei [this message]
2024-08-12 15:14 ` Keith Busch
2024-08-12 15:36 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZrojSva2rQXY+CT+@fedora \
--to=ming.lei@redhat.com \
--cc=czhong@redhat.com \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
--cc=shiftee@posteo.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.