* [PATCH v2 0/2] Drivers: vmbus: Fix rescind handling in uio_hv_generic @ 2024-08-29 7:13 Naman Jain 2024-08-29 7:13 ` [PATCH v2 1/2] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Naman Jain 2024-08-29 7:13 ` [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Naman Jain 0 siblings, 2 replies; 6+ messages in thread From: Naman Jain @ 2024-08-29 7:13 UTC (permalink / raw) To: K . Y . Srinivasan, Haiyang Zhang, Wei Liu, Dexuan Cui, Greg Kroah-Hartman, Stephen Hemminger, Michael Kelley Cc: linux-hyperv, linux-kernel, Saurabh Sengar, Naman Jain, stable Fix a few issues in rescind handling in uio_hv_generic driver. Patches are based on latest linux-next tip. Steps to reproduce issue: * Probe uio_hv_generic driver and create channels to use fcopy * Disable the guest service on host and then Enable it. or * repeatedly do cat "/dev/uioX" on the device created for fcopy. Changes since v1: https://lore.kernel.org/all/20240822110912.13735-1-namjain@linux.microsoft.com/ * Added stable kernel list to cc * Updated commit messages for more information * Explicitly handle rescind callback for primary channel only, and add comment: Saurabh, Michael. * Rebase to latest tip. Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind drivers/hv/vmbus_drv.c | 1 + drivers/uio/uio_hv_generic.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) base-commit: 195a402a75791e6e0d96d9da27ca77671bc656a8 -- 2.34.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 1/2] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind 2024-08-29 7:13 [PATCH v2 0/2] Drivers: vmbus: Fix rescind handling in uio_hv_generic Naman Jain @ 2024-08-29 7:13 ` Naman Jain 2024-08-29 7:13 ` [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Naman Jain 1 sibling, 0 replies; 6+ messages in thread From: Naman Jain @ 2024-08-29 7:13 UTC (permalink / raw) To: K . Y . Srinivasan, Haiyang Zhang, Wei Liu, Dexuan Cui, Greg Kroah-Hartman, Stephen Hemminger, Michael Kelley Cc: linux-hyperv, linux-kernel, Saurabh Sengar, Naman Jain, stable From: Saurabh Sengar <ssengar@linux.microsoft.com> For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel. Cc: stable@vger.kernel.org Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support") Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com> Signed-off-by: Naman Jain <namjain@linux.microsoft.com> --- drivers/uio/uio_hv_generic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index b45653752301..e3e66a3e85a8 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -106,10 +106,11 @@ static void hv_uio_channel_cb(void *context) /* * Callback from vmbus_event when channel is rescinded. + * It is meant for rescind of primary channels only. */ static void hv_uio_rescind(struct vmbus_channel *channel) { - struct hv_device *hv_dev = channel->primary_channel->device_obj; + struct hv_device *hv_dev = channel->device_obj; struct hv_uio_private_data *pdata = hv_get_drvdata(hv_dev); /* -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-08-29 7:13 [PATCH v2 0/2] Drivers: vmbus: Fix rescind handling in uio_hv_generic Naman Jain 2024-08-29 7:13 ` [PATCH v2 1/2] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Naman Jain @ 2024-08-29 7:13 ` Naman Jain 2024-08-29 13:40 ` Saurabh Singh Sengar 1 sibling, 1 reply; 6+ messages in thread From: Naman Jain @ 2024-08-29 7:13 UTC (permalink / raw) To: K . Y . Srinivasan, Haiyang Zhang, Wei Liu, Dexuan Cui, Greg Kroah-Hartman, Stephen Hemminger, Michael Kelley Cc: linux-hyperv, linux-kernel, Saurabh Sengar, Naman Jain, stable Rescind offer handling relies on rescind callbacks for some of the resources cleanup, if they are registered. It does not unregister vmbus device for the primary channel closure, when callback is registered. Without it, next onoffer does not come, rescind flag remains set and device goes to unusable state. Add logic to unregister vmbus for the primary channel in rescind callback to ensure channel removal and relid release, and to ensure that next onoffer can be received and handled properly. Cc: stable@vger.kernel.org Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support") Signed-off-by: Naman Jain <namjain@linux.microsoft.com> --- drivers/hv/vmbus_drv.c | 1 + drivers/uio/uio_hv_generic.c | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 7242c4920427..c405295b930a 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1980,6 +1980,7 @@ void vmbus_device_unregister(struct hv_device *device_obj) */ device_unregister(&device_obj->device); } +EXPORT_SYMBOL_GPL(vmbus_device_unregister); #ifdef CONFIG_ACPI /* diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index e3e66a3e85a8..870409599411 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -121,6 +121,14 @@ static void hv_uio_rescind(struct vmbus_channel *channel) /* Wake up reader */ uio_event_notify(&pdata->info); + + /* + * With rescind callback registered, rescind path will not unregister the device + * from vmbus when the primary channel is rescinded. + * Without it, rescind handling is incomplete and next onoffer msg does not come. + * Unregister the device from vmbus here. + */ + vmbus_device_unregister(channel->device_obj); } /* Sysfs API to allow mmap of the ring buffers -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-08-29 7:13 ` [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Naman Jain @ 2024-08-29 13:40 ` Saurabh Singh Sengar 2024-09-05 7:30 ` Wei Liu 0 siblings, 1 reply; 6+ messages in thread From: Saurabh Singh Sengar @ 2024-08-29 13:40 UTC (permalink / raw) To: Naman Jain Cc: K . Y . Srinivasan, Haiyang Zhang, Wei Liu, Dexuan Cui, Greg Kroah-Hartman, Stephen Hemminger, Michael Kelley, linux-hyperv, linux-kernel, stable On Thu, Aug 29, 2024 at 12:43:12PM +0530, Naman Jain wrote: > Rescind offer handling relies on rescind callbacks for some of the > resources cleanup, if they are registered. It does not unregister > vmbus device for the primary channel closure, when callback is > registered. Without it, next onoffer does not come, rescind flag > remains set and device goes to unusable state. > > Add logic to unregister vmbus for the primary channel in rescind callback > to ensure channel removal and relid release, and to ensure that next > onoffer can be received and handled properly. > > Cc: stable@vger.kernel.org > Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support") > Signed-off-by: Naman Jain <namjain@linux.microsoft.com> > --- > drivers/hv/vmbus_drv.c | 1 + > drivers/uio/uio_hv_generic.c | 8 ++++++++ > 2 files changed, 9 insertions(+) > > diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c > index 7242c4920427..c405295b930a 100644 > --- a/drivers/hv/vmbus_drv.c > +++ b/drivers/hv/vmbus_drv.c > @@ -1980,6 +1980,7 @@ void vmbus_device_unregister(struct hv_device *device_obj) > */ > device_unregister(&device_obj->device); > } > +EXPORT_SYMBOL_GPL(vmbus_device_unregister); > > #ifdef CONFIG_ACPI > /* > diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c > index e3e66a3e85a8..870409599411 100644 > --- a/drivers/uio/uio_hv_generic.c > +++ b/drivers/uio/uio_hv_generic.c > @@ -121,6 +121,14 @@ static void hv_uio_rescind(struct vmbus_channel *channel) > > /* Wake up reader */ > uio_event_notify(&pdata->info); > + > + /* > + * With rescind callback registered, rescind path will not unregister the device > + * from vmbus when the primary channel is rescinded. > + * Without it, rescind handling is incomplete and next onoffer msg does not come. > + * Unregister the device from vmbus here. > + */ > + vmbus_device_unregister(channel->device_obj); > } > > /* Sysfs API to allow mmap of the ring buffers > -- > 2.34.1 > For the series, Reviewed-by: Saurabh Sengar <ssengar@linux.microsoft.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-08-29 13:40 ` Saurabh Singh Sengar @ 2024-09-05 7:30 ` Wei Liu 2024-09-05 7:36 ` Wei Liu 0 siblings, 1 reply; 6+ messages in thread From: Wei Liu @ 2024-09-05 7:30 UTC (permalink / raw) To: Saurabh Singh Sengar Cc: Naman Jain, K . Y . Srinivasan, Haiyang Zhang, Wei Liu, Dexuan Cui, Greg Kroah-Hartman, Stephen Hemminger, Michael Kelley, linux-hyperv, linux-kernel, stable On Thu, Aug 29, 2024 at 06:40:16AM -0700, Saurabh Singh Sengar wrote: > On Thu, Aug 29, 2024 at 12:43:12PM +0530, Naman Jain wrote: > > Rescind offer handling relies on rescind callbacks for some of the > > resources cleanup, if they are registered. It does not unregister > > vmbus device for the primary channel closure, when callback is > > registered. Without it, next onoffer does not come, rescind flag > > remains set and device goes to unusable state. > > > > Add logic to unregister vmbus for the primary channel in rescind callback > > to ensure channel removal and relid release, and to ensure that next > > onoffer can be received and handled properly. > > > > Cc: stable@vger.kernel.org > > Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support") > > Signed-off-by: Naman Jain <namjain@linux.microsoft.com> > > --- > > drivers/hv/vmbus_drv.c | 1 + > > drivers/uio/uio_hv_generic.c | 8 ++++++++ > > 2 files changed, 9 insertions(+) > > > > diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c > > index 7242c4920427..c405295b930a 100644 > > --- a/drivers/hv/vmbus_drv.c > > +++ b/drivers/hv/vmbus_drv.c > > @@ -1980,6 +1980,7 @@ void vmbus_device_unregister(struct hv_device *device_obj) > > */ > > device_unregister(&device_obj->device); > > } > > +EXPORT_SYMBOL_GPL(vmbus_device_unregister); > > > > #ifdef CONFIG_ACPI > > /* > > diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c > > index e3e66a3e85a8..870409599411 100644 > > --- a/drivers/uio/uio_hv_generic.c > > +++ b/drivers/uio/uio_hv_generic.c > > @@ -121,6 +121,14 @@ static void hv_uio_rescind(struct vmbus_channel *channel) > > > > /* Wake up reader */ > > uio_event_notify(&pdata->info); > > + > > + /* > > + * With rescind callback registered, rescind path will not unregister the device > > + * from vmbus when the primary channel is rescinded. > > + * Without it, rescind handling is incomplete and next onoffer msg does not come. > > + * Unregister the device from vmbus here. > > + */ > > + vmbus_device_unregister(channel->device_obj); > > } > > > > /* Sysfs API to allow mmap of the ring buffers > > -- > > 2.34.1 > > > > For the series, > Reviewed-by: Saurabh Sengar <ssengar@linux.microsoft.com> Applied to hyperv-fixes, thanks. > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-09-05 7:30 ` Wei Liu @ 2024-09-05 7:36 ` Wei Liu 0 siblings, 0 replies; 6+ messages in thread From: Wei Liu @ 2024-09-05 7:36 UTC (permalink / raw) To: Saurabh Singh Sengar Cc: Naman Jain, K . Y . Srinivasan, Haiyang Zhang, Wei Liu, Dexuan Cui, Greg Kroah-Hartman, Stephen Hemminger, Michael Kelley, linux-hyperv, linux-kernel, stable On Thu, Sep 05, 2024 at 07:30:10AM +0000, Wei Liu wrote: > On Thu, Aug 29, 2024 at 06:40:16AM -0700, Saurabh Singh Sengar wrote: > > On Thu, Aug 29, 2024 at 12:43:12PM +0530, Naman Jain wrote: > > > Rescind offer handling relies on rescind callbacks for some of the > > > resources cleanup, if they are registered. It does not unregister > > > vmbus device for the primary channel closure, when callback is > > > registered. Without it, next onoffer does not come, rescind flag > > > remains set and device goes to unusable state. > > > > > > Add logic to unregister vmbus for the primary channel in rescind callback > > > to ensure channel removal and relid release, and to ensure that next > > > onoffer can be received and handled properly. > > > > > > Cc: stable@vger.kernel.org > > > Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support") > > > Signed-off-by: Naman Jain <namjain@linux.microsoft.com> > > > --- > > > drivers/hv/vmbus_drv.c | 1 + > > > drivers/uio/uio_hv_generic.c | 8 ++++++++ > > > 2 files changed, 9 insertions(+) > > > > > > diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c > > > index 7242c4920427..c405295b930a 100644 > > > --- a/drivers/hv/vmbus_drv.c > > > +++ b/drivers/hv/vmbus_drv.c > > > @@ -1980,6 +1980,7 @@ void vmbus_device_unregister(struct hv_device *device_obj) > > > */ > > > device_unregister(&device_obj->device); > > > } > > > +EXPORT_SYMBOL_GPL(vmbus_device_unregister); > > > > > > #ifdef CONFIG_ACPI > > > /* > > > diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c > > > index e3e66a3e85a8..870409599411 100644 > > > --- a/drivers/uio/uio_hv_generic.c > > > +++ b/drivers/uio/uio_hv_generic.c > > > @@ -121,6 +121,14 @@ static void hv_uio_rescind(struct vmbus_channel *channel) > > > > > > /* Wake up reader */ > > > uio_event_notify(&pdata->info); > > > + > > > + /* > > > + * With rescind callback registered, rescind path will not unregister the device > > > + * from vmbus when the primary channel is rescinded. > > > + * Without it, rescind handling is incomplete and next onoffer msg does not come. > > > + * Unregister the device from vmbus here. > > > + */ > > > + vmbus_device_unregister(channel->device_obj); > > > } > > > > > > /* Sysfs API to allow mmap of the ring buffers > > > -- > > > 2.34.1 > > > > > > > For the series, > > Reviewed-by: Saurabh Sengar <ssengar@linux.microsoft.com> > > Applied to hyperv-fixes, thanks. Since Greg has already applied this series, I am dropping them from my tree. > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-09-05 7:37 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-08-29 7:13 [PATCH v2 0/2] Drivers: vmbus: Fix rescind handling in uio_hv_generic Naman Jain 2024-08-29 7:13 ` [PATCH v2 1/2] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Naman Jain 2024-08-29 7:13 ` [PATCH v2 2/2] Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Naman Jain 2024-08-29 13:40 ` Saurabh Singh Sengar 2024-09-05 7:30 ` Wei Liu 2024-09-05 7:36 ` Wei Liu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).