From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7EF68C4167B for ; Tue, 28 Nov 2023 21:08:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fs660HSPLpgbPYxrZ7SRlZKnNZeLxgFFwDQ6djj0zY0=; b=hl4vhvOJJKFeMZ8rByelMJYwdJ +/ZX5BXT4CSJd1bayO6+AYzYFIXbmDKG/bmAaXX9bRvWs57nqeyy7SUiKcNxJbwWdsML/bbiqsfKm 9ovik09AbgjgyX2/HULODMiWn9aeOzcT8DC72R7TlBlVyHDJybHvbzB9VuJXWB7hEP0Yl1jMz5Rdi gnxXATDToYS6VINDRBDfsCfnXMJbrP7z1VRrZYyvqShqOmGotJip5oHRAlNIVSriNFyv+utS3suqi iiE5cIaSO+CI93JLXe/XUaKhMzIRLTbgCqDGBzo2UlLH+pErkKB6vwJNP9/knWf5BktnsamQUUrWL WLQGW5EQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1r85Jc-006M0J-2r; Tue, 28 Nov 2023 21:08:20 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1r85JX-006LvS-0O for linux-nvme@lists.infradead.org; Tue, 28 Nov 2023 21:08:16 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 97A126185A; Tue, 28 Nov 2023 21:08:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8BF00C433BC; Tue, 28 Nov 2023 21:08:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701205694; bh=npHZoGgH6aI7PnmoU/VcachZyj1FZKaZi5flPg2IOaQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u5yCveo/afxZXn9CNaBaPMH/TqR3wIr6zoVFQHILnwMTPL4WLUCuoU3C45alJ2myY ichLtZPYiR+VyJ/PPvDDgERtCDv/JmlksR/64x+QYXqYrkNd0CC7ItcS0HRsSZqIAe vTO9rXh5tuLB+MW8QSOrNMg34tfmz2cBu3y0VQC5PQz16f+nvk3AC6de0tH6GXclkr y3e4rKU7d7pFOcPuS47TEXwvlstoFILqf4m9LAJ5BFlXVGRCadi0b9gScuJJAd9HtN mTkEu66F9jmenJFI11kGqE8Fs+y3tuBBIQwxNDNDuSa7yvd3beQZJXR1IpCenUZvv9 uFfDMQreumxBA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Hannes Reinecke , Keith Busch , Sasha Levin , sagi@grimberg.me, linux-nvme@lists.infradead.org Subject: [PATCH AUTOSEL 6.1 13/25] nvme: catch errors from nvme_configure_metadata() Date: Tue, 28 Nov 2023 16:07:29 -0500 Message-ID: <20231128210750.875945-13-sashal@kernel.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231128210750.875945-1-sashal@kernel.org> References: <20231128210750.875945-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.1.64 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231128_130815_253869_A650D0BF X-CRM114-Status: GOOD ( 13.47 ) X-BeenThere: linux-nvme@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-nvme" Errors-To: linux-nvme-bounces+linux-nvme=archiver.kernel.org@lists.infradead.org From: Hannes Reinecke [ Upstream commit cd9aed606088d36a7ffff3e808db4e76b1854285 ] nvme_configure_metadata() is issuing I/O, so we might incur an I/O error which will cause the connection to be reset. But in that case any further probing will race with reset and cause UAF errors. So return a status from nvme_configure_metadata() and abort probing if there was an I/O error. Signed-off-by: Hannes Reinecke Signed-off-by: Keith Busch Signed-off-by: Sasha Levin --- drivers/nvme/host/core.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 25ddfabc58f73..73cec036567d2 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1845,16 +1845,18 @@ static int nvme_init_ms(struct nvme_ns *ns, struct nvme_id_ns *id) return ret; } -static void nvme_configure_metadata(struct nvme_ns *ns, struct nvme_id_ns *id) +static int nvme_configure_metadata(struct nvme_ns *ns, struct nvme_id_ns *id) { struct nvme_ctrl *ctrl = ns->ctrl; + int ret; - if (nvme_init_ms(ns, id)) - return; + ret = nvme_init_ms(ns, id); + if (ret) + return ret; ns->features &= ~(NVME_NS_METADATA_SUPPORTED | NVME_NS_EXT_LBAS); if (!ns->ms || !(ctrl->ops->flags & NVME_F_METADATA_SUPPORTED)) - return; + return 0; if (ctrl->ops->flags & NVME_F_FABRICS) { /* @@ -1863,7 +1865,7 @@ static void nvme_configure_metadata(struct nvme_ns *ns, struct nvme_id_ns *id) * remap the separate metadata buffer from the block layer. */ if (WARN_ON_ONCE(!(id->flbas & NVME_NS_FLBAS_META_EXT))) - return; + return 0; ns->features |= NVME_NS_EXT_LBAS; @@ -1890,6 +1892,7 @@ static void nvme_configure_metadata(struct nvme_ns *ns, struct nvme_id_ns *id) else ns->features |= NVME_NS_METADATA_SUPPORTED; } + return 0; } static void nvme_set_queue_limits(struct nvme_ctrl *ctrl, @@ -2063,7 +2066,11 @@ static int nvme_update_ns_info_block(struct nvme_ns *ns, ns->lba_shift = id->lbaf[lbaf].ds; nvme_set_queue_limits(ns->ctrl, ns->queue); - nvme_configure_metadata(ns, id); + ret = nvme_configure_metadata(ns, id); + if (ret < 0) { + blk_mq_unfreeze_queue(ns->disk->queue); + goto out; + } nvme_set_chunk_sectors(ns, id); nvme_update_disk_info(ns->disk, ns, id); -- 2.42.0