From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Julian Wiedmann <jwi@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>
Subject: [PATCH 5.1 49/54] s390/qdio: (re-)initialize tiqdio list entries
Date: Thu, 18 Jul 2019 12:01:44 +0900 [thread overview]
Message-ID: <20190718030056.989876091@linuxfoundation.org> (raw)
In-Reply-To: <20190718030053.287374640@linuxfoundation.org>
From: Julian Wiedmann <jwi@linux.ibm.com>
commit e54e4785cb5cb4896cf4285964aeef2125612fb2 upstream.
When tiqdio_remove_input_queues() removes a queue from the tiq_list as
part of qdio_shutdown(), it doesn't re-initialize the queue's list entry
and the prev/next pointers go stale.
If a subsequent qdio_establish() fails while sending the ESTABLISH cmd,
it calls qdio_shutdown() again in QDIO_IRQ_STATE_ERR state and
tiqdio_remove_input_queues() will attempt to remove the queue entry a
second time. This dereferences the stale pointers, and bad things ensue.
Fix this by re-initializing the list entry after removing it from the
list.
For good practice also initialize the list entry when the queue is first
allocated, and remove the quirky checks that papered over this omission.
Note that prior to
commit e521813468f7 ("s390/qdio: fix access to uninitialized qdio_q fields"),
these checks were bogus anyway.
setup_queues_misc() clears the whole queue struct, and thus needs to
re-init the prev/next pointers as well.
Fixes: 779e6e1c724d ("[S390] qdio: new qdio driver.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/qdio_setup.c | 2 ++
drivers/s390/cio/qdio_thinint.c | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/s390/cio/qdio_setup.c
+++ b/drivers/s390/cio/qdio_setup.c
@@ -150,6 +150,7 @@ static int __qdio_allocate_qs(struct qdi
return -ENOMEM;
}
irq_ptr_qs[i] = q;
+ INIT_LIST_HEAD(&q->entry);
}
return 0;
}
@@ -178,6 +179,7 @@ static void setup_queues_misc(struct qdi
q->mask = 1 << (31 - i);
q->nr = i;
q->handler = handler;
+ INIT_LIST_HEAD(&q->entry);
}
static void setup_storage_lists(struct qdio_q *q, struct qdio_irq *irq_ptr,
--- a/drivers/s390/cio/qdio_thinint.c
+++ b/drivers/s390/cio/qdio_thinint.c
@@ -87,14 +87,14 @@ void tiqdio_remove_input_queues(struct q
struct qdio_q *q;
q = irq_ptr->input_qs[0];
- /* if establish triggered an error */
- if (!q || !q->entry.prev || !q->entry.next)
+ if (!q)
return;
mutex_lock(&tiq_list_lock);
list_del_rcu(&q->entry);
mutex_unlock(&tiq_list_lock);
synchronize_rcu();
+ INIT_LIST_HEAD(&q->entry);
}
static inline int has_multiple_inq_on_dsci(struct qdio_irq *irq_ptr)
next prev parent reply other threads:[~2019-07-18 3:24 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-18 3:00 [PATCH 5.1 00/54] 5.1.19-stable review Greg Kroah-Hartman
2019-07-18 3:00 ` [PATCH 5.1 01/54] Revert "e1000e: fix cyclic resets at link up with active tx" Greg Kroah-Hartman
2019-07-18 3:00 ` [PATCH 5.1 02/54] e1000e: start network tx queue only when link is up Greg Kroah-Hartman
2019-07-18 3:00 ` [PATCH 5.1 03/54] Input: synaptics - enable SMBUS on T480 thinkpad trackpad Greg Kroah-Hartman
2019-07-18 3:00 ` [PATCH 5.1 04/54] nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 05/54] drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 06/54] firmware: improve LSM/IMA security behaviour Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 07/54] ARM: dts: meson8: fix GPU interrupts and drop an undocumented property Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 08/54] ARM: dts: meson8b: fix the operating voltage of the Mali GPU Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 09/54] irqchip/irq-csky-mpintc: Support auto irq deliver to all cpus Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 10/54] irqchip/gic-v3-its: Fix command queue pointer comparison bug Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 11/54] clk: ti: clkctrl: Fix returning uninitialized data Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 12/54] efi/bgrt: Drop BGRT status field reserved bits check Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 13/54] arm64: dts: ls1028a: Fix CPU idle fail Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 14/54] selftests/powerpc: Add test of fork with mapping above 512TB Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 15/54] perf/core: Fix perf_sample_regs_user() mm check Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 16/54] ARM: dts: gemini Fix up DNS-313 compatible string Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 17/54] ARM: omap2: remove incorrect __init annotation Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 18/54] afs: Fix uninitialised spinlock afs_volume::cb_break_lock Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 19/54] x86/efi: fix a -Wtype-limits compilation warning Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 20/54] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 21/54] be2net: fix link failure after ethtool offline test Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 22/54] ppp: mppe: Add softdep to arc4 Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 23/54] sis900: fix TX completion Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 24/54] ARM: dts: imx6ul: fix PWM[1-4] interrupts Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 25/54] pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 26/54] pinctrl: ocelot: fix gpio direction for pins after 31 Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 27/54] pinctrl: ocelot: fix pinmuxing " Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 28/54] dm table: dont copy from a NULL pointer in realloc_argv() Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 29/54] dm verity: use message limit for data block corruption message Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 30/54] x86/boot/64: Fix crash if kernel image crosses page table boundary Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 31/54] x86/boot/64: Add missing fixup_pointer() for next_early_pgt access Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 32/54] HID: chicony: add another quirk for PixArt mouse Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 33/54] HID: uclogic: Add support for Huion HS64 tablet Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 34/54] HID: multitouch: Add pointstick support for ALPS Touchpad Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 35/54] pinctrl: mediatek: Ignore interrupts that are wake only during resume Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 36/54] cpu/hotplug: Fix out-of-bounds read when setting fail state Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 37/54] pinctrl: mediatek: Update cur_mask in mask/mask ops Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 38/54] mm/oom_kill.c: fix uninitialized oc->constraint Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 39/54] fork,memcg: alloc_thread_stack_node needs to set tsk->stack Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 40/54] linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 41/54] genirq: Delay deactivation in free_irq() Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 42/54] genirq: Fix misleading synchronize_irq() documentation Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 43/54] genirq: Add optional hardware synchronization for shutdown Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 44/54] x86/ioapic: Implement irq_get_irqchip_state() callback Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 45/54] x86/irq: Handle spurious interrupt after shutdown gracefully Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 46/54] x86/irq: Seperate unused system vectors from spurious entry again Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 47/54] ARC: hide unused function unw_hdr_alloc Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 48/54] s390: fix stfle zero padding Greg Kroah-Hartman
2019-07-18 3:01 ` Greg Kroah-Hartman [this message]
2019-07-18 3:01 ` [PATCH 5.1 50/54] s390/qdio: dont touch the dsci in tiqdio_add_input_queues() Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 51/54] crypto: talitos - move struct talitos_edesc into talitos.h Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 52/54] crypto: talitos - fix hash on SEC1 Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 53/54] crypto/NX: Set receive window credits to max number of CRBs in RxFIFO Greg Kroah-Hartman
2019-07-18 3:01 ` [PATCH 5.1 54/54] x86/entry/32: Fix ENDPROC of common_spurious Greg Kroah-Hartman
2019-07-18 8:13 ` [PATCH 5.1 00/54] 5.1.19-stable review kernelci.org bot
2019-07-18 9:21 ` Jon Hunter
2019-07-18 15:24 ` Naresh Kamboju
2019-07-18 19:48 ` Guenter Roeck
2019-07-18 20:36 ` Jiunn Chang
2019-07-18 20:57 ` Kelsey Skunberg
2019-07-19 4:43 ` Bharath Vedartham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190718030056.989876091@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gor@linux.ibm.com \
--cc=jwi@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).