FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-02 23:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e120dcb6b2
linux/drivers/scsi
History
Calvin Owens e120dcb6b2 ses: Fix racy cleanup of /sys in remove_dev() 
Currently we free the resources backing the enclosure device before we
call device_unregister(). This is racy: during rmmod of low-level SCSI
drivers that hook into enclosure, we end up with a small window of time
during which writing to /sys can OOPS. Example trace with mpt3sas:

  general protection fault: 0000 [#1] SMP KASAN
  Modules linked in: mpt3sas(-) <...>
  RIP: [<ffffffffa0388a98>] ses_get_page2_descriptor.isra.6+0x38/0x220 [ses]
  Call Trace:
   [<ffffffffa0389d14>] ses_set_fault+0xf4/0x400 [ses]
   [<ffffffffa0361069>] set_component_fault+0xa9/0xf0 [enclosure]
   [<ffffffff8205bffc>] dev_attr_store+0x3c/0x70
   [<ffffffff81677df5>] sysfs_kf_write+0x115/0x180
   [<ffffffff81675725>] kernfs_fop_write+0x275/0x3a0
   [<ffffffff8151f810>] __vfs_write+0xe0/0x3e0
   [<ffffffff8152281f>] vfs_write+0x13f/0x4a0
   [<ffffffff81526731>] SyS_write+0x111/0x230
   [<ffffffff828b401b>] entry_SYSCALL_64_fastpath+0x13/0x94

Fortunately the solution is extremely simple: call device_unregister()
before we free the resources, and the race no longer exists. The driver
core holds a reference over ->remove_dev(), so AFAICT this is safe.

Signed-off-by: Calvin Owens <calvinowens@fb.com>
Reviewed-by: James Bottomley <jejb@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-08-12 17:40:51 -04:00
..
aacraid aacraid: Check size values after double-fetch from user 2016-08-08 21:34:02 -04:00
aic7xxx
aic94xx treewide: Fix typos in printk 2016-04-18 11:23:24 +02:00
arcmsr
arm scsi: rename SCSI_MAX_{SG, SG_CHAIN}_SEGMENTS 2016-04-15 16:53:14 -04:00
be2iscsi
bfa scripts/spelling.txt: add "fimware" misspelling 2016-05-19 19:12:14 -07:00
bnx2fc fcoe: use enum for fip_mode 2016-07-13 22:05:28 -04:00
bnx2i bnx2i: fix spelling mistake "complection" -> "completion" 2016-07-12 23:16:31 -04:00
csiostor
cxgbi cxgbi: fix uninitialized flowi6 2016-04-25 16:20:49 -04:00
cxlflash cxlflash: Verify problem state area is mapped before notifying shutdown 2016-07-27 00:32:06 -04:00
device_handler Merge branch 'fixes' into misc 2016-05-17 21:12:50 -04:00
dpt
esas2r scsi: rename SCSI_MAX_{SG, SG_CHAIN}_SEGMENTS 2016-04-15 16:53:14 -04:00
fcoe fcoe: Use kfree_skb() instead of kfree() 2016-08-04 21:29:02 -04:00
fnic fnic: pci_dma_mapping_error() doesn't return an error code 2016-07-20 20:49:17 -04:00
hisi_sas hisi_sas: update driver version to 1.5 2016-07-12 23:16:31 -04:00
ibmvscsi ibmvfc: prevent a potential deadlock 2016-07-15 15:13:52 -04:00
isci Merge branch 'for-4.7-zac' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2016-05-23 17:53:39 -07:00
libfc libfc: sanity check cpu number extracted from xid 2016-07-13 21:49:57 -04:00
libsas scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task 2016-07-20 20:53:35 -04:00
lpfc lpfc: Fix possible NULL pointer dereference 2016-08-02 01:16:28 -04:00
megaraid megaraid_sas: Fix probing cards without io port 2016-08-10 22:28:54 -04:00
mpt3sas mpt3sas: Fix resume on WarpDrive flash cards 2016-08-12 16:11:57 -04:00
mvsas libata/libsas: Define ATA_CMD_NCQ_NON_DATA 2016-05-09 12:36:44 -04:00
osd
pcmcia
pm8001 pm8001: fix typo 2016-07-12 23:16:31 -04:00
qla2xxx qla2xxx: Update driver version to 8.07.00.38-k 2016-07-15 15:35:52 -04:00
qla4xxx
snic snic: Fix use-after-free in case of a dma mapping error 2016-07-12 23:16:31 -04:00
sym53c8xx_2
ufs scsi: ufs: remove unnecessary goto label 2016-07-15 15:44:45 -04:00
.gitignore
3w-9xxx.c
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c
3w-xxxx.h
53c700_d.h_shipped
53c700.c scsi: remove current_cmnd field from struct scsi_device 2016-07-13 22:33:23 -04:00
53c700.h scsi: remove current_cmnd field from struct scsi_device 2016-07-13 22:33:23 -04:00
53c700.scr
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c
aha152x.c
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
am53c974.c
atari_scsi.c atari_scsi: Allow can_queue to be increased for Falcon 2016-04-11 16:57:09 -04:00
atp870u.c
atp870u.h
BusLogic.c
BusLogic.h
bvme6000_scsi.c
ch.c
constants.c scsi: reduce CONFIG_SCSI_CONSTANTS=y impact by 8k 2016-04-11 16:57:09 -04:00
dc395x.c
dc395x.h
dmx3191d.c ncr5380: Remove DONT_USE_INTR and AUTOPROBE_IRQ macros 2016-04-11 16:57:09 -04:00
dpt_i2o.c
dpti.h
dtc.c ncr5380: Remove DONT_USE_INTR and AUTOPROBE_IRQ macros 2016-04-11 16:57:09 -04:00
dtc.h ncr5380: Merge DMA implementation from atari_NCR5380 core driver 2016-04-11 16:57:09 -04:00
eata_generic.h
eata_pio.c eata_pio: missing break statement 2016-05-10 22:01:07 -04:00
eata_pio.h
eata.c
esp_scsi.c
esp_scsi.h
fdomain.c
fdomain.h
FlashPoint.c
g_NCR5380_mmio.c
g_NCR5380.c ncr5380: Update usage documentation 2016-04-11 16:57:09 -04:00
g_NCR5380.h ncr5380: Merge DMA implementation from atari_NCR5380 core driver 2016-04-11 16:57:09 -04:00
gdth_ioctl.h
gdth_proc.c
gdth_proc.h
gdth.c
gdth.h
gvp11.c
gvp11.h
hosts.c scsi: remove the disable_blk_mq host flag 2016-07-15 15:11:20 -04:00
hpsa_cmd.h
hpsa.c hpsa: change hpsa_passthru_ioctl timeout 2016-07-15 15:40:54 -04:00
hpsa.h hpsa: correct handling of HBA device removal 2016-04-29 19:08:24 -04:00
hptiop.c
hptiop.h
imm.c
imm.h
in2000.c
in2000.h
initio.c
initio.h
ipr.c ipr: Fix sync scsi scan 2016-08-10 22:48:16 -04:00
ipr.h ipr: Wait to do async scan until scsi host is initialized 2016-07-27 00:32:07 -04:00
ips.c
ips.h
iscsi_boot_sysfs.c ibft: Expose iBFT acpi header via sysfs 2016-05-16 11:14:29 -04:00
iscsi_tcp.c scsi_tcp: block BH in TCP callbacks 2016-05-19 11:36:49 -07:00
iscsi_tcp.h
jazz_esp.c
Kconfig scsi: ultrastor.c depends on ISA_DMA_API 2016-07-12 23:16:31 -04:00
lasi700.c
libiscsi_tcp.c
libiscsi.c libiscsi: Remove set-but-not-used variables 2016-04-11 16:57:09 -04:00
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c mac_scsi: Fix pseudo DMA implementation 2016-04-11 16:57:09 -04:00
Makefile
megaraid.c
megaraid.h
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c
mvumi.h
ncr53c8xx.c
ncr53c8xx.h
NCR53c406a.c
NCR5380.c ncr5380: Call complete_cmd() for disconnected commands on bus reset 2016-04-11 16:57:09 -04:00
NCR5380.h mac_scsi: Fix pseudo DMA implementation 2016-04-11 16:57:09 -04:00
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c
nsp32_io.h
nsp32.c
nsp32.h
osst_detect.h
osst_options.h
osst.c
osst.h
pas16.c ncr5380: Remove DONT_USE_INTR and AUTOPROBE_IRQ macros 2016-04-11 16:57:09 -04:00
pas16.h ncr5380: Merge DMA implementation from atari_NCR5380 core driver 2016-04-11 16:57:09 -04:00
pmcraid.c
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c qla1280: Don't allocate 512kb of host tags 2016-04-30 09:25:26 -07:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi_common.c scsi: add scsi_set_sense_field_pointer() 2016-04-04 12:07:42 -04:00
scsi_debug.c scsi_debug: fix sleep in invalid context 2016-07-12 23:16:31 -04:00
scsi_devinfo.c SCSI: fix new bug in scsi_dev_info_list string matching 2016-06-29 00:51:31 -04:00
scsi_dh.c
scsi_error.c Merge remote-tracking branch 'mkp-scsi/4.7/scsi-fixes' into fixes 2016-06-18 11:59:01 -07:00
scsi_ioctl.c
scsi_lib_dma.c
scsi_lib.c scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands 2016-05-22 14:52:45 -04:00
scsi_logging.c
scsi_logging.h
scsi_module.c
scsi_netlink.c
scsi_pm.c
scsi_priv.h scsi: disable automatic target scan 2016-04-11 16:57:09 -04:00
scsi_proc.c scsi: disable automatic target scan 2016-04-11 16:57:09 -04:00
scsi_sas_internal.h
scsi_scan.c scsi: Add intermediate STARGET_REMOVE state to scsi_target_state 2016-04-15 16:51:53 -04:00
scsi_sysctl.c
scsi_sysfs.c Revert "scsi: fix soft lockup in scsi_remove_target() on module removal" 2016-04-15 16:53:07 -04:00
scsi_trace.c scsi-trace: define ZBC_IN and ZBC_OUT 2016-04-11 16:57:09 -04:00
scsi_transport_api.h
scsi_transport_fc.c scsi_transport_fc: Unexport scsi_is_fc_vport() 2016-04-11 16:57:09 -04:00
scsi_transport_iscsi.c scsi_transport_iscsi: Declare local symbols static 2016-04-11 16:57:09 -04:00
scsi_transport_sas.c scsi: disable automatic target scan 2016-04-11 16:57:09 -04:00
scsi_transport_spi.c
scsi_transport_srp.c
scsi_typedefs.h
scsi.c scsi: remove the disable_blk_mq host flag 2016-07-15 15:11:20 -04:00
scsi.h
scsicam.c
sd_dif.c
sd.c sd: Fix rw_max for devices that report an optimal xfer size 2016-06-01 22:07:47 -04:00
sd.h sd: Fix rw_max for devices that report an optimal xfer size 2016-06-01 22:07:47 -04:00
sense_codes.h scsi: move Additional Sense Codes to separate file 2016-04-11 16:57:09 -04:00
ses.c ses: Fix racy cleanup of /sys in remove_dev() 2016-08-12 17:40:51 -04:00
sg.c
sgiwd93.c
sim710.c
sni_53c710.c
sr_ioctl.c
sr_vendor.c
sr.c
sr.h
st_options.h
st.c st: clear ILI if Medium Error 2016-04-25 22:08:16 -04:00
st.h
stex.c
storvsc_drv.c scsi: storvsc: Filter out storvsc messages CD-ROM medium not present 2016-07-12 23:16:31 -04:00
sun3_scsi_vme.c
sun3_scsi.c ncr5380: Remove disused atari_NCR5380.c core driver 2016-04-11 16:57:09 -04:00
sun3_scsi.h
sun3x_esp.c
sun_esp.c
sym53c416.c
sym53c416.h
t128.c ncr5380: Remove DONT_USE_INTR and AUTOPROBE_IRQ macros 2016-04-11 16:57:09 -04:00
t128.h ncr5380: Merge DMA implementation from atari_NCR5380 core driver 2016-04-11 16:57:09 -04:00
u14-34f.c
ultrastor.c
ultrastor.h
virtio_scsi.c
vmw_pvscsi.c vmw_pvscsi: Change to update maintainer details (name, email) 2016-07-12 23:16:31 -04:00
vmw_pvscsi.h vmw_pvscsi: Change to update maintainer details (name, email) 2016-07-12 23:16:31 -04:00
wd33c93.c
wd33c93.h
wd719x.c
wd719x.h
wd7000.c scsi: wd7000: print sector number as 64-bit 2016-07-12 23:16:31 -04:00
xen-scsifront.c
zalon.c
zorro7xx.c