linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00

History

Dan Williams 6b2e428e67 cxl/port: Fix delete_endpoint() vs parent unregistration race commit `8d2ad999ca` upstream. The CXL subsystem, at cxl_mem ->probe() time, establishes a lineage of ports (struct cxl_port objects) between an endpoint and the root of a CXL topology. Each port including the endpoint port is attached to the cxl_port driver. Given that setup, it follows that when either any port in that lineage goes through a cxl_port ->remove() event, or the memdev goes through a cxl_mem ->remove() event. The hierarchy below the removed port, or the entire hierarchy if the memdev is removed needs to come down. The delete_endpoint() callback is careful to check whether it is being called to tear down the hierarchy, or if it is only being called to teardown the memdev because an ancestor port is going through ->remove(). That care needs to take the device_lock() of the endpoint's parent. Which requires 2 bugs to be fixed: 1/ A reference on the parent is needed to prevent use-after-free scenarios like this signature: BUG: spinlock bad magic on CPU#0, kworker/u56:0/11 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc38 05/24/2023 Workqueue: cxl_port detach_memdev [cxl_core] RIP: 0010:spin_bug+0x65/0xa0 Call Trace: do_raw_spin_lock+0x69/0xa0 __mutex_lock+0x695/0xb80 delete_endpoint+0xad/0x150 [cxl_core] devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1d2/0x210 detach_memdev+0x15/0x20 [cxl_core] process_one_work+0x1e3/0x4c0 worker_thread+0x1dd/0x3d0 2/ In the case of RCH topologies, the parent device that needs to be locked is not always @port->dev as returned by cxl_mem_find_port(), use endpoint->dev.parent instead. Fixes: `8dd2bc0f8e` ("cxl/mem: Add the cxl_mem driver") Cc: <stable@vger.kernel.org> Reported-by: Robert Richter <rrichter@amd.com> Closes: http://lore.kernel.org/r/20231018171713.1883517-2-rrichter@amd.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2023-11-28 17:20:07 +00:00
..
accel	accel/habanalabs/gaudi2: Fix incorrect string length computation in gaudi2_psoc_razwi_get_engines()	2023-11-20 11:59:11 +01:00
accessibility
acpi	ACPI: FPDT: properly handle invalid FPDT subtables	2023-11-28 17:20:03 +00:00
amba
android	binder: fix memory leaks of spam and pending work	2023-10-05 12:48:08 +02:00
ata	scsi: sd: Introduce manage_shutdown device flag	2023-10-27 10:00:19 +09:00
atm	atm: iphase: Do PCI error checks on own line	2023-11-28 17:19:43 +00:00
auxdisplay
base	driver core: Release all resources during unbind before updating device links	2023-11-28 17:20:05 +00:00
bcma
block	virtio-blk: fix implicit overflow on virtio_max_dma_size	2023-11-28 17:19:46 +00:00
bluetooth	Bluetooth: btusb: Add date->evt_skb is NULL check	2023-11-28 17:19:38 +00:00
bus
cache	riscv: RISCV_NONSTANDARD_CACHE_OPS shouldn't depend on RISCV_DMA_NONCOHERENT	2023-10-26 09:42:37 +02:00
cdrom
cdx
char	parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table	2023-11-28 17:20:00 +00:00
clk	clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks	2023-11-28 17:20:01 +00:00
clocksource	clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware	2023-11-28 17:19:36 +00:00
comedi
connector	Fix NULL pointer dereference in cn_filter()	2023-10-24 10:53:45 +02:00
counter	First set of Counter fixes for 6.6	2023-10-02 13:13:15 +02:00
cpufreq	cpufreq: stats: Fix buffer overflow detection in trans_stats()	2023-11-28 17:20:00 +00:00
cpuidle
crypto	crypto: hisilicon/qm - prevent soft lockup in receive loop	2023-11-28 17:19:44 +00:00
cxl	cxl/port: Fix delete_endpoint() vs parent unregistration race	2023-11-28 17:20:07 +00:00
dax
dca
devfreq	PM / devfreq: rockchip-dfi: Make pmu regmap mandatory	2023-11-20 11:59:00 +01:00
dio
dma	dmaengine: stm32-mdma: correct desc prep when channel running	2023-11-28 17:20:05 +00:00
dma-buf	dma-buf: add dma_fence_timestamp helper	2023-10-05 11:05:58 +02:00
edac
eisa
extcon
firewire	scsi: sd: Introduce manage_shutdown device flag	2023-10-27 10:00:19 +09:00
firmware	firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit	2023-11-28 17:20:03 +00:00
fpga	fpga: Fix memory leak for fpga_region_test_class_find()	2023-10-24 19:32:39 +02:00
fsi
gnss
gpio	gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound	2023-11-28 17:19:43 +00:00
gpu	i915/perf: Fix NULL deref bugs with drm_dbg() calls	2023-11-28 17:19:54 +00:00
greybus
hid	hid: lenovo: Resend all settings on reset_resume for compact keyboards	2023-11-28 17:20:04 +00:00
hsi
hte	hte: tegra: Fix missing error code in tegra_hte_test_probe()	2023-11-20 11:59:08 +01:00
hv
hwmon	hwmon: (sch5627) Disallow write access if virtual registers are locked	2023-11-20 11:59:08 +01:00
hwspinlock
hwtracing
i2c	i2c: core: Run atomic i2c xfer when !preemptible	2023-11-28 17:20:05 +00:00
i3c	i3c: master: svc: fix random hot join failure since timeout error	2023-11-28 17:20:06 +00:00
idle
iio	iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()	2023-11-28 17:19:45 +00:00
infiniband	RDMA/hfi1: Use FIELD_GET() to extract Link Width	2023-11-28 17:19:42 +00:00
input	Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()	2023-11-20 11:59:34 +01:00
interconnect	interconnect: fix error handling in qnoc_probe()	2023-11-20 11:59:27 +01:00
iommu	iommufd: Fix missing update of domains_itree after splitting iopt_area	2023-11-28 17:19:57 +00:00
ipack
irqchip	irqchip/sifive-plic: Fix syscore registration for multi-socket systems	2023-11-20 11:58:54 +01:00
isdn	isdn: mISDN: hfcsusb: Spelling fix in comment	2023-10-23 09:39:46 +01:00
leds	leds: trigger: netdev: Move size check in set_device_name	2023-11-28 17:20:03 +00:00
macintosh
mailbox
mcb	mcb: fix error handling for different scenarios when parsing	2023-11-28 17:20:05 +00:00
md	dm crypt: account large pages in cc->n_allocated_pages	2023-11-28 17:19:58 +00:00
media	media: venus: hfi: add checks to perform sanity on queue pointers	2023-11-28 17:19:54 +00:00
memory	memory: tegra: Set BPMP msg flags to reset IPC channels	2023-11-20 11:59:17 +01:00
memstick
message
mfd	mfd: qcom-spmi-pmic: Fix revid implementation	2023-11-28 17:20:03 +00:00
misc	misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller	2023-11-28 17:19:44 +00:00
mmc	mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A	2023-11-28 17:20:01 +00:00
most
mtd	mtd: cfi_cmdset_0001: Byte swap OTP info	2023-11-28 17:20:06 +00:00
mux
net	wifi: wilc1000: use vmm_table as array in wilc struct	2023-11-28 17:20:02 +00:00
nfc
ntb
nubus
nvdimm	nd_btt: Make BTT lanes preemptible	2023-11-20 11:59:19 +01:00
nvme	nvme: fix error-handling for io_uring nvme-passthrough	2023-11-20 11:59:35 +01:00
nvmem	nvmem: imx: correct nregs for i.MX6ULL	2023-10-16 21:00:08 +02:00
of	of: address: Fix address translation when address-size is greater than 2	2023-11-28 17:19:39 +00:00
opp
parisc	parisc/power: Add power soft-off when running on qemu	2023-11-28 17:20:00 +00:00
parport
pci	PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card	2023-11-28 17:20:02 +00:00
pcmcia	pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()	2023-11-20 11:59:31 +01:00
peci
perf	drivers: perf: Check find_first_bit() return value	2023-11-28 17:19:54 +00:00
phy	phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs	2023-11-28 17:19:45 +00:00
pinctrl	pinctrl: renesas: rzg2l: Make reverse order of enable() for disable()	2023-11-20 11:59:25 +01:00
platform	platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e	2023-11-28 17:19:39 +00:00
pmdomain	pmdomain: imx: Make imx pgc power domain also set the fwnode	2023-11-28 17:20:00 +00:00
pnp
power	power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint	2023-11-08 11:56:20 +01:00
powercap	powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug()	2023-11-28 17:20:00 +00:00
pps
ps3
ptp	ptp: annotate data-race around q->head and q->tail	2023-11-28 17:19:51 +00:00
pwm	pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume	2023-11-20 11:59:34 +01:00
rapidio
ras
regulator	regulator: qcom-rpmh: Fix smps4 regulator for pm8550ve	2023-11-20 11:59:07 +01:00
remoteproc
reset
rpmsg
rtc	rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call	2023-11-20 11:59:30 +01:00
s390	s390/ap: re-init AP queues on config on	2023-11-20 11:59:28 +01:00
sbus
scsi	scsi: qla2xxx: Fix system crash due to bad pointer access	2023-11-28 17:19:55 +00:00
sh
siox
slimbus
soc	soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop	2023-11-28 17:19:41 +00:00
soundwire	soundwire: dmi-quirks: update HP Omen match	2023-11-28 17:19:45 +00:00
spi	spi: Fix null dereference on suspend	2023-11-28 17:19:55 +00:00
spmi
ssb
staging	media: cedrus: Fix clock/reset sequence	2023-11-20 11:59:32 +01:00
target
tc
tee	ARM: SoC fixes for 6.6, part 2	2023-10-12 11:52:23 -07:00
thermal	thermal: intel: powerclamp: fix mismatch in get function for max_idle	2023-11-28 17:20:02 +00:00
thunderbolt	thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager	2023-11-28 17:19:45 +00:00
tty	hvc/xen: fix event channel handling for secondary consoles	2023-11-28 17:19:57 +00:00
ufs	scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR	2023-11-28 17:19:55 +00:00
uio
usb	usb: gadget: f_ncm: Always set current gadget in ncm_bind()	2023-11-28 17:19:45 +00:00
vdpa	vdpa_sim_blk: allocate the buffer zeroed	2023-11-28 17:19:49 +00:00
vfio
vhost	vhost-vdpa: fix use after free in vhost_vdpa_probe()	2023-11-28 17:19:49 +00:00
video	fbdev: fsl-diu-fb: mark wr_reg_wa() static	2023-11-20 11:59:38 +01:00
virt	virt: sevguest: Fix passing a stack buffer as a scatterlist target	2023-11-20 11:59:30 +01:00
virtio	virtio_pci: fix the common cfg map size	2023-10-18 11:30:12 -04:00
vlynq
w1
watchdog	watchdog: ixp4xx: Make sure restart always works	2023-11-20 11:59:34 +01:00
xen	acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0	2023-11-28 17:19:57 +00:00
zorro
Kconfig
Makefile