github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
b64415c6b3
linux/drivers
History
Gioh Kim b64415c6b3 RDMA/rtrs-clt: destroy sysfs after removing session from active list 
[ Upstream commit 7f4a8592ff ]

A session can be removed dynamically by sysfs interface "remove_path" that
eventually calls rtrs_clt_remove_path_from_sysfs function.  The current
rtrs_clt_remove_path_from_sysfs first removes the sysfs interfaces and
frees sess->stats object. Second it removes the session from the active
list.

Therefore some functions could access non-connected session and access the
freed sess->stats object even-if they check the session status before
accessing the session.

For instance rtrs_clt_request and get_next_path_min_inflight check the
session status and try to send IO to the session.  The session status
could be changed when they are trying to send IO but they could not catch
the change and update the statistics information in sess->stats object,
and generate use-after-free problem.
(see: "RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its
stats")

This patch changes the rtrs_clt_remove_path_from_sysfs to remove the
session from the active session list and then destroy the sysfs
interfaces.

Each function still should check the session status because closing or
error recovery paths can change the status.

Fixes: 6a98d71dae ("RDMA/rtrs: client: main functionality")
Link: https://lore.kernel.org/r/20210412084002.33582-1-gi-oh.kim@ionos.com
Signed-off-by: Gioh Kim <gi-oh.kim@ionos.com>
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-05-14 09:50:36 +02:00
..
accessibility
acpi ACPI: CPPC: Replace cppc_attr with kobj_attribute 2021-05-14 09:50:16 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 11:38:02 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:54:09 +01:00
ata ata: libahci_platform: fix IRQ check 2021-05-14 09:50:24 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:31:50 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 11:38:00 +01:00
base node: fix device cleanups in error handling code 2021-05-14 09:50:19 +02:00
bcma
block drivers/block/null_blk/main: Fix a double free in null_init. 2021-05-14 09:50:28 +02:00
bluetooth Bluetooth: btqca: Add valid le states quirk 2021-03-11 14:17:22 +01:00
bus bus: qcom: Put child node before return 2021-05-14 09:50:13 +02:00
cdrom
char ttyprintk: Add TTY hangup callback. 2021-05-14 09:50:21 +02:00
clk clk: uniphier: Fix potential infinite loop 2021-05-14 09:50:26 +02:00
clocksource clocksource/drivers/ingenic_ost: Fix return value check in ingenic_ost_probe() 2021-05-14 09:50:16 +02:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-03-25 09:04:16 +01:00
cpufreq cpufreq: armada-37xx: Fix determining base CPU frequency 2021-05-14 09:50:17 +02:00
cpuidle cpuidle: Fix ARM_QCOM_SPM_CPUIDLE configuration 2021-05-14 09:50:16 +02:00
crypto crypto: chelsio - Read rxchannel-id from firmware 2021-05-14 09:50:19 +02:00
dax device-dax: Fix default return code of range_parse() 2021-03-04 11:38:15 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:50:15 +02:00
dio
dma dmaengine: tegra20: Fix runtime PM imbalance on error 2021-04-28 13:40:01 +02:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:18:24 +01:00
edac EDAC/amd64: Do not load on family 0x15, model 0x13 2021-03-07 12:34:08 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:47:24 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 15:00:11 +02:00
firmware firmware: qcom-scm: Fix QCOM_SCM configuration 2021-05-14 09:50:19 +02:00
fpga fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER 2021-05-14 09:50:06 +02:00
fsi
gnss
gpio gpio: omap: Save and restore sysconfig 2021-04-28 13:39:59 +02:00
gpu drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() 2021-05-14 09:50:26 +02:00
greybus
hid HID: lenovo: Map mic-mute button to KEY_F20 instead of KEY_MICMUTE 2021-05-14 09:50:33 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:50:28 +02:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:50:21 +02:00
hwmon hwmon: (pmbus/pxe1610) don't bail out when not all pages are active 2021-05-14 09:50:20 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:47:35 +02:00
i2c i2c: designware: Adjust bus_freq_hz when refuse high speed mode set 2021-04-14 08:42:11 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:50:05 +02:00
ide ide/falconide: Fix module unload 2021-03-04 11:38:21 +01:00
idle
iio iio: adc: Kconfig: make AD9467 depend on ADI_AXI_ADC symbol 2021-05-14 09:50:15 +02:00
infiniband RDMA/rtrs-clt: destroy sysfs after removing session from active list 2021-05-14 09:50:36 +02:00
input Input: ili210x - add missing negation for touch indication on ili210x 2021-05-11 14:47:34 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:43:19 +02:00
iommu iommu/vt-d: Invalidate PASID cache when root/context entry changed 2021-05-14 09:50:33 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:50:15 +02:00
isdn mISDN: fix crash in fritzpci 2021-04-10 13:36:08 +02:00
leds leds: trigger: fix potential deadlock with libata 2021-02-03 23:28:41 +01:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:55:22 +01:00
macintosh macintosh/adb-iop: Use big-endian autopoll mask 2021-03-04 11:37:42 +01:00
mailbox mailbox: sprd: Introduce refcnt when clients requests/free channels 2021-05-14 09:50:27 +02:00
mcb
md md: Fix missing unused status line of /proc/mdstat 2021-05-14 09:49:59 +02:00
media media: v4l2-ctrls.c: fix race condition in hdl->requests list 2021-05-14 09:50:25 +02:00
memory memory: samsung: exynos5422-dmc: handle clk_set_parent() failure 2021-05-14 09:50:19 +02:00
memstick
message
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:50:27 +02:00
misc misc: vmw_vmci: explicitly initialize vmci_datagram payload 2021-05-14 09:49:59 +02:00
mmc mmc: sdhci-brcmstb: Remove CQE quirk 2021-05-11 14:47:26 +02:00
most
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:50:15 +02:00
mux
net net: thunderx: Fix unintentional sign extension issue 2021-05-14 09:50:36 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:50:32 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 13:00:55 +02:00
nvme nvme-pci: don't simple map sgl when sgls are disabled 2021-05-14 09:50:27 +02:00
nvmem drivers: nvmem: Fix voltage settings for QTI qfprom-efuse 2021-05-14 09:50:14 +02:00
of of: overlay: fix for_each_child.cocci warnings 2021-05-14 09:50:24 +02:00
opp opp: Correct debug message in _opp_add_static_v2() 2021-03-04 11:37:27 +01:00
oprofile
parisc
parport
pci PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c 2021-05-14 09:49:58 +02:00
pcmcia
perf perf/arm_pmu_platform: Fix error handling 2021-05-11 14:47:19 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:50:13 +02:00
pinctrl pinctrl: pinctrl-single: fix pcs_pin_dbg_show() when bits_per_mux is not zero 2021-05-14 09:50:30 +02:00
platform platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table 2021-05-14 09:50:20 +02:00
pnp
power power: supply: bq25980: Move props from battery node 2021-05-14 09:50:25 +02:00
powercap
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:53:53 +01:00
ptp ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation 2021-04-10 13:36:09 +02:00
pwm pwm: iqs620a: Fix overflow and optimize calculations 2021-03-04 11:38:17 +01:00
rapidio
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:42:12 +02:00
regulator regulator: bd9576: Fix return from bd957x_probe() 2021-05-14 09:50:10 +02:00
remoteproc remoteproc: qcom: pil_info: avoid 64-bit division 2021-04-14 08:42:05 +02:00
reset
rpmsg
rtc rtc: zynqmp: depend on HAS_IOMEM 2021-03-04 11:38:03 +01:00
s390 s390/zcrypt: fix zcard and zqueue hot-unplug memleak 2021-05-11 14:47:11 +02:00
sbus
scsi scsi: ibmvfc: Fix invalid state machine BUG_ON() 2021-05-14 09:50:27 +02:00
sfi
sh
siox
slimbus
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:50:21 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:50:14 +02:00
spi spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails 2021-05-14 09:50:20 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 11:38:40 +01:00
ssb
staging media: cedrus: Fix H265 status definitions 2021-05-14 09:50:28 +02:00
target scsi: target: pscsi: Fix warning in pscsi_complete_cmd() 2021-05-11 14:47:23 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:47:18 +02:00
thermal thermal/core/fair share: Lock the thermal zone while looping over instances 2021-05-11 14:47:41 +02:00
thunderbolt thunderbolt: Fix off by one in tb_port_find_retimer() 2021-04-14 08:42:03 +02:00
tty serial: omap: fix rs485 half-duplex filtering 2021-05-14 09:50:21 +02:00
uio
usb usb: dwc2: Fix hibernation between host and device modes. 2021-05-14 09:50:21 +02:00
vdpa vdpa/mlx5: Set err = -ENOMEM in case dma_map_sg_attrs fails 2021-04-28 13:39:59 +02:00
vfio vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer 2021-05-14 09:50:26 +02:00
vhost vhost-vdpa: fix vm_flags for virtqueue doorbell mapping 2021-05-11 14:47:12 +02:00
video backlight: qcom-wled: Fix FSC update issue for WLED5 2021-05-11 14:47:25 +02:00
virt nitro_enclaves: Fix stale file descriptors on failed usercopy 2021-05-11 14:47:11 +02:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:54:00 +01:00
visorbus
vlynq
vme
w1 w1: w1_therm: Fix conversion result for negative temperatures 2021-03-04 11:37:18 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 11:38:36 +01:00
xen xen/events: fix setting irq affinity 2021-04-16 11:43:22 +02:00
zorro
Kconfig
Makefile