linux

mirror of https://github.com/torvalds/linux.git synced 2026-05-23 06:31:58 +02:00

History

Dan Williams 7018c897c2 libnvdimm/dimm: Avoid race between probe and available_slots_show() Richard reports that the following test: (while true; do cat /sys/bus/nd/devices/nmem*/available_slots 2>&1 > /dev/null done) & while true; do for i in $(seq 0 4); do echo nmem$i > /sys/bus/nd/drivers/nvdimm/bind done for i in $(seq 0 4); do echo nmem$i > /sys/bus/nd/drivers/nvdimm/unbind done done ...fails with a crash signature like: divide error: 0000 [#1] SMP KASAN PTI RIP: 0010:nd_label_nfree+0x134/0x1a0 [libnvdimm] [..] Call Trace: available_slots_show+0x4e/0x120 [libnvdimm] dev_attr_show+0x42/0x80 ? memset+0x20/0x40 sysfs_kf_seq_show+0x218/0x410 The root cause is that available_slots_show() consults driver-data, but fails to synchronize against device-unbind setting up a TOCTOU race to access uninitialized memory. Validate driver-data under the device-lock. Fixes: `4d88a97aa9` ("libnvdimm, nvdimm: dimm driver and base libnvdimm device-driver infrastructure") Cc: <stable@vger.kernel.org> Cc: Vishal Verma <vishal.l.verma@intel.com> Cc: Dave Jiang <dave.jiang@intel.com> Cc: Ira Weiny <ira.weiny@intel.com> Cc: Coly Li <colyli@suse.com> Reported-by: Richard Palethorpe <rpalethorpe@suse.com> Acked-by: Richard Palethorpe <rpalethorpe@suse.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>		2021-02-01 16:20:40 -08:00
..
badrange.c	mm/memremap_pages: convert to 'struct range'	2020-10-13 18:38:28 -07:00
blk.c	nvdimm: simplify revalidate_disk handling	2020-09-02 08:00:07 -06:00
btt_devs.c	libnvdimm: Move attribute groups to device type	2019-11-17 09:17:38 -08:00
btt.c	bdi: remove BDI_CAP_SYNCHRONOUS_IO	2020-09-24 13:43:39 -06:00
btt.h	libnvdimm: Cleanup include of badblocks.h	2020-12-15 21:47:45 -08:00
bus.c	nvdimm: simplify revalidate_disk handling	2020-09-02 08:00:07 -06:00
claim.c	libnvdimm: Cleanup include of badblocks.h	2020-12-15 21:47:45 -08:00
core.c	libnvdimm: Cleanup include of badblocks.h	2020-12-15 21:47:45 -08:00
dax_devs.c	libnvdimm: Move attribute groups to device type	2019-11-17 09:17:38 -08:00
dimm_devs.c	libnvdimm/dimm: Avoid race between probe and available_slots_show()	2021-02-01 16:20:40 -08:00
dimm.c	libnvdimm/region: Introduce NDD_LABELING	2020-03-17 12:23:21 -07:00
e820.c	libnvdimm/e820: Retrieve and populate correct 'target_node' info	2020-02-18 10:28:05 -08:00
Kconfig	lib: Uplevel the pmem "region" ida to a global allocator	2019-11-07 15:44:29 +01:00
label.c	libnvdimm/label: Return -ENXIO for no slot in __blk_label_update	2020-12-16 16:53:00 -08:00
label.h	libnvdimm/label: Replace zero-length array with flexible-array member	2020-03-30 12:37:09 -07:00
Makefile	libnvdimm: Enable unit test infrastructure compile checks	2019-09-07 04:28:05 -03:00
namespace_devs.c	libnvdimm/namespace: Fix visibility of namespace resource attribute	2021-01-28 00:22:34 -08:00
nd_virtio.c	virtio_pmem: fix sparse warning	2019-07-16 19:44:26 -07:00
nd-core.h	PM, libnvdimm: Add runtime firmware activation support	2020-07-28 19:28:32 -06:00
nd.h	mm/memremap_pages: convert to 'struct range'	2020-10-13 18:38:28 -07:00
of_pmem.c	powerpc/pmem: Initialize pmem device on newer hardware	2020-07-16 13:00:23 +10:00
pfn_devs.c	mm/memremap_pages: support multiple ranges per invocation	2020-10-13 18:38:28 -07:00
pfn.h	libnvdimm/namespace: Enforce memremap_compat_align()	2020-03-17 12:23:21 -07:00
pmem.c	libnvdimm/pmem: Remove unused header	2021-01-11 12:56:49 -08:00
pmem.h	libnvdimm, pmem: Restore page attributes when clearing errors	2018-08-20 09:22:45 -07:00
region_devs.c	libnvdimm for 5.9	2020-08-11 10:59:19 -07:00
region.c	mm/memremap_pages: convert to 'struct range'	2020-10-13 18:38:28 -07:00
security.c	libnvdimm for 5.9	2020-08-11 10:59:19 -07:00
virtio_pmem.c	virtio_pmem: convert to LE accessors	2020-08-05 11:08:41 -04:00
virtio_pmem.h	virtio-pmem: Add virtio pmem driver	2019-07-05 15:19:10 -07:00