| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <10fec246-82a6-40bf-a522-ea3de7fa0624@suse.de>
Date: Thu, 24 Apr 2025 12:17:32 +0200
From: Hannes Reinecke <hare@...e.de>
To: Daniel Wagner <wagi@...nel.org>, James Smart <james.smart@...adcom.com>,
Christoph Hellwig <hch@....de>, Sagi Grimberg <sagi@...mberg.me>,
Chaitanya Kulkarni <kch@...dia.com>
Cc: Keith Busch <kbusch@...nel.org>, linux-nvme@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 08/14] nvmet-fcloop: prevent double port deletion
On 4/23/25 15:21, Daniel Wagner wrote:
> The delete callback can be called either via the unregister function or
> from the transport directly. Thus it is necessary ensure resources are
> not freed multiple times.
>
> Signed-off-by: Daniel Wagner <wagi@...nel.org>
> ---
> drivers/nvme/target/fcloop.c | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/drivers/nvme/target/fcloop.c b/drivers/nvme/target/fcloop.c
> index 9adaee3c7129f7e270842c5d09f78de2e108479a..014cc66f92cb1db0a81a79d2109eae3fff5fd38a 100644
> --- a/drivers/nvme/target/fcloop.c
> +++ b/drivers/nvme/target/fcloop.c
> @@ -215,6 +215,9 @@ struct fcloop_lport_priv {
> struct fcloop_lport *lport;
> };
>
> +/* The port is already being removed, avoid double free */
> +#define PORT_DELETED 0
> +
> struct fcloop_rport {
> struct nvme_fc_remote_port *remoteport;
> struct nvmet_fc_target_port *targetport;
> @@ -223,6 +226,7 @@ struct fcloop_rport {
> spinlock_t lock;
> struct list_head ls_list;
> struct work_struct ls_work;
> + unsigned long flags;
> };
>
> struct fcloop_tport {
> @@ -233,6 +237,7 @@ struct fcloop_tport {
> spinlock_t lock;
> struct list_head ls_list;
> struct work_struct ls_work;
> + unsigned long flags;
> };
>
> struct fcloop_nport {
> @@ -1067,14 +1072,20 @@ static void
> fcloop_remoteport_delete(struct nvme_fc_remote_port *remoteport)
> {
> struct fcloop_rport *rport = remoteport->private;
> + bool delete_port = true;
> unsigned long flags;
>
> flush_work(&rport->ls_work);
>
> spin_lock_irqsave(&fcloop_lock, flags);
> + if (test_and_set_bit(PORT_DELETED, &rport->flags))
> + delete_port = false;
> rport->nport->rport = NULL;
> spin_unlock_irqrestore(&fcloop_lock, flags);
>
> + if (!delete_port)
> + return;
> +
The double negation is hard to follow. Can't you
rename it to 'put_port' or somesuch and invert the logic?
> fcloop_nport_put(rport->nport);
> }
>
> @@ -1082,14 +1093,20 @@ static void
> fcloop_targetport_delete(struct nvmet_fc_target_port *targetport)
> {
> struct fcloop_tport *tport = targetport->private;
> + bool delete_port = true;
> unsigned long flags;
>
> flush_work(&tport->ls_work);
>
> spin_lock_irqsave(&fcloop_lock, flags);
> + if (test_and_set_bit(PORT_DELETED, &tport->flags))
> + delete_port = false;
> tport->nport->tport = NULL;
> spin_unlock_irqrestore(&fcloop_lock, flags);
>
> + if (!delete_port)
> + return;
> +
Same here.
> fcloop_nport_put(tport->nport);
> }
>
> @@ -1433,6 +1450,7 @@ fcloop_create_remote_port(struct device *dev, struct device_attribute *attr,
> rport->nport = nport;
> rport->lport = nport->lport;
> nport->rport = rport;
> + rport->flags = 0;
> spin_lock_init(&rport->lock);
> INIT_WORK(&rport->ls_work, fcloop_rport_lsrqst_work);
> INIT_LIST_HEAD(&rport->ls_list);
> @@ -1530,6 +1548,7 @@ fcloop_create_target_port(struct device *dev, struct device_attribute *attr,
> tport->nport = nport;
> tport->lport = nport->lport;
> nport->tport = tport;
> + tport->flags = 0;
> spin_lock_init(&tport->lock);
> INIT_WORK(&tport->ls_work, fcloop_tport_lsrqst_work);
> INIT_LIST_HEAD(&tport->ls_list);
>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Powered by blists - more mailing lists