| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8ce7f125-66b3-4c8c-8c99-77d129adb1a8@suse.de>
Date: Wed, 7 May 2025 15:59:02 +0200
From: Hannes Reinecke <hare@...e.de>
To: Daniel Wagner <wagi@...nel.org>, James Smart <james.smart@...adcom.com>,
Christoph Hellwig <hch@....de>, Sagi Grimberg <sagi@...mberg.me>,
Chaitanya Kulkarni <kch@...dia.com>
Cc: Keith Busch <kbusch@...nel.org>, linux-nvme@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 08/14] nvmet-fcloop: prevent double port deletion
On 5/7/25 14:23, Daniel Wagner wrote:
> The delete callback can be called either via the unregister function or
> from the transport directly. Thus it is necessary ensure resources are
> not freed multiple times.
>
> Signed-off-by: Daniel Wagner <wagi@...nel.org>
> ---
> drivers/nvme/target/fcloop.c | 19 +++++++++++++++++--
> 1 file changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/nvme/target/fcloop.c b/drivers/nvme/target/fcloop.c
> index 9adaee3c7129f7e270842c5d09f78de2e108479a..c74baa7f6e43c8bddd9e6948f806f27b032b1d4d 100644
> --- a/drivers/nvme/target/fcloop.c
> +++ b/drivers/nvme/target/fcloop.c
> @@ -215,6 +215,9 @@ struct fcloop_lport_priv {
> struct fcloop_lport *lport;
> };
>
> +/* The port is already being removed, avoid double free */
> +#define PORT_DELETED 0
> +
> struct fcloop_rport {
> struct nvme_fc_remote_port *remoteport;
> struct nvmet_fc_target_port *targetport;
> @@ -223,6 +226,7 @@ struct fcloop_rport {
> spinlock_t lock;
> struct list_head ls_list;
> struct work_struct ls_work;
> + unsigned long flags;
> };
>
> struct fcloop_tport {
> @@ -233,6 +237,7 @@ struct fcloop_tport {
> spinlock_t lock;
> struct list_head ls_list;
> struct work_struct ls_work;
> + unsigned long flags;
> };
>
> struct fcloop_nport {
> @@ -1067,30 +1072,38 @@ static void
> fcloop_remoteport_delete(struct nvme_fc_remote_port *remoteport)
> {
> struct fcloop_rport *rport = remoteport->private;
> + bool put_port = false;
> unsigned long flags;
>
> flush_work(&rport->ls_work);
>
> spin_lock_irqsave(&fcloop_lock, flags);
> + if (!test_and_set_bit(PORT_DELETED, &rport->flags))
> + put_port = true;
> rport->nport->rport = NULL;
Can't we set '->nport' to NULL here (and save it in a temporary
variable)?
Then it's quite obvious if we need to call nport_put(),
and we would do away with the 'flags' field ...
> spin_unlock_irqrestore(&fcloop_lock, flags);
>
> - fcloop_nport_put(rport->nport);
> + if (put_port)
> + fcloop_nport_put(rport->nport);
> }
>
> static void
> fcloop_targetport_delete(struct nvmet_fc_target_port *targetport)
> {
> struct fcloop_tport *tport = targetport->private;
> + bool put_port = false;
> unsigned long flags;
>
> flush_work(&tport->ls_work);
>
> spin_lock_irqsave(&fcloop_lock, flags);
> + if (!test_and_set_bit(PORT_DELETED, &tport->flags))
> + put_port = true;
> tport->nport->tport = NULL;
Similar here.
> spin_unlock_irqrestore(&fcloop_lock, flags);
>
> - fcloop_nport_put(tport->nport);
> + if (put_port)
> + fcloop_nport_put(tport->nport);
> }
>
> #define FCLOOP_HW_QUEUES 4
> @@ -1433,6 +1446,7 @@ fcloop_create_remote_port(struct device *dev, struct device_attribute *attr,
> rport->nport = nport;
> rport->lport = nport->lport;
> nport->rport = rport;
> + rport->flags = 0;
> spin_lock_init(&rport->lock);
> INIT_WORK(&rport->ls_work, fcloop_rport_lsrqst_work);
> INIT_LIST_HEAD(&rport->ls_list);
> @@ -1530,6 +1544,7 @@ fcloop_create_target_port(struct device *dev, struct device_attribute *attr,
> tport->nport = nport;
> tport->lport = nport->lport;
> nport->tport = tport;
> + tport->flags = 0;
> spin_lock_init(&tport->lock);
> INIT_WORK(&tport->ls_work, fcloop_tport_lsrqst_work);
> INIT_LIST_HEAD(&tport->ls_list);
>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Powered by blists - more mailing lists