lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230404020545.32359-2-decui@microsoft.com> Date: Mon, 3 Apr 2023 19:05:40 -0700 From: Dexuan Cui <decui@...rosoft.com> To: bhelgaas@...gle.com, davem@...emloft.net, decui@...rosoft.com, edumazet@...gle.com, haiyangz@...rosoft.com, jakeo@...rosoft.com, kuba@...nel.org, kw@...ux.com, kys@...rosoft.com, leon@...nel.org, linux-pci@...r.kernel.org, lpieralisi@...nel.org, mikelley@...rosoft.com, pabeni@...hat.com, robh@...nel.org, saeedm@...dia.com, wei.liu@...nel.org, longli@...rosoft.com, boqun.feng@...il.com, ssengar@...rosoft.com, helgaas@...nel.org Cc: linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org, netdev@...r.kernel.org, stable@...r.kernel.org Subject: [PATCH v2 1/6] PCI: hv: Fix a race condition bug in hv_pci_query_relations() Fix the longstanding race between hv_pci_query_relations() and survey_child_resources() by flushing the workqueue before we exit from hv_pci_query_relations(). Fixes: 4daace0d8ce8 ("PCI: hv: Add paravirtual PCI front-end for Microsoft Hyper-V VMs") Signed-off-by: Dexuan Cui <decui@...rosoft.com> Cc: stable@...r.kernel.org --- v2: Removed the "debug code". No change to the patch body. Added Cc:stable drivers/pci/controller/pci-hyperv.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c index f33370b756283..b82c7cde19e66 100644 --- a/drivers/pci/controller/pci-hyperv.c +++ b/drivers/pci/controller/pci-hyperv.c @@ -3308,6 +3308,19 @@ static int hv_pci_query_relations(struct hv_device *hdev) if (!ret) ret = wait_for_response(hdev, &comp); + /* + * In the case of fast device addition/removal, it's possible that + * vmbus_sendpacket() or wait_for_response() returns -ENODEV but we + * already got a PCI_BUS_RELATIONS* message from the host and the + * channel callback already scheduled a work to hbus->wq, which can be + * running survey_child_resources() -> complete(&hbus->survey_event), + * even after hv_pci_query_relations() exits and the stack variable + * 'comp' is no longer valid. This can cause a strange hang issue + * or sometimes a page fault. Flush hbus->wq before we exit from + * hv_pci_query_relations() to avoid the issues. + */ + flush_workqueue(hbus->wq); + return ret; } -- 2.25.1
Powered by blists - more mailing lists