anitazha / rpms / ndctl

Forked from rpms/ndctl 2 years ago
Clone

Blame 0161-cxl-memdev-Fix-bus_invalidate-crash.patch

Jeff Moyer 2c91dc
From 2dbe3b45879ad614968a75392cb1ef9907d8648d Mon Sep 17 00:00:00 2001
Jeff Moyer 2c91dc
From: Dan Williams <dan.j.williams@intel.com>
Jeff Moyer 2c91dc
Date: Thu, 28 Apr 2022 15:10:37 -0700
Jeff Moyer 2c91dc
Subject: [PATCH 161/217] cxl/memdev: Fix bus_invalidate() crash
Jeff Moyer 2c91dc
Jeff Moyer 2c91dc
bus_invalidate() attempts to limit the invalidation of memdevs to a single
Jeff Moyer 2c91dc
bus scope. However, the ordering of bus_invalidate() leads to a use after
Jeff Moyer 2c91dc
free. Unconditionally invalidate memdevs (disconnect memdevs from their
Jeff Moyer 2c91dc
endpoints) and resotre on next lookup. Otherwise the following command
Jeff Moyer 2c91dc
results in the following backtrace with cxl_test:
Jeff Moyer 2c91dc
Jeff Moyer 2c91dc
    cxl disable-memdev 5,1 --force
Jeff Moyer 2c91dc
Jeff Moyer 2c91dc
#2  0x00007ffff7fb97d4 in snprintf (__fmt=0x7ffff7fbc3ed "%s/driver", __n=98,
Jeff Moyer 2c91dc
    __s=0x574d545619f7bae2 <error: Cannot access memory at address 0x574d545619f7bae2>)
Jeff Moyer 2c91dc
    at /usr/include/bits/stdio2.h:71
Jeff Moyer 2c91dc
#3  cxl_port_is_enabled (port=port@entry=0x422eb0) at ../cxl/lib/libcxl.c:1379
Jeff Moyer 2c91dc
#4  0x00007ffff7fb99a9 in cxl_port_get_bus (port=0x422eb0) at ../cxl/lib/libcxl.c:1339
Jeff Moyer 2c91dc
#5  0x00007ffff7fba3d0 in bus_invalidate (bus=bus@entry=0x421740) at ../cxl/lib/libcxl.c:549
Jeff Moyer 2c91dc
#6  0x00007ffff7fba4e7 in cxl_memdev_disable_invalidate (memdev=0x416fd0) at ../cxl/lib/libcxl.c:596
Jeff Moyer 2c91dc
#7  0x000000000040624e in memdev_action (argc=<optimized out>, argv=<optimized out>, ctx=0x4152a0,
Jeff Moyer 2c91dc
    action=action@entry=0x406b70 <action_disable>, options=options@entry=0x40fca0 <disable_options>,
Jeff Moyer 2c91dc
    usage=usage@entry=0x40f4b0 "cxl disable-memdev <mem0> [<mem1>..<memN>] [<options>]")
Jeff Moyer 2c91dc
    at ../cxl/memdev.c:506
Jeff Moyer 2c91dc
#8  0x0000000000406d57 in cmd_disable_memdev (argc=<optimized out>, argv=<optimized out>,
Jeff Moyer 2c91dc
Jeff Moyer 2c91dc
Link: https://lore.kernel.org/r/165118383756.1676208.5717187278816036969.stgit@dwillia2-desk3.amr.corp.intel.com
Jeff Moyer 2c91dc
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Jeff Moyer 2c91dc
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Jeff Moyer 2c91dc
---
Jeff Moyer 2c91dc
 cxl/lib/libcxl.c | 3 +--
Jeff Moyer 2c91dc
 1 file changed, 1 insertion(+), 2 deletions(-)
Jeff Moyer 2c91dc
Jeff Moyer 2c91dc
diff --git a/cxl/lib/libcxl.c b/cxl/lib/libcxl.c
Jeff Moyer 2c91dc
index 0e8dd20..374b0f1 100644
Jeff Moyer 2c91dc
--- a/cxl/lib/libcxl.c
Jeff Moyer 2c91dc
+++ b/cxl/lib/libcxl.c
Jeff Moyer 2c91dc
@@ -546,8 +546,7 @@ static void bus_invalidate(struct cxl_bus *bus)
Jeff Moyer 2c91dc
 	 * indeterminate, delete them all and start over.
Jeff Moyer 2c91dc
 	 */
Jeff Moyer 2c91dc
 	cxl_memdev_foreach(ctx, memdev)
Jeff Moyer 2c91dc
-		if (cxl_memdev_get_bus(memdev) == bus)
Jeff Moyer 2c91dc
-			memdev->endpoint = NULL;
Jeff Moyer 2c91dc
+		memdev->endpoint = NULL;
Jeff Moyer 2c91dc
 
Jeff Moyer 2c91dc
 	bus_port = cxl_bus_get_port(bus);
Jeff Moyer 2c91dc
 	list_for_each_safe(&bus_port->child_ports, port, _p, list)
Jeff Moyer 2c91dc
-- 
Jeff Moyer 2c91dc
2.27.0
Jeff Moyer 2c91dc