The conversion of the cpu hotplug locking to a percpu rwsem does not longer
allow recursive locking of the hotplug lock.
The BNX2I and BNX2FC drivers install/remove hotplug states with the hotplug
lock held. The install/removal code acquired the hotplug lock as well.
While looking into this, I noticed an interesting hotplug race in the
BNX2FC driver, which could result in dereferencing a NULL pointer or freed
and potentially reused memory.
The following series addresses these problems and as a final step on top it
simplifies the hotplug code in both drivers.
Thanks,
tglx
----
drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 68 ++++++++------------------------------
drivers/scsi/bnx2fc/bnx2fc_hwi.c | 45 ++++++++++++-------------
drivers/scsi/bnx2i/bnx2i_init.c | 64 ++++++++---------------------------
include/linux/cpuhotplug.h | 2 -
4 files changed, 53 insertions(+), 126 deletions(-)
On Mon, 24 Jul 2017, 6:52am, Thomas Gleixner wrote:
> The conversion of the cpu hotplug locking to a percpu rwsem does not longer
> allow recursive locking of the hotplug lock.
>
> The BNX2I and BNX2FC drivers install/remove hotplug states with the hotplug
> lock held. The install/removal code acquired the hotplug lock as well.
>
> While looking into this, I noticed an interesting hotplug race in the
> BNX2FC driver, which could result in dereferencing a NULL pointer or freed
> and potentially reused memory.
>
> The following series addresses these problems and as a final step on top it
> simplifies the hotplug code in both drivers.
>
> Thanks,
>
> tglx
>
> ----
> drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 68 ++++++++------------------------------
> drivers/scsi/bnx2fc/bnx2fc_hwi.c | 45 ++++++++++++-------------
> drivers/scsi/bnx2i/bnx2i_init.c | 64 ++++++++---------------------------
> include/linux/cpuhotplug.h | 2 -
> 4 files changed, 53 insertions(+), 126 deletions(-)
>
We tested the series and everything was fine. Ack to the series.
Acked-by: Chad Dupuis <[email protected]>
Thomas,
> The conversion of the cpu hotplug locking to a percpu rwsem does not
> longer allow recursive locking of the hotplug lock.
>
> The BNX2I and BNX2FC drivers install/remove hotplug states with the
> hotplug lock held. The install/removal code acquired the hotplug lock
> as well.
>
> While looking into this, I noticed an interesting hotplug race in the
> BNX2FC driver, which could result in dereferencing a NULL pointer or
> freed and potentially reused memory.
>
> The following series addresses these problems and as a final step on
> top it simplifies the hotplug code in both drivers.
Applied to 4.13/scsi-fixes. Thank you!
--
Martin K. Petersen Oracle Linux Engineering