Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3453468pxk; Mon, 5 Oct 2020 10:01:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwRvFExTBgoFeIC4rd1j3vxjux8/HC0fFq8qHIprX9IhbEKkeo2BhCyonuRFfGN1571JUG8 X-Received: by 2002:a17:906:31d4:: with SMTP id f20mr699205ejf.38.1601917296709; Mon, 05 Oct 2020 10:01:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601917296; cv=none; d=google.com; s=arc-20160816; b=y/AWalVDCguwz20OuXZDg1lxyg81tCtaf4ge5sCVZiETCSt+DiEHl0DalS7W2HkBtG bAGriqtIwjITEhz3xZfNUGpw5X1cAhJ4wOP8CuB1MnrnG/eYKF+jv+/i+fbUSoOlMs8v ntde2+2WW2kywPdKlzmcZzlnWOJEfM48vWC42TyOioagMmKfekCQHxpVIEDbz5imtIJ2 nWdasX++OGDTv+rfzxAlYzavCXloWfDfiEIRaIS1hfaG4b69nE2fRXeyvXPJRsyt04b+ rkU76Snqnm+XbnJUbUJjPM79kjpVopfdRp78ud1m8PeMRrqIe+Vjm9KiERsEGL3v6FvY btiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qtlzDRDTlVtkp11VHlfTDtxRHkKxoF/1YgUXGU3Vm+E=; b=RnL5yHj5w/fZlVIrXFV3ulXlg3k1Br4psNSyUTfwFrVB1wxyIP9GhnpmGpBP5Kdl00 PGcELm7z8TlA7GiSGCPtQj9/uPnSuXHDA6BJSbnWCszvzii+dyZS+PH/tL1xWGpzqdd8 ywoqRvx5f+b0wb3zF+3dEBqn6FLKuX5a1bbvkDf6C/6EMPqbQpekg5u53FErYnyHi3Bc Ds59+TjlOPp6wjC1AgbKDz9j7Vq0sHVAfuL6pvJhsINwYyJouSqwuzbJDX0r/qsn/PH/ zevEkobwP3x5ALFFU0xXQRdmDId2Dbet/Iml0/ovQ1/oCuP2SpKtna4I9slZqmf7tORh j13g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yzB+qk+2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x99si343300ede.160.2020.10.05.10.01.13; Mon, 05 Oct 2020 10:01:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yzB+qk+2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728813AbgJEPlC (ORCPT + 99 others); Mon, 5 Oct 2020 11:41:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:54568 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727512AbgJEP3G (ORCPT ); Mon, 5 Oct 2020 11:29:06 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AB7342168B; Mon, 5 Oct 2020 15:29:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601911744; bh=He6jmorjlksuV0opD+csHqpMD4RGtP+UWVL7C74oT3k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yzB+qk+29u+aLZvOyZuzZqr7hc9zQedLDGt3tAsubXEVyAyAidj2eW32EcYAtW+cX gYh/Qs5lM0bVgzQPxlocEFbZcw9HnmYf7n2FWS0Kz5FZ+SiqoWxTEKVVBr3viEIKPV zALtsW8ixdS2FCBVpb08xjc2QQR/qrxSv8RmzGLc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chaitanya Kulkarni , Christoph Hellwig , Sasha Levin Subject: [PATCH 5.4 22/57] nvme-core: get/put ctrl and transport module in nvme_dev_open/release() Date: Mon, 5 Oct 2020 17:26:34 +0200 Message-Id: <20201005142110.860326385@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201005142109.796046410@linuxfoundation.org> References: <20201005142109.796046410@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chaitanya Kulkarni [ Upstream commit 52a3974feb1a3eec25d8836d37a508b67b0a9cd0 ] Get and put the reference to the ctrl in the nvme_dev_open() and nvme_dev_release() before and after module get/put for ctrl in char device file operations. Introduce char_dev relase function, get/put the controller and module which allows us to fix the potential Oops which can be easily reproduced with a passthru ctrl (although the problem also exists with pure user access): Entering kdb (current=0xffff8887f8290000, pid 3128) on processor 30 Oops: (null) due to oops @ 0xffffffffa01019ad CPU: 30 PID: 3128 Comm: bash Tainted: G W OE 5.8.0-rc4nvme-5.9+ #35 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.4 RIP: 0010:nvme_free_ctrl+0x234/0x285 [nvme_core] Code: 57 10 a0 e8 73 bf 02 e1 ba 3d 11 00 00 48 c7 c6 98 33 10 a0 48 c7 c7 1d 57 10 a0 e8 5b bf 02 e1 8 RSP: 0018:ffffc90001d63de0 EFLAGS: 00010246 RAX: ffffffffa05c0440 RBX: ffff8888119e45a0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8888177e9550 RDI: ffff8888119e43b0 RBP: ffff8887d4768000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffc90001d63c90 R12: ffff8888119e43b0 R13: ffff8888119e5108 R14: dead000000000100 R15: ffff8888119e5108 FS: 00007f1ef27b0740(0000) GS:ffff888817600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffa05c0470 CR3: 00000007f6bee000 CR4: 00000000003406e0 Call Trace: device_release+0x27/0x80 kobject_put+0x98/0x170 nvmet_passthru_ctrl_disable+0x4a/0x70 [nvmet] nvmet_passthru_enable_store+0x4c/0x90 [nvmet] configfs_write_file+0xe6/0x150 vfs_write+0xba/0x1e0 ksys_write+0x5f/0xe0 do_syscall_64+0x52/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f1ef1eb2840 Code: Bad RIP value. RSP: 002b:00007fffdbff0eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1ef1eb2840 RDX: 0000000000000002 RSI: 00007f1ef27d2000 RDI: 0000000000000001 RBP: 00007f1ef27d2000 R08: 000000000000000a R09: 00007f1ef27b0740 R10: 0000000000000001 R11: 0000000000000246 R12: 00007f1ef2186400 R13: 0000000000000002 R14: 0000000000000001 R15: 0000000000000000 With this patch fix we take the module ref count in nvme_dev_open() and release that ref count in newly introduced nvme_dev_release(). Signed-off-by: Chaitanya Kulkarni Signed-off-by: Christoph Hellwig Signed-off-by: Sasha Levin --- drivers/nvme/host/core.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 2cd32901d95c7..24c6d5a446b79 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -2933,10 +2933,24 @@ static int nvme_dev_open(struct inode *inode, struct file *file) return -EWOULDBLOCK; } + nvme_get_ctrl(ctrl); + if (!try_module_get(ctrl->ops->module)) + return -EINVAL; + file->private_data = ctrl; return 0; } +static int nvme_dev_release(struct inode *inode, struct file *file) +{ + struct nvme_ctrl *ctrl = + container_of(inode->i_cdev, struct nvme_ctrl, cdev); + + module_put(ctrl->ops->module); + nvme_put_ctrl(ctrl); + return 0; +} + static int nvme_dev_user_cmd(struct nvme_ctrl *ctrl, void __user *argp) { struct nvme_ns *ns; @@ -2999,6 +3013,7 @@ static long nvme_dev_ioctl(struct file *file, unsigned int cmd, static const struct file_operations nvme_dev_fops = { .owner = THIS_MODULE, .open = nvme_dev_open, + .release = nvme_dev_release, .unlocked_ioctl = nvme_dev_ioctl, .compat_ioctl = nvme_dev_ioctl, }; -- 2.25.1