Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3888928pxv; Mon, 19 Jul 2021 11:11:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxya56rA1Ow+EhflePnNtMlbveqlG5hjMrchZHgYfiG01t37ZLRW3uYnQSsWLwv0uawSFZr X-Received: by 2002:a05:6602:2099:: with SMTP id a25mr1770488ioa.143.1626718289934; Mon, 19 Jul 2021 11:11:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626718289; cv=none; d=google.com; s=arc-20160816; b=dOB4UfldY6RNWm2g3KEXrrT8OTud21VjWStTg9OzLV4OqSpQ4eRn1HdEnB8eA2SA0T hsT+rNBaumIf6FMyFGuuXaGVLkCEQPep9+n8B6yMPPtz4tp1bvYLZdr6h0PTUCAkCF2c RggYgegHhhTnRZBPZFsguge0mcG0NGz3W52fFjRvS59Eimj9999O/sUeqNnlk03rOeOY d5VO9VvMcyFJVgBQT/sTgrXjmtE1yH1zjGfWFu58nREOebH/izdeH6K8fXcvh3dQMDqn BCcwkyx8qQ2uLRGEaTTjrD0Jo7hjiapgzlRNDiW//sqImOGx4XLbFxvOLcDxUQHIvA/t ubTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=d3d7FppR25hrEbNwBqQVn9cCPzSbaFvytc2eEGaBcHE=; b=0dNh+FFEB0UslOuVKchtP5MZ+kFkS/Cdvk2AnCZkDnJUXOmpj18S6gPSjLUzDXVfRW W3cU0PRZCjX6c6oW+yUSwFgnMRtty15oxdyYbCWVtUieE5yCxRk8IlAHeCQeYKeV336w 7k6TeWD6sGusBzDsHDAhbzJ7f9WEai+a7vPHUZ3ADI2QRlDIswG/4Yh0Oc1gIumLlD42 YI5uIqKXxZx7P0NCZzcwVWG/yqPpHyx1AG17otb9R8VXJVASraAW8+NWnVCKy2YQKhbE J8V4cW5/iaBIB4H6kmfvnliq8hdK5F9/KdBqbjD/ihQLLjgNAtb/OsDwjEdEhuktA/dj PwjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dXAH59Ag; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i26si2270912jav.73.2021.07.19.11.11.18; Mon, 19 Jul 2021 11:11:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dXAH59Ag; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236391AbhGSR2O (ORCPT + 99 others); Mon, 19 Jul 2021 13:28:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:47422 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349652AbhGSPqD (ORCPT ); Mon, 19 Jul 2021 11:46:03 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3ADAE6124C; Mon, 19 Jul 2021 16:26:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626712001; bh=/CLhTyXPjjLRNb07GDJOFxKmUnEMQlQ76RxjoNskkSI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dXAH59AgwJ9S3/0g0KCH3+VM8r88MNswbojq9DTWhECxqybuaRS7TjWlKUvHd3lQJ M70WBdIrJ8zmfjhhQcBEQ0v57XMsQZN43DwYtZdsaKrRAP5xFhrhg8W3Pk93sUeClW 8wPLZpW7Kjd/I+GNs4w1LJhZpoVW9e6tsmYZhyp0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Maurizio Lombardi , Sagi Grimberg , Christoph Hellwig , Sasha Levin Subject: [PATCH 5.12 212/292] nvme-tcp: cant set sk_user_data without write_lock Date: Mon, 19 Jul 2021 16:54:34 +0200 Message-Id: <20210719144949.968781897@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210719144942.514164272@linuxfoundation.org> References: <20210719144942.514164272@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maurizio Lombardi [ Upstream commit 0755d3be2d9bb6ea38598ccd30d6bbaa1a5c3a50 ] The sk_user_data pointer is supposed to be modified only while holding the write_lock "sk_callback_lock", otherwise we could race with other threads and crash the kernel. we can't take the write_lock in nvmet_tcp_state_change() because it would cause a deadlock, but the release_work queue will set the pointer to NULL later so we can simply remove the assignment. Fixes: b5332a9f3f3d ("nvmet-tcp: fix incorrect locking in state_change sk callback") Signed-off-by: Maurizio Lombardi Reviewed-by: Sagi Grimberg Signed-off-by: Christoph Hellwig Signed-off-by: Sasha Levin --- drivers/nvme/target/tcp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c index 4df4f37e6b89..dedcb7aaf0d8 100644 --- a/drivers/nvme/target/tcp.c +++ b/drivers/nvme/target/tcp.c @@ -1467,7 +1467,6 @@ static void nvmet_tcp_state_change(struct sock *sk) case TCP_CLOSE_WAIT: case TCP_CLOSE: /* FALLTHRU */ - sk->sk_user_data = NULL; nvmet_tcp_schedule_release_queue(queue); break; default: -- 2.30.2