linux/drivers/lightnvm
Rakesh Pandit 75ba4ada82 ligtnvm: fix double blk_put_queue on same queue
On an error path in NVM_DEV_CREATE ioctl blk_put_queue is being called
twice: one via blk_cleanup_queue and another via put_disk.  Straight fix
seems to remove queue pointer so that disk_release never ends up caling
blk_put_queue again.

  [  391.808827] WARNING: CPU: 1 PID: 1250 at lib/refcount.c:128 refcount_sub_and_test+0x70/0x80
  [  391.808830] refcount_t: underflow; use-after-free.
  [ 391.808832] Modules linked in: nf_conntrack_netbios_ns............
  [  391.809052] CPU: 1 PID: 1250 Comm: nvme Not tainted.........
  [  391.809057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
             BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
  [  391.809060] Call Trace:
  [  391.809079]  dump_stack+0x63/0x86
  [  391.809094]  __warn+0xcb/0xf0
  [  391.809103]  warn_slowpath_fmt+0x5f/0x80
  [  391.809118]  refcount_sub_and_test+0x70/0x80
  [  391.809125]  refcount_dec_and_test+0x11/0x20
  [  391.809136]  kobject_put+0x1f/0x60
  [  391.809149]  blk_put_queue+0x15/0x20
  [  391.809159]  disk_release+0xae/0xf0
  [  391.809172]  device_release+0x32/0x90
  [  391.809184]  kobject_release+0x6a/0x170
  [  391.809196]  kobject_put+0x2f/0x60
  [  391.809206]  put_disk+0x17/0x20
  [  391.809219]  nvm_ioctl_dev_create.isra.16+0x897/0xa30
  [  391.809236]  nvm_ctl_ioctl+0x23c/0x4c0
  [  391.809248]  do_vfs_ioctl+0xa3/0x5f0
  [  391.809258]  SyS_ioctl+0x79/0x90
  [  391.809271]  entry_SYSCALL_64_fastpath+0x1a/0xa9
  [  391.809280] RIP: 0033:0x7f5d3ef363c7
  [  391.809286] RSP: 002b:00007ffc72ed8d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
  [  391.809296] RAX: ffffffffffffffda RBX: 00007ffc72edb552 RCX: 00007f5d3ef363c7
  [  391.809301] RDX: 00007ffc72ed8d90 RSI: 0000000040804c22 RDI: 0000000000000003
  [  391.809306] RBP: 0000000000000001 R08: 0000000000000020 R09: 0000000000000001
  [  391.809311] R10: 000000000000053f R11: 0000000000000206 R12: 0000000000000000
  [  391.809316] R13: 0000000000000000 R14: 00007ffc72edb58d R15: 00007ffc72edb581

Signed-off-by: Rakesh Pandit <rakesh@tuxera.com>
Reviewed-by: Matias Bjørling <matias@cnexlabs.com>
Fixes: 7d1ef2f408 "lightnvm: fix cleanup order of disk on init error"
Signed-off-by: Jens Axboe <axboe@fb.com>
2017-04-20 08:17:47 -06:00
..
core.c ligtnvm: fix double blk_put_queue on same queue 2017-04-20 08:17:47 -06:00
Kconfig lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
Makefile lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-cache.c lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-core.c lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-gc.c lightnvm: pblk-gc: fix an error pointer dereference in init 2017-04-16 10:06:34 -06:00
pblk-init.c lightnvm: fix some error code in pblk-init.c 2017-04-16 10:06:34 -06:00
pblk-map.c lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-rb.c lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-read.c lightnvm: fix some WARN() messages 2017-04-16 10:06:34 -06:00
pblk-recovery.c lightnvm: fix some WARN() messages 2017-04-16 10:06:34 -06:00
pblk-rl.c lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-sysfs.c lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
pblk-write.c lightnvm: fix some WARN() messages 2017-04-16 10:06:34 -06:00
pblk.h lightnvm: assume 64-bit lba numbers 2017-04-19 12:07:28 -06:00
rrpc.c lightnvm: fix type checks on rrpc 2017-04-16 10:06:25 -06:00
rrpc.h lightnvm: use end_io callback instead of instance 2017-01-31 08:32:13 -07:00