nvme: unlink head after removing last namespace

mainline inclusion from mainline-v5.8-rc1 commit d5675729 category: bugfix bugzilla: NA CVE: NA Link: https://gitee.com/openeuler/kernel/issues/I1WGZE -------------------------------- The driver had been unlinking the namespace head from the subsystem's list only after the last reference was released, and outside of the list's subsys->lock protection. There is no reason to track an empty head, so unlink the entry from the subsystem's list when the last namespace using that head is removed and with the mutex lock protecting the list update. The next namespace to attach reusing the previous NSID will allocate a new head rather than find the old head with mismatched identifiers. Signed-off-by: N Keith Busch <kbusch@kernel.org> Reviewed-by: N Sagi Grimberg <sagi@grimberg.me> Signed-off-by: N Christoph Hellwig <hch@lst.de> Signed-off-by: N Jens Axboe <axboe@kernel.dk> Reviewed-by: N Chao Leng <lengchao@huawei.com> Reviewed-by: N Jike Cheng <chengjike.cheng@huawei.com> Signed-off-by: N Lijie <lijie34@huawei.com> Acked-by: N Hanjun Guo <guohanjun@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

nvme: unlink head after removing last namespace
mainline inclusion from mainline-v5.8-rc1 commit d5675729 category: bugfix bugzilla: NA CVE: NA Link: https://gitee.com/openeuler/kernel/issues/I1WGZE -------------------------------- The driver had been unlinking the namespace head from the subsystem's list only after the last reference was released, and outside of the list's subsys->lock protection. There is no reason to track an empty head, so unlink the entry from the subsystem's list when the last namespace using that head is removed and with the mutex lock protecting the list update. The next namespace to attach reusing the previous NSID will allocate a new head rather than find the old head with mismatched identifiers. Signed-off-by: N Keith Busch <kbusch@kernel.org> Reviewed-by: N Sagi Grimberg <sagi@grimberg.me> Signed-off-by: N Christoph Hellwig <hch@lst.de> Signed-off-by: N Jens Axboe <axboe@kernel.dk> Reviewed-by: N Chao Leng <lengchao@huawei.com> Reviewed-by: N Jike Cheng <chengjike.cheng@huawei.com> Signed-off-by: N Lijie <lijie34@huawei.com> Acked-by: N Hanjun Guo <guohanjun@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
614a0676 · Keith Busch · Yang Yingliang · c4b7246a · 614a0676
显示空白变更内容
内联并排

Showing with 5 addition and 2 deletion

drivers/nvme/host/core.c drivers/nvme/host/core.c +5 -2

未找到文件。
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -397,7 +397,6 @@ static void nvme_free_ns_head(struct kref *ref)
 	nvme_mpath_remove_disk(head);
 	ida_simple_remove(&head->subsys->ns_ida, head->instance);
-	list_del_init(&head->entry);
 	cleanup_srcu_struct_quiesced(&head->srcu);
 	nvme_put_subsystem(head->subsys);
 	kfree(head);
@@ -3065,7 +3064,6 @@ static int __nvme_check_ids(struct nvme_subsystem *subsys,
 	list_for_each_entry(h, &subsys->nsheads, entry) {
 		if (nvme_ns_ids_valid(&new->ids) &&
-		    !list_empty(&h->list) &&
 		    nvme_ns_ids_equal(&new->ids, &h->ids))
 			return -EINVAL;
 	}
@@ -3293,6 +3291,8 @@ static void nvme_alloc_ns(struct nvme_ctrl *ctrl, unsigned nsid)
 out_unlink_ns:
 	mutex_lock(&ctrl->subsys->lock);
 	list_del_rcu(&ns->siblings);
+	if (list_empty(&ns->head->list))
+		list_del_init(&ns->head->entry);
 	mutex_unlock(&ctrl->subsys->lock);
 	nvme_put_ns_head(ns->head);
 out_free_id:
@@ -3312,7 +3312,10 @@ static void nvme_ns_remove(struct nvme_ns *ns)
 	mutex_lock(&ns->ctrl->subsys->lock);
 	list_del_rcu(&ns->siblings);
+	if (list_empty(&ns->head->list))
+		list_del_init(&ns->head->entry);
 	mutex_unlock(&ns->ctrl->subsys->lock);
 	synchronize_rcu(); /* guarantee not available in head->list */
 	nvme_mpath_clear_current_path(ns);
 	synchronize_srcu(&ns->head->srcu); /* wait for concurrent submissions */