Re: nvme-pci: NULL pointer dereference in nvme_dev_disable() on linux-next

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/7/22 09:28, Gerd Bayer wrote:
> Hi,
> 
> our internal s390 CI pointed us to a potential racy "use after free" or similar
> issue in drivers/nvme/host/pci.c by ending one of the tests in the following
> kernel panic:
> 

Thanks a lot for reporting this ...

[...]
> 
> On a stock kernel from
> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tag/?h=next-20221104
> we have been able to reproduce this at will with
> this small script
> 
> #!/usr/bin/env bash
> 
> echo $1 > /sys/bus/pci/drivers/nvme/unbind
> echo $1 > /sys/bus/pci/drivers/nvme/bind
> echo 1 > /sys/bus/pci/devices/$1/remove
> 
> when filling in the NVMe drives' PCI identifier.
> 

Can you please submit a blktests for this ?
so this will get tested by everyone at each release ?

> We believe this to be a race-condition somewhere, since this sequence does not produce the panic
> when executed interactively.
> 

You can try and bisect the code to point out at exact commit.

> Could this be linked to the recent (refactoring) work by Christoph Hellwig?
> E.g. https://lore.kernel.org/all/20221101150050.3510-3-hch@xxxxxx/
> 
> Thank you,
> Gerd Bayer
> 
> 

-ck





[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux