On Wed, Jan 20, 2016 at 05:48:35AM -0500, Wenbo Wang wrote: > From: Wenbo Wang <wenbo.wang@xxxxxxxxxxxx> > > During reset process, the nvme_dev->bar (ioremapped) may change, > so nvmeq->q_db shall be also updated by nvme_init_queue(). > > Currently nvmeq irq is enabled before queue init, so a spurious > interrupt triggered nvme_process_cq may access nvmeq->q_db just > before it is updated, this could cause kernel panic. > > Signed-off-by: Wenbo Wang <wenbo.wang@xxxxxxxxxxxx> > Reviewed-by: Wenwei Tao <wenwei.tao@xxxxxxxxxxxx> > --- > drivers/nvme/host/pci.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c > index f5c0e26..3371c18 100644 > --- a/drivers/nvme/host/pci.c > +++ b/drivers/nvme/host/pci.c > @@ -1529,9 +1529,6 @@ static struct nvme_queue *nvme_alloc_queue(struct nvme_dev *dev, int qid, > snprintf(nvmeq->irqname, sizeof(nvmeq->irqname), "nvme%dq%d", > dev->instance, qid); > spin_lock_init(&nvmeq->q_lock); > - nvmeq->cq_head = 0; > - nvmeq->cq_phase = 1; > - nvmeq->q_db = &dev->dbs[qid * 2 * dev->db_stride]; > nvmeq->q_depth = depth; > nvmeq->qid = qid; > nvmeq->cq_vector = -1; > @@ -1590,11 +1587,17 @@ static int nvme_create_queue(struct nvme_queue *nvmeq, int qid) > if (result < 0) > goto release_cq; > > + /* > + * Init queue door bell ioremap address before enabling irq, if not, > + * a spurious interrupt triggered nvme_process_cq may access invalid > + * address > + */ > + nvme_init_queue(nvmeq, qid); > + > result = queue_request_irq(dev, nvmeq, nvmeq->irqname); > if (result < 0) > goto release_sq; > > - nvme_init_queue(nvmeq, qid); > return result; > > release_sq: > @@ -1789,6 +1792,8 @@ static int nvme_configure_admin_queue(struct nvme_dev *dev) > if (result) > goto free_nvmeq; > > + nvme_init_queue(nvmeq, 0); > + > nvmeq->cq_vector = 0; > result = queue_request_irq(dev, nvmeq, nvmeq->irqname); > if (result) { > @@ -3164,7 +3169,6 @@ static void nvme_probe_work(struct work_struct *work) > goto disable; > } > > - nvme_init_queue(dev->queues[0], 0); > result = nvme_alloc_admin_tags(dev); > if (result) > goto disable; > -- > 1.8.3.1 > > > > _______________________________________________ > Linux-nvme mailing list > Linux-nvme@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/linux-nvme Reviewed-by: Johannes Thumshirn <jthumshirn@xxxxxxx> -- Johannes Thumshirn Storage jthumshirn@xxxxxxx +49 911 74053 689 SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html