• Calvin Owens's avatar
    ses: Fix racy cleanup of /sys in remove_dev() · e120dcb6
    Calvin Owens authored
    Currently we free the resources backing the enclosure device before we
    call device_unregister(). This is racy: during rmmod of low-level SCSI
    drivers that hook into enclosure, we end up with a small window of time
    during which writing to /sys can OOPS. Example trace with mpt3sas:
    
      general protection fault: 0000 [#1] SMP KASAN
      Modules linked in: mpt3sas(-) <...>
      RIP: [<ffffffffa0388a98>] ses_get_page2_descriptor.isra.6+0x38/0x220 [ses]
      Call Trace:
       [<ffffffffa0389d14>] ses_set_fault+0xf4/0x400 [ses]
       [<ffffffffa0361069>] set_component_fault+0xa9/0xf0 [enclosure]
       [<ffffffff8205bffc>] dev_attr_store+0x3c/0x70
       [<ffffffff81677df5>] sysfs_kf_write+0x115/0x180
       [<ffffffff81675725>] kernfs_fop_write+0x275/0x3a0
       [<ffffffff8151f810>] __vfs_write+0xe0/0x3e0
       [<ffffffff8152281f>] vfs_write+0x13f/0x4a0
       [<ffffffff81526731>] SyS_write+0x111/0x230
       [<ffffffff828b401b>] entry_SYSCALL_64_fastpath+0x13/0x94
    
    Fortunately the solution is extremely simple: call device_unregister()
    before we free the resources, and the race no longer exists. The driver
    core holds a reference over ->remove_dev(), so AFAICT this is safe.
    Signed-off-by: default avatarCalvin Owens <calvinowens@fb.com>
    Reviewed-by: default avatarJames Bottomley <jejb@linux.vnet.ibm.com>
    Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
    e120dcb6
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...