nvme fixes for Linux 6.10

- Discard double free on error conditions (Chunguang)
  - Target Fixes (Daniel)
  - Namespace detachment regression fix (Keith)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE3Fbyvv+648XNRdHTPe3zGtjzRgkFAmZrP4AACgkQPe3zGtjz
 Rgmg9g//SA59e4N7XH72xZxpGXkKOMtvGp1Ku2C4Yf1yzmWcst2tBkYq8ZRBStnj
 Ohb6BkEhKcLL63/PVgXX84AtaDvzJ7qjaQzivK5zjnbtPsspOe2Wieuyx3c/UJxM
 B3g1IV4mbG9qlA9yxaA6DyehyKwy0iJC9Y/bd6MuikeXBsdr/rnJ0Mhu/PRDrn1A
 XdZxu1JCvS4azMes5Iu0L1WEZSexsFEj1DYx376YIWKRfORmho87d1hv4JO+EE1C
 6atmuDhCwqGUZbgHQ8CauS9/OiK+5Pl+LeE2Cbwy9tb1RfB6/GYzVW6c2svAMbvD
 DP/n+/AIjkjw7fgKxoE52LEvCYpFPMoatmWKNSTyfZ35EYYe7aPA+uAo9xHNXdwQ
 D1od01zQ/04V1w8iRu/ASxyksoHqfT9jjg6FjT7QgwIurDYAKjgpdP8KWoQQbYWp
 IaHcTru1plIFecKgq5D3y1EeQEAkPJf1bQWZUMIWVST4/e4dL4KYKtoIlDLwoIei
 PNjeYp4JpG5APJtZM2sb4Y8Xm77T3wMBAJEa768naelAjqzH9GKQpVC/x1yu0Z8Q
 7m8vbvFRkUADdJcEb7Bo4O6zVJhOFSGNfE7M6ozSr4HTrggutHhTdMXHhUyg3OGf
 gmBcb6+OAqt/cuxJ3JsXhtIOdYyFgiwrDzR7cIR1+Nb5rjLvkjI=
 =RK8+
 -----END PGP SIGNATURE-----

Merge tag 'nvme-6.10-2024-06-13' of git://git.infradead.org/nvme into block-6.10

Pull NVMe fixes from Keith:

"nvme fixes for Linux 6.10

 - Discard double free on error conditions (Chunguang)
 - Target Fixes (Daniel)
 - Namespace detachment regression fix (Keith)"

* tag 'nvme-6.10-2024-06-13' of git://git.infradead.org/nvme:
  nvme: fix namespace removal list
  nvmet: always initialize cqe.result
  nvmet-passthru: propagate status from id override functions
  nvme: avoid double free special payload
This commit is contained in:
Jens Axboe 2024-06-13 14:19:57 -06:00
commit e3e53683cc
5 changed files with 10 additions and 16 deletions

View File

@ -998,6 +998,7 @@ void nvme_cleanup_cmd(struct request *req)
clear_bit_unlock(0, &ctrl->discard_page_busy);
else
kfree(bvec_virt(&req->special_vec));
req->rq_flags &= ~RQF_SPECIAL_PAYLOAD;
}
}
EXPORT_SYMBOL_GPL(nvme_cleanup_cmd);
@ -3959,12 +3960,13 @@ static void nvme_remove_invalid_namespaces(struct nvme_ctrl *ctrl,
mutex_lock(&ctrl->namespaces_lock);
list_for_each_entry_safe(ns, next, &ctrl->namespaces, list) {
if (ns->head->ns_id > nsid)
list_splice_init_rcu(&ns->list, &rm_list,
synchronize_rcu);
if (ns->head->ns_id > nsid) {
list_del_rcu(&ns->list);
synchronize_srcu(&ctrl->srcu);
list_add_tail_rcu(&ns->list, &rm_list);
}
}
mutex_unlock(&ctrl->namespaces_lock);
synchronize_srcu(&ctrl->srcu);
list_for_each_entry_safe(ns, next, &rm_list, list)
nvme_ns_remove(ns);

View File

@ -957,6 +957,7 @@ bool nvmet_req_init(struct nvmet_req *req, struct nvmet_cq *cq,
req->metadata_sg_cnt = 0;
req->transfer_len = 0;
req->metadata_len = 0;
req->cqe->result.u64 = 0;
req->cqe->status = 0;
req->cqe->sq_head = 0;
req->ns = NULL;

View File

@ -333,7 +333,6 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
pr_debug("%s: ctrl %d qid %d nvme status %x error loc %d\n",
__func__, ctrl->cntlid, req->sq->qid,
status, req->error_loc);
req->cqe->result.u64 = 0;
if (req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 &&
req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) {
unsigned long auth_expire_secs = ctrl->kato ? ctrl->kato : 120;
@ -516,8 +515,6 @@ void nvmet_execute_auth_receive(struct nvmet_req *req)
status = nvmet_copy_to_sgl(req, 0, d, al);
kfree(d);
done:
req->cqe->result.u64 = 0;
if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2)
nvmet_auth_sq_free(req->sq);
else if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {

View File

@ -226,9 +226,6 @@ static void nvmet_execute_admin_connect(struct nvmet_req *req)
if (status)
goto out;
/* zero out initial completion result, assign values as needed */
req->cqe->result.u32 = 0;
if (c->recfmt != 0) {
pr_warn("invalid connect version (%d).\n",
le16_to_cpu(c->recfmt));
@ -305,9 +302,6 @@ static void nvmet_execute_io_connect(struct nvmet_req *req)
if (status)
goto out;
/* zero out initial completion result, assign values as needed */
req->cqe->result.u32 = 0;
if (c->recfmt != 0) {
pr_warn("invalid connect version (%d).\n",
le16_to_cpu(c->recfmt));

View File

@ -226,13 +226,13 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w)
req->cmd->common.opcode == nvme_admin_identify) {
switch (req->cmd->identify.cns) {
case NVME_ID_CNS_CTRL:
nvmet_passthru_override_id_ctrl(req);
status = nvmet_passthru_override_id_ctrl(req);
break;
case NVME_ID_CNS_NS:
nvmet_passthru_override_id_ns(req);
status = nvmet_passthru_override_id_ns(req);
break;
case NVME_ID_CNS_NS_DESC_LIST:
nvmet_passthru_override_id_descs(req);
status = nvmet_passthru_override_id_descs(req);
break;
}
} else if (status < 0)