From: Sagi Grimberg sagi@grimberg.me
mainline inclusion from mainline-5.4-rc4 commit 6abff1b9f7b8884a46b7bd80b49e7af0b5625aeb category: bugfix bugzilla: 24170 CVE: NA ---------------------------
nvme_update_formats may fail to revalidate the namespace and attempt to remove the namespace. This may lead to a deadlock as nvme_ns_remove will attempt to acquire the subsystem lock which is already acquired by the passthru command with effects.
Move the invalid namepsace removal to after the passthru command releases the subsystem lock.
Reported-by: Judy Brock judy.brock@samsung.com Signed-off-by: Sagi Grimberg sagi@grimberg.me Signed-off-by: Sun Ke sunke32@huawei.com Reviewed-by: Hou Tao houtao1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/nvme/host/core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 820faecb..6d1d6ca 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1234,8 +1234,6 @@ static void nvme_update_formats(struct nvme_ctrl *ctrl) if (ns->disk && nvme_revalidate_disk(ns->disk)) nvme_set_queue_dying(ns); up_read(&ctrl->namespaces_rwsem); - - nvme_remove_invalid_namespaces(ctrl, NVME_NSID_ALL); }
static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects) @@ -1251,6 +1249,7 @@ static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects) nvme_unfreeze(ctrl); nvme_mpath_unfreeze(ctrl->subsys); mutex_unlock(&ctrl->subsys->lock); + nvme_remove_invalid_namespaces(ctrl, NVME_NSID_ALL); mutex_unlock(&ctrl->scan_lock); } if (effects & NVME_CMD_EFFECTS_CCC)