tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

nvme: release namespace SRCU protection before performing controller ioctls

Holding the SRCU critical section protecting the namespace list can
cause deadlocks when using the per-namespace admin passthrough ioctl to
delete as namespace. Release it earlier when performing per-controller
ioctls to avoid that.

Reported-by: Kenneth Heitke <kenneth.heitke@intel.com>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>

authored by

Christoph Hellwig and committed by
Keith Busch 5fb4aac7 90ec611a

+20 -5
unified split
+20 -5
drivers/nvme/host/core.c
··· 1394 1394 if (unlikely(!ns)) 1395 1395 return -EWOULDBLOCK; 1396 1396 1397 + /* 1398 + * Handle ioctls that apply to the controller instead of the namespace 1399 + * seperately and drop the ns SRCU reference early. This avoids a 1400 + * deadlock when deleting namespaces using the passthrough interface. 1401 + */ 1402 + if (cmd == NVME_IOCTL_ADMIN_CMD || is_sed_ioctl(cmd)) { 1403 + struct nvme_ctrl *ctrl = ns->ctrl; 1404 + 1405 + nvme_get_ctrl(ns->ctrl); 1406 + nvme_put_ns_from_disk(head, srcu_idx); 1407 + 1408 + if (cmd == NVME_IOCTL_ADMIN_CMD) 1409 + ret = nvme_user_cmd(ctrl, NULL, argp); 1410 + else 1411 + ret = sed_ioctl(ctrl->opal_dev, cmd, argp); 1412 + 1413 + nvme_put_ctrl(ctrl); 1414 + return ret; 1415 + } 1416 + 1397 1417 switch (cmd) { 1398 1418 case NVME_IOCTL_ID: 1399 1419 force_successful_syscall_return(); 1400 1420 ret = ns->head->ns_id; 1401 - break; 1402 - case NVME_IOCTL_ADMIN_CMD: 1403 - ret = nvme_user_cmd(ns->ctrl, NULL, argp); 1404 1421 break; 1405 1422 case NVME_IOCTL_IO_CMD: 1406 1423 ret = nvme_user_cmd(ns->ctrl, ns, argp); ··· 1428 1411 default: 1429 1412 if (ns->ndev) 1430 1413 ret = nvme_nvm_ioctl(ns, cmd, arg); 1431 - else if (is_sed_ioctl(cmd)) 1432 - ret = sed_ioctl(ns->ctrl->opal_dev, cmd, argp); 1433 1414 else 1434 1415 ret = -ENOTTY; 1435 1416 }