linux-stable/drivers
Xiaoguang Wang bb9b9eb0ae scsi: target: tcmu: Fix possible data corruption
When tcmu_vma_fault() gets a page successfully, before the current context
completes page fault procedure, find_free_blocks() may run and call
unmap_mapping_range() to unmap the page. Assume that when
find_free_blocks() initially completes and the previous page fault
procedure starts to run again and completes, then one truncated page has
been mapped to userspace. But note that tcmu_vma_fault() has gotten a
refcount for the page so any other subsystem won't be able to use the page
unless the userspace address is unmapped later.

If another command subsequently runs and needs to extend dbi_thresh it may
reuse the corresponding slot for the previous page in data_bitmap. Then
though we'll allocate new page for this slot in data_area, no page fault
will happen because we have a valid map and the real request's data will be
lost.

Filesystem implementations will also run into this issue but they usually
lock the page when vm_operations_struct->fault gets a page and unlock the
page after finish_fault() completes. For truncate filesystems lock pages in
truncate_inode_pages() to protect against racing wrt. page faults.

To fix this possible data corruption scenario we can apply a method similar
to the filesystems.  For pages that are to be freed, tcmu_blocks_release()
locks and unlocks. Make tcmu_vma_fault() also lock found page under
cmdr_lock. At the same time, since tcmu_vma_fault() gets an extra page
refcount, tcmu_blocks_release() won't free pages if pages are in page fault
procedure, which means it is safe to call tcmu_blocks_release() before
unmap_mapping_range().

With these changes tcmu_blocks_release() will wait for all page faults to
be completed before calling unmap_mapping_range(). And later, if
unmap_mapping_range() is called, it will ensure stale mappings are removed.

Link: https://lore.kernel.org/r/20220421023735.9018-1-xiaoguang.wang@linux.alibaba.com
Reviewed-by: Bodo Stroesser <bostroesser@gmail.com>
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-05-02 16:59:11 -04:00
..
accessibility
acpi More ACPI updates for 5.18-rc1 2022-03-31 13:08:13 -07:00
amba
android
ata Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
auxdisplay auxdisplay: lcd2s: Use array size explicitly in lcd2s_gotoxy() 2022-03-18 20:31:14 +01:00
base Device properties code update for 5.18-rc1 2022-03-29 11:30:12 -07:00
bcma Core MTD changes: 2022-03-25 13:35:34 -07:00
block for-5.18/drivers-2022-04-02 2022-04-02 11:03:03 -07:00
bluetooth Bluetooth: ath3k: remove superfluous header files 2022-03-18 17:12:09 +01:00
bus Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cdrom SCSI misc on 20220324 2022-03-24 19:37:53 -07:00
char Random number generator fixes for Linux 5.18-rc1. 2022-03-31 14:51:34 -07:00
clk A single revert to fix a boot regression seen when clk_put() started 2022-04-03 12:21:14 -07:00
clocksource asm-generic updates for 5.18 2022-03-23 18:03:08 -07:00
comedi
connector
counter Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cpufreq Merge branch 'cpufreq/arm/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm 2022-03-22 12:15:47 +01:00
cpuidle RISC-V CPU Idle Support 2022-03-30 16:17:54 -07:00
crypto virtio: features, fixes 2022-03-31 13:57:15 -07:00
cxl cxl/core/port: Fix NULL but dereferenced coccicheck error 2022-03-22 10:51:17 -07:00
dax dax for 5.18 2022-03-24 18:12:09 -07:00
dca
devfreq
dio
dma dmaengine updates for v5.18-rc1 2022-03-30 10:54:49 -07:00
dma-buf
edac Merge branch 'edac-amd64' into edac-updates-for-v5.18 2022-03-21 10:34:57 +01:00
eisa
extcon
firewire
firmware Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
fpga
fsi
gnss
gpio gpio fixes for v5.18-rc1 2022-04-01 10:26:09 -07:00
gpu xen: branch for v5.18-rc1 2022-03-28 14:32:39 -07:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2022-04-01 10:14:32 -07:00
hsi
hv hyperv-next for 5.18 2022-03-24 12:30:37 -07:00
hwmon Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
hwspinlock
hwtracing Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
i2c Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2022-03-26 12:46:08 -07:00
i3c
idle cpuidle: intel_idle: Drop redundant backslash at line end 2022-03-17 14:32:59 +01:00
iio Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
infiniband SCSI misc on 20220324 2022-03-24 19:37:53 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2022-04-01 10:14:32 -07:00
interconnect
iommu dma-mapping updates for Linux 5.18 2022-03-29 08:50:14 -07:00
ipack
irqchip asm-generic updates for 5.18 2022-03-23 18:03:08 -07:00
isdn mISDN: fix typo "frame to short" -> "frame too short" 2022-03-21 13:26:38 +00:00
leds LED updates for 5.18-rc1. Nothing major here, there are two drivers 2022-03-27 14:09:48 -07:00
macintosh
mailbox
mcb
md - Fix DM integrity shrink crash due to journal entry not being marked 2022-04-01 15:57:27 -07:00
media drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
memory ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
memstick
message scsi: message: fusion: Remove unused variable retval 2022-04-25 23:26:32 -04:00
mfd - New Drivers 2022-03-25 13:56:18 -07:00
misc Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
mmc TTY/Serial driver changes for 5.18-rc1 2022-03-28 13:00:51 -07:00
most
mtd This pull request contains fixes for JFFS2, UBI and UBIFS 2022-03-31 16:09:41 -07:00
mux
net virtio: features, fixes 2022-03-31 13:57:15 -07:00
nfc spi: Updates for v5.18 2022-03-21 18:33:57 -07:00
ntb
nubus
nvdimm libnvdimm for 5.18 2022-03-30 10:04:11 -07:00
nvme for-5.18/drivers-2022-04-01 2022-04-01 16:26:57 -07:00
nvmem nvmem: brcm_nvram: parse NVRAM content into NVMEM cells 2022-03-18 14:08:36 +01:00
of Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
opp
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-03-29 21:37:12 +02:00
parport parport_pc: Also enable driver for PCI systems 2022-03-18 14:01:41 +01:00
pci pci-v5.18-changes-2 2022-04-02 10:54:52 -07:00
pcmcia
peci
perf RISC-V Patches for the 5.18 Merge Window, Part 1 2022-03-25 10:11:38 -07:00
phy phy: PHY_FSL_LYNX_28G should depend on ARCH_LAYERSCAPE 2022-03-29 08:45:16 -07:00
pinctrl Pin control bulk changes for the v5.18 kernel cycle 2022-03-28 11:52:53 -07:00
platform chrome platform changes for 5.18 2022-04-02 10:44:18 -07:00
pnp PNP update for 5.18-rc1 2022-03-21 14:46:01 -07:00
power Driver core changes for 5.18-rc1 2022-03-28 12:41:28 -07:00
powercap
pps pps: generators: pps_gen_parport: Switch to use module_parport_driver() 2022-03-18 14:01:19 +01:00
ps3
ptp ptp: ocp: handle error from nvmem_device_find 2022-03-30 12:08:11 -07:00
pwm
rapidio
ras
regulator regulator: Fixes for v5.18 2022-03-30 10:58:28 -07:00
remoteproc remoteproc updates for v5.18 2022-03-30 10:50:48 -07:00
reset
rpmsg
rtc RTC for 5.18 2022-04-01 09:37:18 -07:00
s390 s390: cleanup timer API use 2022-03-27 22:18:39 +02:00
sbus
scsi scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call 2022-05-02 16:59:11 -04:00
sh
siox
slimbus
soc Networking changes for 5.18. 2022-03-24 13:13:26 -07:00
soundwire Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
spi Core MTD changes: 2022-03-25 13:35:34 -07:00
spmi
ssb
staging Staging driver update for 5.18-rc1 2022-03-28 12:50:50 -07:00
target scsi: target: tcmu: Fix possible data corruption 2022-05-02 16:59:11 -04:00
tc
tee ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
thermal Merge branch 'thermal-hfi' 2022-03-18 19:00:26 +01:00
thunderbolt Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
tty TTY/Serial driver changes for 5.18-rc1 2022-03-28 13:00:51 -07:00
uio
usb xen: branch for v5.18-rc1 2022-03-28 14:32:39 -07:00
vdpa virtio: features, fixes 2022-03-31 13:57:15 -07:00
vfio hisi_acc_vfio_pci: Use its own PCI reset_done error handler 2022-03-15 11:41:32 -06:00
vhost virtio: features, fixes 2022-03-31 13:57:15 -07:00
video Driver core changes for 5.18-rc1 2022-03-28 12:41:28 -07:00
virt Random number generator fixes for Linux 5.18-rc1. 2022-03-31 14:51:34 -07:00
virtio virtio: features, fixes 2022-03-31 13:57:15 -07:00
visorbus
vlynq
vme
w1 w1: w1_therm: Add support for Maxim MAX31850 thermoelement IF. 2022-03-18 14:07:09 +01:00
watchdog linux-watchdog 5.18-rc1 tag 2022-03-31 14:14:03 -07:00
xen xen: don't hang when resuming PCI device 2022-03-25 14:22:15 -05:00
zorro
Kconfig
Makefile