Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-07-21 10:23:21 +0200
committerJiri Slaby <jslaby@suse.cz>2019-07-21 10:23:28 +0200
commit849a27d845f308feafb32aafb8416bea22ad5677 (patch)
treec31d56505906f4859e4b940cc446eda937c283f3
parentc04b328a49fed8a7875b7530f54825b870d98686 (diff)
s390/qdio: (re-)initialize tiqdio list entries (bnc#1012628).
-rw-r--r--patches.kernel.org/5.2.2-016-s390-qdio-re-initialize-tiqdio-list-entries.patch84
-rw-r--r--series.conf1
2 files changed, 85 insertions, 0 deletions
diff --git a/patches.kernel.org/5.2.2-016-s390-qdio-re-initialize-tiqdio-list-entries.patch b/patches.kernel.org/5.2.2-016-s390-qdio-re-initialize-tiqdio-list-entries.patch
new file mode 100644
index 0000000000..f328a5fde7
--- /dev/null
+++ b/patches.kernel.org/5.2.2-016-s390-qdio-re-initialize-tiqdio-list-entries.patch
@@ -0,0 +1,84 @@
+From: Julian Wiedmann <jwi@linux.ibm.com>
+Date: Tue, 18 Jun 2019 11:25:59 +0200
+Subject: [PATCH] s390/qdio: (re-)initialize tiqdio list entries
+References: bnc#1012628
+Patch-mainline: 5.2.2
+Git-commit: e54e4785cb5cb4896cf4285964aeef2125612fb2
+
+commit e54e4785cb5cb4896cf4285964aeef2125612fb2 upstream.
+
+When tiqdio_remove_input_queues() removes a queue from the tiq_list as
+part of qdio_shutdown(), it doesn't re-initialize the queue's list entry
+and the prev/next pointers go stale.
+
+If a subsequent qdio_establish() fails while sending the ESTABLISH cmd,
+it calls qdio_shutdown() again in QDIO_IRQ_STATE_ERR state and
+tiqdio_remove_input_queues() will attempt to remove the queue entry a
+second time. This dereferences the stale pointers, and bad things ensue.
+Fix this by re-initializing the list entry after removing it from the
+list.
+
+For good practice also initialize the list entry when the queue is first
+allocated, and remove the quirky checks that papered over this omission.
+Note that prior to
+commit e521813468f7 ("s390/qdio: fix access to uninitialized qdio_q fields"),
+these checks were bogus anyway.
+
+setup_queues_misc() clears the whole queue struct, and thus needs to
+re-init the prev/next pointers as well.
+
+Fixes: 779e6e1c724d ("[S390] qdio: new qdio driver.")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/s390/cio/qdio_setup.c | 2 ++
+ drivers/s390/cio/qdio_thinint.c | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/s390/cio/qdio_setup.c b/drivers/s390/cio/qdio_setup.c
+index 99d7d2566a3a..d4101cecdc8d 100644
+--- a/drivers/s390/cio/qdio_setup.c
++++ b/drivers/s390/cio/qdio_setup.c
+@@ -150,6 +150,7 @@ static int __qdio_allocate_qs(struct qdio_q **irq_ptr_qs, int nr_queues)
+ return -ENOMEM;
+ }
+ irq_ptr_qs[i] = q;
++ INIT_LIST_HEAD(&q->entry);
+ }
+ return 0;
+ }
+@@ -178,6 +179,7 @@ static void setup_queues_misc(struct qdio_q *q, struct qdio_irq *irq_ptr,
+ q->mask = 1 << (31 - i);
+ q->nr = i;
+ q->handler = handler;
++ INIT_LIST_HEAD(&q->entry);
+ }
+
+ static void setup_storage_lists(struct qdio_q *q, struct qdio_irq *irq_ptr,
+diff --git a/drivers/s390/cio/qdio_thinint.c b/drivers/s390/cio/qdio_thinint.c
+index 28d59ac2204c..07264bd9ad0b 100644
+--- a/drivers/s390/cio/qdio_thinint.c
++++ b/drivers/s390/cio/qdio_thinint.c
+@@ -87,14 +87,14 @@ void tiqdio_remove_input_queues(struct qdio_irq *irq_ptr)
+ struct qdio_q *q;
+
+ q = irq_ptr->input_qs[0];
+- /* if establish triggered an error */
+- if (!q || !q->entry.prev || !q->entry.next)
++ if (!q)
+ return;
+
+ mutex_lock(&tiq_list_lock);
+ list_del_rcu(&q->entry);
+ mutex_unlock(&tiq_list_lock);
+ synchronize_rcu();
++ INIT_LIST_HEAD(&q->entry);
+ }
+
+ static inline int has_multiple_inq_on_dsci(struct qdio_irq *irq_ptr)
+--
+2.22.0
+
diff --git a/series.conf b/series.conf
index 91964688a6..d761caf063 100644
--- a/series.conf
+++ b/series.conf
@@ -103,6 +103,7 @@
patches.kernel.org/5.2.2-013-ARC-hide-unused-function-unw_hdr_alloc.patch
patches.kernel.org/5.2.2-014-s390-ipl-Fix-detection-of-has_secure-attribute.patch
patches.kernel.org/5.2.2-015-s390-fix-stfle-zero-padding.patch
+ patches.kernel.org/5.2.2-016-s390-qdio-re-initialize-tiqdio-list-entries.patch
########################################################
# Build fixes that apply to the vanilla kernel too.