[6.17]NVIDIA: VR: SAUCE: firmware: smccc: lfa: fix work item re-initialization race#343
[6.17]NVIDIA: VR: SAUCE: firmware: smccc: lfa: fix work item re-initialization race#343nirmoy wants to merge 1 commit intoNVIDIA:24.04_linux-nvidia-6.17-nextfrom
Conversation
…ion race Move INIT_WORK() for fw_images_update_work from update_fw_images_tree() to lfa_init() so the work item is initialized once at module load rather than re-initialized on every firmware image tree update. Re-initializing a work item that may already be queued is unsafe and can corrupt the workqueue. Add flush_workqueue() in lfa_notify_handler() before rescanning the image list to ensure any pending remove_invalid_fw_images work completes first, preventing use-after-free on the image list. Fixes: 1dd9a8f ("NVIDIA: VR: SAUCE: firmware: smccc: add support for Live Firmware Activation (LFA)") Signed-off-by: Nirmoy Das <nirmoyd@nvidia.com>
nirmoy
changed the title
clsotog
left a comment
clsotog
left a comment
There was a problem hiding this comment.
Acked-by: Carol L Soto <csoto@nvidia.com>
|
@nirmoy I agree this fixes the issue, but the usage convention seems a bit awkward with the single global work struct. Basically, if anyone calls update_fw_images_tree() they need to ensure the workqueue is flushed before calling again. Maybe it would be cleaner to dynamically allocate the work struct in update_fw_images_tree(), INIT/enqueue it, and then free in the handler? Then we don't need to "serialize" the flushes and calling update_fw_images_tree(). Of course, the downside to that approach is what to do if the kmalloc fails... |
Nirmoy and I met and reviewed his proposed changes and the workqueue API, specifically queue_work(). That service is tolerant of the work item already residing in the list, so I no longer have a concern about the usage convention. The key change that is being made via this PR is moving INIT_WORK to the init() path so that it is only invoked once. |
nvmochs
left a comment
nvmochs
left a comment
There was a problem hiding this comment.
No further issues or concerns from me.
Acked-by: Matthew R. Ochs <mochs@nvidia.com>
|
PR sent to Canonical. |
|
this PR is a fix for real bug I encountered Acked |
4 participants
Move INIT_WORK() for fw_images_update_work from update_fw_images_tree() to lfa_init() so the work item is initialized once at module load rather than re-initialized on every firmware image tree update. Re-initializing a work item that may already be queued is unsafe and can corrupt the workqueue.
Add flush_workqueue() in lfa_notify_handler() before rescanning the image list to ensure any pending remove_invalid_fw_images work completes first, preventing use-after-free on the image list.
Fixes: 1dd9a8f ("NVIDIA: VR: SAUCE: firmware: smccc: add support for Live Firmware Activation (LFA)")
LP: https://bugs.launchpad.net/ubuntu/+source/linux-nvidia/+bug/2138342