CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme-fc: do not wait in vain when unloading module<br /> <br /> The module exit path has race between deleting all controllers and<br /> freeing &amp;#39;left over IDs&amp;#39;. To prevent double free a synchronization<br /> between nvme_delete_ctrl and ida_destroy has been added by the initial<br /> commit.<br /> <br /> There is some logic around trying to prevent from hanging forever in<br /> wait_for_completion, though it does not handling all cases. E.g.<br /> blktests is able to reproduce the situation where the module unload<br /> hangs forever.<br /> <br /> If we completely rely on the cleanup code executed from the<br /> nvme_delete_ctrl path, all IDs will be freed eventually. This makes<br /> calling ida_destroy unnecessary. We only have to ensure that all<br /> nvme_delete_ctrl code has been executed before we leave<br /> nvme_fc_exit_module. This is done by flushing the nvme_delete_wq<br /> workqueue.<br /> <br /> While at it, remove the unused nvme_fc_wq workqueue too.