iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/block
History
Andrea Righi 3e6e11f853 blk-wbt: prevent NULL pointer dereference in wb_timer_fn 
[ Upstream commit 480d42dc001bbfe953825a92073012fcd5a99161 ]

The timer callback used to evaluate if the latency is exceeded can be
executed after the corresponding disk has been released, causing the
following NULL pointer dereference:

[ 119.987108] BUG: kernel NULL pointer dereference, address: 0000000000000098
[ 119.987617] #PF: supervisor read access in kernel mode
[ 119.987971] #PF: error_code(0x0000) - not-present page
[ 119.988325] PGD 7c4a4067 P4D 7c4a4067 PUD 7bf63067 PMD 0
[ 119.988697] Oops: 0000 [#1] SMP NOPTI
[ 119.988959] CPU: 1 PID: 9353 Comm: cloud-init Not tainted 5.15-rc5+arighi #rc5+arighi
[ 119.989520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 119.990055] RIP: 0010:wb_timer_fn+0x44/0x3c0
[ 119.990376] Code: 41 8b 9c 24 98 00 00 00 41 8b 94 24 b8 00 00 00 41 8b 84 24 d8 00 00 00 4d 8b 74 24 28 01 d3 01 c3 49 8b 44 24 60 48 8b 40 78 <4c> 8b b8 98 00 00 00 4d 85 f6 0f 84 c4 00 00 00 49 83 7c 24 30 00
[ 119.991578] RSP: 0000:ffffb5f580957da8 EFLAGS: 00010246
[ 119.991937] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004
[ 119.992412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88f476d7f780
[ 119.992895] RBP: ffffb5f580957dd0 R08: 0000000000000000 R09: 0000000000000000
[ 119.993371] R10: 0000000000000004 R11: 0000000000000002 R12: ffff88f476c84500
[ 119.993847] R13: ffff88f4434390c0 R14: 0000000000000000 R15: ffff88f4bdc98c00
[ 119.994323] FS: 00007fb90bcd9c00(0000) GS:ffff88f4bdc80000(0000) knlGS:0000000000000000
[ 119.994952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.995380] CR2: 0000000000000098 CR3: 000000007c0d6000 CR4: 00000000000006e0
[ 119.995906] Call Trace:
[ 119.996130] ? blk_stat_free_callback_rcu+0x30/0x30
[ 119.996505] blk_stat_timer_fn+0x138/0x140
[ 119.996830] call_timer_fn+0x2b/0x100
[ 119.997136] __run_timers.part.0+0x1d1/0x240
[ 119.997470] ? kvm_clock_get_cycles+0x11/0x20
[ 119.997826] ? ktime_get+0x3e/0xa0
[ 119.998110] ? native_apic_msr_write+0x2c/0x30
[ 119.998456] ? lapic_next_event+0x20/0x30
[ 119.998779] ? clockevents_program_event+0x94/0xf0
[ 119.999150] run_timer_softirq+0x2a/0x50
[ 119.999465] __do_softirq+0xcb/0x26f
[ 119.999764] irq_exit_rcu+0x8c/0xb0
[ 120.000057] sysvec_apic_timer_interrupt+0x43/0x90
[ 120.000429] ? asm_sysvec_apic_timer_interrupt+0xa/0x20
[ 120.000836] asm_sysvec_apic_timer_interrupt+0x12/0x20

In this case simply return from the timer callback (no action
required) to prevent the NULL pointer dereference.

BugLink: https://bugs.launchpad.net/bugs/1947557
Link: https://lore.kernel.org/linux-mm/YWRNVTk9N8K0RMst@arighi-desktop/
Fixes: 34dbad5d26e2 ("blk-stat: convert to callback-based statistics reporting")
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Link: https://lore.kernel.org/r/YW6N2qXpBU3oc50q@arighi-desktop
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 19:16:34 +01:00
..
partitions
block: fix incorrect references to disk objects
2021-10-18 11:20:38 -06:00
badblocks.c
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
bdev.c
block: genhd: fix double kfree() in __alloc_disk_node()
2021-10-02 07:29:20 -06:00
bfq-cgroup.c
block, bfq: reset last_bfqq_created on group change
2021-10-17 07:03:02 -06:00
bfq-iosched.c
Revert "block, bfq: honor already-setup queue merges"
2021-09-28 06:33:15 -06:00
bfq-iosched.h
block, bfq: cleanup the repeated declaration
2021-08-25 06:45:33 -06:00
bfq-wf2q.c
block: Introduce IOPRIO_NR_LEVELS
2021-08-18 07:21:12 -06:00
bio-integrity.c
block: use bvec_virt in bio_integrity_{process,free}
2021-08-16 10:50:32 -06:00
bio.c
block: don't call rq_qos_ops->done_bio if the bio isn't tracked
2021-09-24 11:04:39 -06:00
blk-cgroup-rwstat.c
blk-cgroup: Fix the recursive blkg rwstat
2021-03-05 11:32:15 -07:00
blk-cgroup-rwstat.h
blk-cgroup: separate out blkg_rwstat under CONFIG_BLK_CGROUP_RWSTAT
2019-11-07 12:28:13 -07:00
blk-cgroup.c
blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu
2021-10-17 10:40:10 -06:00
blk-core.c
block: drain file system I/O on del_gendisk
2021-10-15 21:02:50 -06:00
blk-crypto-fallback.c
block: rename BIO_MAX_PAGES to BIO_MAX_VECS
2021-03-11 07:47:48 -07:00
blk-crypto-internal.h
block: make blk_crypto_rq_bio_prep() able to fail
2020-10-05 10:47:43 -06:00
blk-crypto.c
blk-crypto: fix check for too-large dun_bytes
2021-08-25 06:45:00 -06:00
blk-exec.c
block: return errors from blk_execute_rq()
2021-06-30 15:35:45 -06:00
blk-flush.c
blk-mq: fix is_flush_rq
2021-08-17 20:17:34 -06:00
blk-integrity.c
block: flush the integrity workqueue in blk_integrity_unregister
2021-09-14 20:03:30 -06:00
blk-ioc.c
block: remove retry loop in ioc_release_fn()
2020-07-16 10:22:15 -06:00
blk-iocost.c
for-5.15/block-2021-08-30
2021-08-30 18:52:11 -07:00
blk-iolatency.c
for-5.15/block-2021-08-30
2021-08-30 18:52:11 -07:00
blk-ioprio.c
block: Introduce the ioprio rq-qos policy
2021-06-21 15:03:40 -06:00
blk-ioprio.h
block: Introduce the ioprio rq-qos policy
2021-06-21 15:03:40 -06:00
blk-lib.c
block: export blk_next_bio()
2021-06-17 15:51:20 +02:00
blk-map.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
blk-merge.c
io_uring-bio-cache.5-2021-08-30
2021-08-30 19:30:30 -07:00
blk-mq-cpumap.c
blk-mq: remove the calling of local_memory_node()
2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
block: Cleanup license notice
2019-01-17 21:21:40 -07:00
blk-mq-debugfs.c
block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output
2021-10-04 06:58:39 -06:00
blk-mq-debugfs.h
blk-mq: no need to check return value of debugfs_create functions
2019-06-13 03:00:30 -06:00
blk-mq-pci.c
block: Fix blk_mq_*_map_queues() kernel-doc headers
2019-05-31 15:12:34 -06:00
blk-mq-rdma.c
block: Fix blk_mq_*_map_queues() kernel-doc headers
2019-05-31 15:12:34 -06:00
blk-mq-sched.c
blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
2021-07-27 16:44:38 -06:00
blk-mq-sched.h
blk: Fix lock inversion between ioc lock and bfqd lock
2021-06-24 18:43:55 -06:00
blk-mq-sysfs.c
block: remove blk-mq-sysfs dead code
2021-08-02 13:37:29 -06:00
blk-mq-tag.c
blk-mq: avoid to iterate over stale request
2021-09-12 19:32:43 -06:00
blk-mq-tag.h
blk-mq: Some tag allocation code refactoring
2021-05-24 06:47:22 -06:00
blk-mq-virtio.c
blk-mq: Fix typo in comment
2020-03-17 20:55:21 +01:00
blk-mq.c
block: remove inaccurate requeue check
2021-11-18 19:16:17 +01:00
blk-mq.h
blk: Fix lock inversion between ioc lock and bfqd lock
2021-06-24 18:43:55 -06:00
blk-pm.c
scsi: block: Fix a race in the runtime power management code
2020-12-09 11:41:41 -05:00
blk-pm.h
block: Remove unused blk_pm_*() function definitions
2021-02-22 06:33:48 -07:00
blk-rq-qos.c
rq-qos: fix missed wake-ups in rq_qos_throttle try two
2021-06-08 15:12:57 -06:00
blk-rq-qos.h
block: Introduce the ioprio rq-qos policy
2021-06-21 15:03:40 -06:00
blk-settings.c
block: Fix partition check for host-aware zoned block devices
2021-10-27 06:58:01 -06:00
blk-stat.c
blk-stat: make q->stats->lock irqsafe
2020-09-01 16:48:46 -06:00
blk-stat.h
block: deactivate blk_stat timer in wbt_disable_default()
2018-12-12 06:47:51 -07:00
blk-sysfs.c
block: call blk_register_queue earlier in device_add_disk
2021-08-23 12:55:45 -06:00
blk-throttle.c
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
2021-09-07 08:36:56 -06:00
blk-timeout.c
block: blk-timeout: delete duplicated word
2020-07-31 16:29:47 -06:00
blk-wbt.c
blk-wbt: prevent NULL pointer dereference in wb_timer_fn
2021-11-18 19:16:34 +01:00
blk-wbt.h
blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
2021-06-21 15:03:41 -06:00
blk-zoned.c
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
2021-08-24 10:12:36 -06:00
blk.h
block: bump max plugged deferred size from 16 to 32
2021-11-18 19:16:16 +01:00
bounce.c
block: use memcpy_from_bvec in __blk_queue_bounce
2021-08-02 13:37:28 -06:00
bsg-lib.c
scsi: bsg-lib: Fix commands without data transfer in bsg_transport_sg_io_fn()
2021-08-01 13:21:40 -04:00
bsg.c
scsi: bsg: Fix device unregistration
2021-09-14 00:22:15 -04:00
disk-events.c
block: return errors from disk_alloc_events
2021-08-23 12:55:45 -06:00
elevator.c
block: return ELEVATOR_DISCARD_MERGE if possible
2021-08-09 14:37:47 -06:00
fops.c
block: hold ->invalidate_lock in blkdev_fallocate
2021-09-24 11:06:58 -06:00
genhd.c
block: drain queue after disk is removed from sysfs
2021-10-26 08:44:38 -06:00
holder.c
block: add back the bd_holder_dir reference in bd_link_disk_holder
2021-08-20 21:14:26 -06:00
ioctl.c
block: pass a gendisk to bdev_resize_partition
2021-08-12 10:31:36 -06:00
ioprio.c
block: fix default IO priority handling
2021-08-18 07:23:15 -06:00
Kconfig
SCSI misc on 20210902
2021-09-02 15:09:46 -07:00
Kconfig.iosched
Revert "block/mq-deadline: Add cgroup support"
2021-08-11 13:47:26 -06:00
keyslot-manager.c
- Fix DM integrity's HMAC support to provide enhanced security of
2021-02-22 10:22:54 -08:00
kyber-iosched.c
kyber: avoid q->disk dereferences in trace points
2021-10-15 21:02:57 -06:00
Makefile
block-5.15-2021-09-11
2021-09-11 10:19:51 -07:00
mq-deadline.c
block/mq-deadline: Move dd_queued() to fix defined but not used warning
2021-09-02 06:34:45 -06:00
opal_proto.h
block: sed-opal: Change the check condition for regular session validity
2020-03-12 08:00:10 -06:00
sed-opal.c
block: sed-opal: Change the check condition for regular session validity
2020-03-12 08:00:10 -06:00
t10-pi.c
block: use bvec_kmap_local in t10_pi_type1_{prepare,complete}
2021-08-02 13:37:28 -06:00