iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b387e9b58679c60f5b1e4313939bd4878204fc37
linux/drivers/md
History
Coly Li b387e9b586 bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() 
When system memory is in heavy pressure, bch_gc_thread_start() from
run_cache_set() may fail due to out of memory. In such condition,
c->gc_thread is assigned to -ENOMEM, not NULL pointer. Then in following
failure code path bch_cache_set_error(), when cache_set_flush() gets
called, the code piece to stop c->gc_thread is broken,
         if (!IS_ERR_OR_NULL(c->gc_thread))
                 kthread_stop(c->gc_thread);

And KASAN catches such NULL pointer deference problem, with the warning
information:

[  561.207881] ==================================================================
[  561.207900] BUG: KASAN: null-ptr-deref in kthread_stop+0x3b/0x440
[  561.207904] Write of size 4 at addr 000000000000001c by task kworker/15:1/313

[  561.207913] CPU: 15 PID: 313 Comm: kworker/15:1 Tainted: G        W         5.0.0-vanilla+ #3
[  561.207916] Hardware name: Lenovo ThinkSystem SR650 -[7X05CTO1WW]-/-[7X05CTO1WW]-, BIOS -[IVE136T-2.10]- 03/22/2019
[  561.207935] Workqueue: events cache_set_flush [bcache]
[  561.207940] Call Trace:
[  561.207948]  dump_stack+0x9a/0xeb
[  561.207955]  ? kthread_stop+0x3b/0x440
[  561.207960]  ? kthread_stop+0x3b/0x440
[  561.207965]  kasan_report+0x176/0x192
[  561.207973]  ? kthread_stop+0x3b/0x440
[  561.207981]  kthread_stop+0x3b/0x440
[  561.207995]  cache_set_flush+0xd4/0x6d0 [bcache]
[  561.208008]  process_one_work+0x856/0x1620
[  561.208015]  ? find_held_lock+0x39/0x1d0
[  561.208028]  ? drain_workqueue+0x380/0x380
[  561.208048]  worker_thread+0x87/0xb80
[  561.208058]  ? __kthread_parkme+0xb6/0x180
[  561.208067]  ? process_one_work+0x1620/0x1620
[  561.208072]  kthread+0x326/0x3e0
[  561.208079]  ? kthread_create_worker_on_cpu+0xc0/0xc0
[  561.208090]  ret_from_fork+0x3a/0x50
[  561.208110] ==================================================================
[  561.208113] Disabling lock debugging due to kernel taint
[  561.208115] irq event stamp: 11800231
[  561.208126] hardirqs last  enabled at (11800231): [<ffffffff83008538>] do_syscall_64+0x18/0x410
[  561.208127] BUG: unable to handle kernel NULL pointer dereference at 000000000000001c
[  561.208129] #PF error: [WRITE]
[  561.312253] hardirqs last disabled at (11800230): [<ffffffff830052ff>] trace_hardirqs_off_thunk+0x1a/0x1c
[  561.312259] softirqs last  enabled at (11799832): [<ffffffff850005c7>] __do_softirq+0x5c7/0x8c3
[  561.405975] PGD 0 P4D 0
[  561.442494] softirqs last disabled at (11799821): [<ffffffff831add2c>] irq_exit+0x1ac/0x1e0
[  561.791359] Oops: 0002 [#1] SMP KASAN NOPTI
[  561.791362] CPU: 15 PID: 313 Comm: kworker/15:1 Tainted: G    B   W         5.0.0-vanilla+ #3
[  561.791363] Hardware name: Lenovo ThinkSystem SR650 -[7X05CTO1WW]-/-[7X05CTO1WW]-, BIOS -[IVE136T-2.10]- 03/22/2019
[  561.791371] Workqueue: events cache_set_flush [bcache]
[  561.791374] RIP: 0010:kthread_stop+0x3b/0x440
[  561.791376] Code: 00 00 65 8b 05 26 d5 e0 7c 89 c0 48 0f a3 05 ec aa df 02 0f 82 dc 02 00 00 4c 8d 63 20 be 04 00 00 00 4c 89 e7 e8 65 c5 53 00 <f0> ff 43 20 48 8d 7b 24 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48
[  561.791377] RSP: 0018:ffff88872fc8fd10 EFLAGS: 00010286
[  561.838895] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  561.838916] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  561.838934] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  561.838948] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  561.838966] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  561.838979] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  561.838996] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  563.067028] RAX: 0000000000000000 RBX: fffffffffffffffc RCX: ffffffff832dd314
[  563.067030] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000297
[  563.067032] RBP: ffff88872fc8fe88 R08: fffffbfff0b8213d R09: fffffbfff0b8213d
[  563.067034] R10: 0000000000000001 R11: fffffbfff0b8213c R12: 000000000000001c
[  563.408618] R13: ffff88dc61cc0f68 R14: ffff888102b94900 R15: ffff88dc61cc0f68
[  563.408620] FS:  0000000000000000(0000) GS:ffff888f7dc00000(0000) knlGS:0000000000000000
[  563.408622] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  563.408623] CR2: 000000000000001c CR3: 0000000f48a1a004 CR4: 00000000007606e0
[  563.408625] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  563.408627] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  563.904795] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  563.915796] PKRU: 55555554
[  563.915797] Call Trace:
[  563.915807]  cache_set_flush+0xd4/0x6d0 [bcache]
[  563.915812]  process_one_work+0x856/0x1620
[  564.001226] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  564.033563]  ? find_held_lock+0x39/0x1d0
[  564.033567]  ? drain_workqueue+0x380/0x380
[  564.033574]  worker_thread+0x87/0xb80
[  564.062823] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  564.118042]  ? __kthread_parkme+0xb6/0x180
[  564.118046]  ? process_one_work+0x1620/0x1620
[  564.118048]  kthread+0x326/0x3e0
[  564.118050]  ? kthread_create_worker_on_cpu+0xc0/0xc0
[  564.167066] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  564.252441]  ret_from_fork+0x3a/0x50
[  564.252447] Modules linked in: msr rpcrdma sunrpc rdma_ucm ib_iser ib_umad rdma_cm ib_ipoib i40iw configfs iw_cm ib_cm libiscsi scsi_transport_iscsi mlx4_ib ib_uverbs mlx4_en ib_core nls_iso8859_1 nls_cp437 vfat fat intel_rapl skx_edac x86_pkg_temp_thermal coretemp iTCO_wdt iTCO_vendor_support crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ses raid0 aesni_intel cdc_ether enclosure usbnet ipmi_ssif joydev aes_x86_64 i40e scsi_transport_sas mii bcache md_mod crypto_simd mei_me ioatdma crc64 ptp cryptd pcspkr i2c_i801 mlx4_core glue_helper pps_core mei lpc_ich dca wmi ipmi_si ipmi_devintf nd_pmem dax_pmem nd_btt ipmi_msghandler device_dax pcc_cpufreq button hid_generic usbhid mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect xhci_pci sysimgblt fb_sys_fops xhci_hcd ttm megaraid_sas drm usbcore nfit libnvdimm sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua efivarfs
[  564.299390] bcache: bch_count_io_errors() nvme0n1: IO error on writing btree.
[  564.348360] CR2: 000000000000001c
[  564.348362] ---[ end trace b7f0e5cc7b2103b0 ]---

Therefore, it is not enough to only check whether c->gc_thread is NULL,
we should use IS_ERR_OR_NULL() to check both NULL pointer and error
value.

This patch changes the above buggy code piece in this way,
         if (!IS_ERR_OR_NULL(c->gc_thread))
                 kthread_stop(c->gc_thread);

Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-06-28 07:39:13 -06:00
..
bcache
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
2019-06-28 07:39:13 -06:00
persistent-data
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
dm-bio-prison-v1.c
dm: adjust structure members to improve alignment
2018-06-08 11:53:14 -04:00
dm-bio-prison-v1.h
block: switch bios to blk_status_t
2017-06-09 09:27:32 -06:00
dm-bio-prison-v2.c
dm: adjust structure members to improve alignment
2018-06-08 11:53:14 -04:00
dm-bio-prison-v2.h
dm-bio-record.h
block: replace bi_bdev with a gendisk pointer and partitions index
2017-08-23 12:49:55 -06:00
dm-bufio.c
dm bufio: Simplify stack trace retrieval
2019-04-29 12:37:52 +02:00
dm-builtin.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dm-cache-background-tracker.c
dm cache background tracker: fix sparse warning
2018-04-30 15:40:40 -04:00
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c
dm cache metadata: Fix loading discard bitset
2019-04-18 16:18:25 -04:00
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c
dm: remove unnecessary unlikely() around WARN_ON_ONCE()
2018-10-16 14:34:59 -04:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c
dm cache: add support for discard passdown to the origin device
2019-03-05 14:53:52 -05:00
dm-core.h
dm: disable DISCARD if the underlying storage no longer supports it
2019-04-04 15:33:59 -04:00
dm-crypt.c
Merge tag 'for-5.2/dm-changes-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
2019-05-16 15:55:48 -07:00
dm-delay.c
dm delay: fix a crash when invalid device is specified
2019-04-26 11:29:32 -04:00
dm-dust.c
dm dust: Make dm_dust_init and dm_dust_exit static
2019-05-07 16:05:07 -04:00
dm-era-target.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
dm-exception-store.c
dm-exception-store.h
Merge tag 'for-5.2/dm-changes-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
2019-05-16 15:55:48 -07:00
dm-flakey.c
dm flakey: Properly corrupt multi-page bios.
2018-12-18 09:02:27 -05:00
dm-init.c
dm init: fix max devices/targets checks
2019-04-30 16:51:23 -04:00
dm-integrity.c
Merge tag 'for-5.2/dm-changes-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
2019-05-16 15:55:48 -07:00
dm-io.c
dm: Use kzalloc for all structs with embedded biosets/mempools
2018-06-05 08:47:43 -06:00
dm-ioctl.c
dm ioctl: fix hang in early create error condition
2019-05-16 09:52:06 -04:00
dm-kcopyd.c
dm kcopyd: Fix bug causing workqueue stalls
2018-12-18 09:02:26 -05:00
dm-linear.c
dm: Check for device sector overflow if CONFIG_LBDAF is not set
2018-12-18 09:02:26 -05:00
dm-log-userspace-base.c
dm: convert to bioset_init()/mempool_init()
2018-05-30 15:33:32 -06:00
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c
dax: Introduce a ->copy_to_iter dax operation
2018-05-22 23:18:31 -07:00
dm-log.c
dm-mpath.c
dm mpath: always free attached_handler_name in parse_path()
2019-04-30 16:51:30 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-queue-length.c
dm mpath selector: more evenly distribute ties
2018-01-29 13:44:58 -05:00
dm-raid1.c
dm: Check for device sector overflow if CONFIG_LBDAF is not set
2018-12-18 09:02:26 -05:00
dm-raid.c
dm: eliminate 'split_discard_bios' flag from DM target interface
2019-02-20 23:24:55 -05:00
dm-region-hash.c
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-12 18:28:00 -07:00
dm-round-robin.c
dm-rq.c
dm mpath: fix missing call of path selector type->end_io
2019-04-25 15:38:52 -04:00
dm-rq.h
dm: remove unused _rq_tio_cache and _rq_cache
2019-03-05 14:48:50 -05:00
dm-service-time.c
dm mpath selector: more evenly distribute ties
2018-01-29 13:44:58 -05:00
dm-snap-persistent.c
dm bufio: move dm-bufio.h to include/linux/
2018-04-03 15:04:23 -04:00
dm-snap-transient.c
dm-snap.c
dm snapshot: Use fine-grained locking scheme
2019-04-18 16:18:30 -04:00
dm-stats.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
dm-stats.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dm-stripe.c
dax: Introduce a ->copy_to_iter dax operation
2018-05-22 23:18:31 -07:00
dm-switch.c
dm switch: use struct_size() in kzalloc()
2019-03-05 14:48:51 -05:00
dm-sysfs.c
dm: remove legacy request-based IO path
2018-10-11 11:36:09 -04:00
dm-table.c
dax: Arrange for dax_supported check to span multiple devices
2019-05-20 15:02:08 -07:00
dm-target.c
dm mpath: fix missing call of path selector type->end_io
2019-04-25 15:38:52 -04:00
dm-thin-metadata.c
dm thin metadata: do not write metadata if no changes occurred
2019-04-18 16:18:34 -04:00
dm-thin-metadata.h
dm thin: fix passdown_double_checking_shared_status()
2019-01-15 16:10:41 -05:00
dm-thin.c
dm thin: add sanity checks to thin-pool and external snapshot creation
2019-03-05 14:53:49 -05:00
dm-uevent.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
dm-uevent.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
dm-unstripe.c
dm: Check for device sector overflow if CONFIG_LBDAF is not set
2018-12-18 09:02:26 -05:00
dm-verity-fec.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
dm-verity-fec.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
dm-verity-target.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
dm-verity.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
dm-writecache.c
dm writecache: avoid unnecessary lookups in writecache_find_entry()
2019-04-26 11:48:03 -04:00
dm-zero.c
dm: don't return errnos from ->map
2017-06-09 09:27:32 -06:00
dm-zoned-metadata.c
dm zoned: Fix zone report handling
2019-04-18 16:17:58 -04:00
dm-zoned-reclaim.c
dm kcopyd: return void from dm_kcopyd_copy()
2018-07-31 17:33:21 -04:00
dm-zoned-target.c
dm zoned: Silence a static checker warning
2019-04-18 16:16:01 -04:00
dm-zoned.h
dm zoned: drive-managed zoned block device target
2017-06-19 11:05:20 -04:00
dm.c
Merge tag 'libnvdimm-fixes-5.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2019-05-25 10:11:23 -07:00
dm.h
dax: Arrange for dax_supported check to span multiple devices
2019-05-20 15:02:08 -07:00
Kconfig
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Makefile
dm: add dust target
2019-04-30 16:37:19 -04:00
md-bitmap.c
md-bitmap: create and destroy wb_info_pool with the change of bitmap
2019-06-20 16:36:00 -07:00
md-bitmap.h
md: Avoid namespace collision with bitmap API
2018-08-01 15:49:39 -07:00
md-cluster.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 45
2019-05-24 17:27:12 +02:00
md-cluster.h
md-cluster: introduce resync_info_get interface for sanity check
2018-10-18 09:36:35 -07:00
md-faulty.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47
2019-05-24 17:27:13 +02:00
md-linear.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47
2019-05-24 17:27:13 +02:00
md-linear.h
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
2017-11-14 16:07:26 -08:00
md-multipath.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47
2019-05-24 17:27:13 +02:00
md-multipath.h
md: convert to bioset_init()/mempool_init()
2018-05-30 15:33:32 -06:00
md.c
md: add bitmap_abort label in md_run
2019-06-20 16:36:00 -07:00
md.h
md: introduce mddev_create/destroy_wb_pool for the change of member device
2019-06-20 16:36:00 -07:00
raid0.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47
2019-05-24 17:27:13 +02:00
raid0.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
raid1-10.c
md: raid1-10: Unify r{1,10}bio_pool_free
2019-06-15 01:37:35 -06:00
raid1.c
md/raid1: Fix a warning message in remove_wb()
2019-06-26 12:18:48 -07:00
raid1.h
md: convert to bioset_init()/mempool_init()
2018-05-30 15:33:32 -06:00
raid5-cache.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
raid5-log.h
raid5: set write hint for PPL
2019-03-12 10:15:18 -07:00
raid5-ppl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
raid5.c
block: remove the bi_phys_segments field in struct bio
2019-06-20 10:29:22 -06:00
raid5.h
md: convert to kvmalloc
2019-03-12 10:04:02 -07:00
raid10.c
md/raid10: read balance chooses idlest disk for SSD
2019-06-15 01:37:35 -06:00
raid10.h
md: convert to bioset_init()/mempool_init()
2018-05-30 15:33:32 -06:00