From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tang Junhui <tang.junhui@zte.com.cn>,
Marc MERLIN <marc@merlins.org>, Michael Lyle <mlyle@lyle.org>,
Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 4.9 26/86] bcache: fix crashes in duplicate cache device register
Date: Fri, 16 Mar 2018 16:22:49 +0100 [thread overview]
Message-ID: <20180316152319.172540900@linuxfoundation.org> (raw)
In-Reply-To: <20180316152317.167709497@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui@zte.com.cn>
commit cc40daf91bdddbba72a4a8cd0860640e06668309 upstream.
Kernel crashed when register a duplicate cache device, the call trace is
bellow:
[ 417.643790] CPU: 1 PID: 16886 Comm: bcache-register Tainted: G
W OE 4.15.5-amd64-preempt-sysrq-20171018 #2
[ 417.643861] Hardware name: LENOVO 20ERCTO1WW/20ERCTO1WW, BIOS
N1DET41W (1.15 ) 12/31/2015
[ 417.643870] RIP: 0010:bdevname+0x13/0x1e
[ 417.643876] RSP: 0018:ffffa3aa9138fd38 EFLAGS: 00010282
[ 417.643884] RAX: 0000000000000000 RBX: ffff8c8f2f2f8000 RCX: ffffd6701f8
c7edf
[ 417.643890] RDX: ffffa3aa9138fd88 RSI: ffffa3aa9138fd88 RDI: 00000000000
00000
[ 417.643895] RBP: ffffa3aa9138fde0 R08: ffffa3aa9138fae8 R09: 00000000000
1850e
[ 417.643901] R10: ffff8c8eed34b271 R11: ffff8c8eed34b250 R12: 00000000000
00000
[ 417.643906] R13: ffffd6701f78f940 R14: ffff8c8f38f80000 R15: ffff8c8ea7d
90000
[ 417.643913] FS: 00007fde7e66f500(0000) GS:ffff8c8f61440000(0000) knlGS:
0000000000000000
[ 417.643919] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 417.643925] CR2: 0000000000000314 CR3: 00000007e6fa0001 CR4: 00000000003
606e0
[ 417.643931] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000
00000
[ 417.643938] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000
00400
[ 417.643946] Call Trace:
[ 417.643978] register_bcache+0x1117/0x1270 [bcache]
[ 417.643994] ? slab_pre_alloc_hook+0x15/0x3c
[ 417.644001] ? slab_post_alloc_hook.isra.44+0xa/0x1a
[ 417.644013] ? kernfs_fop_write+0xf6/0x138
[ 417.644020] kernfs_fop_write+0xf6/0x138
[ 417.644031] __vfs_write+0x31/0xcc
[ 417.644043] ? current_kernel_time64+0x10/0x36
[ 417.644115] ? __audit_syscall_entry+0xbf/0xe3
[ 417.644124] vfs_write+0xa5/0xe2
[ 417.644133] SyS_write+0x5c/0x9f
[ 417.644144] do_syscall_64+0x72/0x81
[ 417.644161] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 417.644169] RIP: 0033:0x7fde7e1c1974
[ 417.644175] RSP: 002b:00007fff13009a38 EFLAGS: 00000246 ORIG_RAX: 0000000
000000001
[ 417.644183] RAX: ffffffffffffffda RBX: 0000000001658280 RCX: 00007fde7e1c
1974
[ 417.644188] RDX: 000000000000000a RSI: 0000000001658280 RDI: 000000000000
0001
[ 417.644193] RBP: 000000000000000a R08: 0000000000000003 R09: 000000000000
0077
[ 417.644198] R10: 000000000000089e R11: 0000000000000246 R12: 000000000000
0001
[ 417.644203] R13: 000000000000000a R14: 7fffffffffffffff R15: 000000000000
0000
[ 417.644213] Code: c7 c2 83 6f ee 98 be 20 00 00 00 48 89 df e8 6c 27 3b 0
0 48 89 d8 5b c3 0f 1f 44 00 00 48 8b 47 70 48 89 f2 48 8b bf 80 00 00 00 <8
b> b0 14 03 00 00 e9 73 ff ff ff 0f 1f 44 00 00 48 8b 47 40 39
[ 417.644302] RIP: bdevname+0x13/0x1e RSP: ffffa3aa9138fd38
[ 417.644306] CR2: 0000000000000314
When registering duplicate cache device in register_cache(), after failure
on calling register_cache_set(), bch_cache_release() will be called, then
bdev will be freed, so bdevname(bdev, name) caused kernel crash.
Since bch_cache_release() will free bdev, so in this patch we make sure
bdev being freed if register_cache() fail, and do not free bdev again in
register_bcache() when register_cache() fail.
Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
Reported-by: Marc MERLIN <marc@merlins.org>
Tested-by: Michael Lyle <mlyle@lyle.org>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/super.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1182,7 +1182,7 @@ static void register_bdev(struct cache_s
return;
err:
- pr_notice("error opening %s: %s", bdevname(bdev, name), err);
+ pr_notice("error %s: %s", bdevname(bdev, name), err);
bcache_device_stop(&dc->disk);
}
@@ -1853,6 +1853,8 @@ static int register_cache(struct cache_s
const char *err = NULL; /* must be set for any error case */
int ret = 0;
+ bdevname(bdev, name);
+
memcpy(&ca->sb, sb, sizeof(struct cache_sb));
ca->bdev = bdev;
ca->bdev->bd_holder = ca;
@@ -1863,11 +1865,12 @@ static int register_cache(struct cache_s
ca->sb_bio.bi_io_vec[0].bv_page = sb_page;
get_page(sb_page);
- if (blk_queue_discard(bdev_get_queue(ca->bdev)))
+ if (blk_queue_discard(bdev_get_queue(bdev)))
ca->discard = CACHE_DISCARD(&ca->sb);
ret = cache_alloc(ca);
if (ret != 0) {
+ blkdev_put(bdev, FMODE_READ|FMODE_WRITE|FMODE_EXCL);
if (ret == -ENOMEM)
err = "cache_alloc(): -ENOMEM";
else
@@ -1890,14 +1893,14 @@ static int register_cache(struct cache_s
goto out;
}
- pr_info("registered cache device %s", bdevname(bdev, name));
+ pr_info("registered cache device %s", name);
out:
kobject_put(&ca->kobj);
err:
if (err)
- pr_notice("error opening %s: %s", bdevname(bdev, name), err);
+ pr_notice("error %s: %s", name, err);
return ret;
}
@@ -1986,6 +1989,7 @@ static ssize_t register_bcache(struct ko
if (err)
goto err_close;
+ err = "failed to register device";
if (SB_IS_BDEV(sb)) {
struct cached_dev *dc = kzalloc(sizeof(*dc), GFP_KERNEL);
if (!dc)
@@ -2000,7 +2004,7 @@ static ssize_t register_bcache(struct ko
goto err_close;
if (register_cache(sb, sb_page, bdev, ca) != 0)
- goto err_close;
+ goto err;
}
out:
if (sb_page)
@@ -2013,7 +2017,7 @@ out:
err_close:
blkdev_put(bdev, FMODE_READ|FMODE_WRITE|FMODE_EXCL);
err:
- pr_info("error opening %s: %s", path, err);
+ pr_info("error %s: %s", path, err);
ret = -EINVAL;
goto out;
}
next prev parent reply other threads:[~2018-03-16 15:22 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-16 15:22 [PATCH 4.9 00/86] 4.9.88-stable review Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 01/86] RDMA/ucma: Limit possible option size Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 02/86] RDMA/ucma: Check that user doesnt overflow QP state Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 03/86] RDMA/mlx5: Fix integer overflow while resizing CQ Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 04/86] drm/i915: Try EDID bitbanging on HDMI after failed read Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 05/86] scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS Greg Kroah-Hartman
2018-03-16 15:22 ` Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 06/86] drm/i915: Always call to intel_display_set_init_power() in resume_early Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 07/86] workqueue: Allow retrieval of current tasks work struct Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 08/86] drm: Allow determining if current task is output poll worker Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 09/86] drm/nouveau: Fix deadlock on runtime suspend Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 10/86] drm/radeon: " Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 11/86] drm/amdgpu: " Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 12/86] drm/amdgpu: Notify sbios device ready before send request Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 13/86] drm/radeon: fix KV harvesting Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 14/86] drm/amdgpu: " Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 15/86] drm/amdgpu:Correct max uvd handles Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 16/86] drm/amdgpu:Always save uvd vcpu_bo in VM Mode Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 17/86] MIPS: BMIPS: Do not mask IPIs during suspend Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 18/86] MIPS: ath25: Check for kzalloc allocation failure Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 19/86] MIPS: OCTEON: irq: Check for null return on kzalloc allocation Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 20/86] Input: matrix_keypad - fix race when disabling interrupts Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 21/86] loop: Fix lost writes caused by missing flag Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 22/86] virtio_ring: fix num_free handling in error case Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 23/86] KVM: s390: fix memory overwrites when not using SCA entries Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 24/86] kbuild: Handle builtin dtb file names containing hyphens Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 25/86] IB/mlx5: Fix incorrect size of klms in the memory region Greg Kroah-Hartman
2018-03-16 15:22 ` Greg Kroah-Hartman [this message]
2018-03-16 15:22 ` [PATCH 4.9 27/86] bcache: dont attach backing with duplicate UUID Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 29/86] perf tools: Fix trigger class trigger_on() Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 30/86] x86/spectre_v2: Dont check microcode versions when running under hypervisors Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 31/86] ALSA: hda/realtek: Limit mic boost on T480 Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 32/86] ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 33/86] ALSA: hda/realtek - Make dock sound work on ThinkPad L570 Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 34/86] ALSA: seq: Dont allow resizing pool in use Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 35/86] ALSA: seq: More protection for concurrent write and ioctl races Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 36/86] ALSA: hda: add dock and led support for HP EliteBook 820 G3 Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 37/86] ALSA: hda: add dock and led support for HP ProBook 640 G2 Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 38/86] nospec: Kill array_index_nospec_mask_check() Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 39/86] nospec: Include <asm/barrier.h> dependency Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 40/86] Revert "x86/retpoline: Simplify vmexit_fill_RSB()" Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 41/86] x86/speculation: Use IBRS if available before calling into firmware Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 42/86] x86/retpoline: Support retpoline builds with Clang Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 43/86] x86/speculation, objtool: Annotate indirect calls/jumps for objtool Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 44/86] x86/boot, objtool: Annotate indirect jump in secondary_startup_64() Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 45/86] x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 46/86] x86/paravirt, objtool: Annotate indirect calls Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 47/86] watchdog: hpwdt: SMBIOS check Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 48/86] watchdog: hpwdt: Check source of NMI Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 49/86] watchdog: hpwdt: fix unused variable warning Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 50/86] watchdog: hpwdt: Remove legacy NMI sourcing Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 51/86] ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 52/86] Input: tca8418_keypad - remove double read of key event register Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 53/86] [media] tc358743: fix register i2c_rd/wr function fix Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 54/86] netfilter: add back stackpointer size checks Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 55/86] netfilter: x_tables: fix missing timer initialization in xt_LED Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 56/86] netfilter: nat: cope with negative port range Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 57/86] netfilter: IDLETIMER: be syzkaller friendly Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 58/86] netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 59/86] netfilter: bridge: ebt_among: add missing match size checks Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 60/86] netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 61/86] netfilter: x_tables: pass xt_counters struct instead of packet counter Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 62/86] netfilter: x_tables: pass xt_counters struct to counter allocator Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 63/86] netfilter: x_tables: pack percpu counter allocations Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 64/86] ext4: inplace xattr block update fails to deduplicate blocks Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 65/86] ubi: Fix race condition between ubi volume creation and udev Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 66/86] scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 67/86] NFS: Fix an incorrect type in struct nfs_direct_req Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 68/86] NFS: Fix unstable write completion Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 69/86] x86/module: Detect and skip invalid relocations Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 70/86] x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 71/86] ASoC: sgtl5000: Fix suspend/resume Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 72/86] ASoC: rt5651: Fix regcache sync errors on resume Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 73/86] serial: sh-sci: prevent lockup on full TTY buffers Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 74/86] tty/serial: atmel: add new version check for usart Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 75/86] uas: fix comparison for error code Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 76/86] staging: comedi: fix comedi_nsamples_left Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 77/86] staging: android: ashmem: Fix lockdep issue during llseek Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 78/86] USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 79/86] usbip: vudc: fix null pointer dereference on udc->lock Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 80/86] usb: quirks: add control message delay for 1b1c:1b20 Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 81/86] usb: usbmon: Read text within supplied buffer size Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 82/86] usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 83/86] serial: 8250_pci: Add Brainboxes UC-260 4 port serial device Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 84/86] serial: core: mark port as initialized in autoconfig Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 85/86] earlycon: add reg-offset to physical address before mapping Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.9 86/86] PCI: dwc: Fix enumeration end when reaching root subordinate Greg Kroah-Hartman
2018-03-16 23:20 ` [PATCH 4.9 00/86] 4.9.88-stable review kernelci.org bot
2018-03-17 10:18 ` Naresh Kamboju
2018-03-18 10:27 ` Greg Kroah-Hartman
2018-03-20 23:49 ` Ben Hutchings
2018-03-21 13:32 ` Greg Kroah-Hartman
2018-03-21 17:50 ` Naresh Kamboju
2018-03-22 8:19 ` Greg Kroah-Hartman
2018-03-22 17:47 ` Naresh Kamboju
2018-03-17 14:41 ` Guenter Roeck
2018-03-18 10:27 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2018-03-16 15:22 [4.9,28/86] x86/MCE: Serialize sysfs changes Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.9 28/86] " Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180316152319.172540900@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=linux-kernel@vger.kernel.org \
--cc=marc@merlins.org \
--cc=mlyle@lyle.org \
--cc=stable@vger.kernel.org \
--cc=tang.junhui@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.