From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, JiangYu <lnsyyj@hotmail.com>,
Daniel Meyerholt <dxm523@gmail.com>,
Mike Christie <michael.christie@oracle.com>,
Bodo Stroesser <bstroesser@ts.fujitsu.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 22/71] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM
Date: Mon, 24 Aug 2020 10:31:13 +0200 [thread overview]
Message-ID: <20200824082356.994960635@linuxfoundation.org> (raw)
In-Reply-To: <20200824082355.848475917@linuxfoundation.org>
From: Bodo Stroesser <bstroesser@ts.fujitsu.com>
[ Upstream commit 3145550a7f8b08356c8ff29feaa6c56aca12901d ]
This patch fixes the following crash (see
https://bugzilla.kernel.org/show_bug.cgi?id=208045)
Process iscsi_trx (pid: 7496, stack limit = 0x0000000010dd111a)
CPU: 0 PID: 7496 Comm: iscsi_trx Not tainted 4.19.118-0419118-generic
#202004230533
Hardware name: Greatwall QingTian DF720/F601, BIOS 601FBE20 Sep 26 2019
pstate: 80400005 (Nzcv daif +PAN -UAO)
pc : flush_dcache_page+0x18/0x40
lr : is_ring_space_avail+0x68/0x2f8 [target_core_user]
sp : ffff000015123a80
x29: ffff000015123a80 x28: 0000000000000000
x27: 0000000000001000 x26: ffff000023ea5000
x25: ffffcfa25bbe08b8 x24: 0000000000000078
x23: ffff7e0000000000 x22: ffff000023ea5001
x21: ffffcfa24b79c000 x20: 0000000000000fff
x19: ffff7e00008fa940 x18: 0000000000000000
x17: 0000000000000000 x16: ffff2d047e709138
x15: 0000000000000000 x14: 0000000000000000
x13: 0000000000000000 x12: ffff2d047fbd0a40
x11: 0000000000000000 x10: 0000000000000030
x9 : 0000000000000000 x8 : ffffc9a254820a00
x7 : 00000000000013b0 x6 : 000000000000003f
x5 : 0000000000000040 x4 : ffffcfa25bbe08e8
x3 : 0000000000001000 x2 : 0000000000000078
x1 : ffffcfa25bbe08b8 x0 : ffff2d040bc88a18
Call trace:
flush_dcache_page+0x18/0x40
is_ring_space_avail+0x68/0x2f8 [target_core_user]
queue_cmd_ring+0x1f8/0x680 [target_core_user]
tcmu_queue_cmd+0xe4/0x158 [target_core_user]
__target_execute_cmd+0x30/0xf0 [target_core_mod]
target_execute_cmd+0x294/0x390 [target_core_mod]
transport_generic_new_cmd+0x1e8/0x358 [target_core_mod]
transport_handle_cdb_direct+0x50/0xb0 [target_core_mod]
iscsit_execute_cmd+0x2b4/0x350 [iscsi_target_mod]
iscsit_sequence_cmd+0xd8/0x1d8 [iscsi_target_mod]
iscsit_process_scsi_cmd+0xac/0xf8 [iscsi_target_mod]
iscsit_get_rx_pdu+0x404/0xd00 [iscsi_target_mod]
iscsi_target_rx_thread+0xb8/0x130 [iscsi_target_mod]
kthread+0x130/0x138
ret_from_fork+0x10/0x18
Code: f9000bf3 aa0003f3 aa1e03e0 d503201f (f9400260)
---[ end trace 1e451c73f4266776 ]---
The solution is based on patch:
"scsi: target: tcmu: Optimize use of flush_dcache_page"
which restricts the use of tcmu_flush_dcache_range() to addresses from
vmalloc'ed areas only.
This patch now replaces the virt_to_page() call in
tcmu_flush_dcache_range() - which is wrong for vmalloced addrs - by
vmalloc_to_page().
The patch was tested on ARM with kernel 4.19.118 and 5.7.2
Link: https://lore.kernel.org/r/20200618131632.32748-3-bstroesser@ts.fujitsu.com
Tested-by: JiangYu <lnsyyj@hotmail.com>
Tested-by: Daniel Meyerholt <dxm523@gmail.com>
Acked-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c
index 8da89925a874d..9c05e820857aa 100644
--- a/drivers/target/target_core_user.c
+++ b/drivers/target/target_core_user.c
@@ -612,7 +612,7 @@ static inline void tcmu_flush_dcache_range(void *vaddr, size_t size)
size = round_up(size+offset, PAGE_SIZE);
while (size) {
- flush_dcache_page(virt_to_page(start));
+ flush_dcache_page(vmalloc_to_page(start));
start += PAGE_SIZE;
size -= PAGE_SIZE;
}
--
2.25.1
next prev parent reply other threads:[~2020-08-24 8:57 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-24 8:30 [PATCH 4.19 00/71] 4.19.142-rc1 review Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 01/71] drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 02/71] perf probe: Fix memory leakage when the probe point is not found Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 03/71] khugepaged: khugepaged_test_exit() check mmget_still_valid() Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 04/71] khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 05/71] btrfs: export helpers for subvolume name/id resolution Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 06/71] btrfs: dont show full path of bind mounts in subvol= Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 07/71] btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.19 08/71] btrfs: inode: fix NULL pointer dereference if inode doesnt need compression Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 09/71] btrfs: sysfs: use NOFS for device creation Greg Kroah-Hartman
2020-08-25 18:19 ` Pavel Machek
2020-08-25 23:58 ` Sasha Levin
2020-08-24 8:31 ` [PATCH 4.19 10/71] romfs: fix uninitialized memory leak in romfs_dev_read() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 11/71] kernel/relay.c: fix memleak on destroy relay channel Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 12/71] mm: include CMA pages in lowmem_reserve at boot Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 13/71] mm, page_alloc: fix core hung in free_pcppages_bulk() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 14/71] ext4: fix checking of directory entry validity for inline directories Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 15/71] jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 16/71] scsi: zfcp: Fix use-after-free in request timeout handlers Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 17/71] mm/memory.c: skip spurious TLB flush for retried page fault Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 18/71] drm/amd/display: fix pow() crashing when given base 0 Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 19/71] kthread: Do not preempt current task if it is going to call schedule() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 20/71] spi: Prevent adding devices below an unregistering controller Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 21/71] scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices Greg Kroah-Hartman
2020-08-24 8:31 ` Greg Kroah-Hartman [this message]
2020-08-25 19:46 ` [PATCH 4.19 22/71] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM Pavel Machek
2020-08-24 8:31 ` [PATCH 4.19 23/71] media: budget-core: Improve exception handling in budget_register() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 24/71] rtc: goldfish: Enable interrupt in set_alarm() when necessary Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 25/71] media: vpss: clean up resources in init Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 26/71] Input: psmouse - add a newline when printing proto by sysfs Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 27/71] m68knommu: fix overwriting of bits in ColdFire V3 cache control Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 28/71] svcrdma: Fix another Receive buffer leak Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 29/71] xfs: fix inode quota reservation checks Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 30/71] jffs2: fix UAF problem Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 31/71] ceph: fix use-after-free for fsc->mdsc Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 32/71] cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0 Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 33/71] scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 34/71] virtio_ring: Avoid loop when vq is broken in virtqueue_poll Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 35/71] tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 36/71] xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 37/71] alpha: fix annotation of io{read,write}{16,32}be() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 38/71] fs/signalfd.c: fix inconsistent return codes for signalfd4 Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 39/71] ext4: fix potential negative array index in do_split() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 40/71] ext4: dont allow overlapping system zones Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 41/71] ASoC: q6routing: add dummy register read/write function Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 42/71] i40e: Set RX_ONLY mode for unicast promiscuous on VLAN Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 43/71] i40e: Fix crash during removing i40e driver Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 44/71] net: fec: correct the error path for regulator disable in probe Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 45/71] bonding: show saner speed for broadcast mode Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 46/71] bonding: fix a potential double-unregister Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 47/71] s390/runtime_instrumentation: fix storage key handling Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 48/71] s390/ptrace: " Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 49/71] ASoC: msm8916-wcd-analog: fix register Interrupt offset Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 50/71] ASoC: intel: Fix memleak in sst_media_open Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 51/71] vfio/type1: Add proper error unwind for vfio_iommu_replay() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 52/71] kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 53/71] kvm: x86: Toggling CR4.PKE " Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 54/71] kconfig: qconf: do not limit the pop-up menu to the first row Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 55/71] kconfig: qconf: fix signal connection to invalid slots Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 56/71] efi: avoid error message when booting under Xen Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 57/71] Fix build error when CONFIG_ACPI is not set/enabled: Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 58/71] RDMA/bnxt_re: Do not add user qps to flushlist Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 59/71] afs: Fix NULL deref in afs_dynroot_depopulate() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 60/71] bonding: fix active-backup failover for current ARP slave Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 61/71] net: ena: Prevent reset after device destruction Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 62/71] net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 63/71] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 64/71] net: dsa: b53: check for timeout Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 65/71] powerpc/pseries: Do not initiate shutdown when system is running on UPS Greg Kroah-Hartman
2020-08-25 19:56 ` Pavel Machek
2020-08-26 11:14 ` Vasant Hegde
2020-08-24 8:31 ` [PATCH 4.19 66/71] efi: add missed destroy_workqueue when efisubsys_init fails Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 67/71] epoll: Keep a reference on files added to the check list Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.19 68/71] do_epoll_ctl(): clean the failure exits up a bit Greg Kroah-Hartman
2020-08-24 8:32 ` [PATCH 4.19 69/71] mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible Greg Kroah-Hartman
2020-08-24 8:32 ` [PATCH 4.19 70/71] xen: dont reschedule in preemption off sections Greg Kroah-Hartman
2020-08-24 8:32 ` [PATCH 4.19 71/71] clk: Evict unregistered clks from parent caches Greg Kroah-Hartman
2020-08-24 10:16 ` [PATCH 4.19 00/71] 4.19.142-rc1 review Jon Hunter
2020-08-26 8:07 ` Pavel Machek
2020-08-26 8:28 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200824082356.994960635@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bstroesser@ts.fujitsu.com \
--cc=dxm523@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lnsyyj@hotmail.com \
--cc=martin.petersen@oracle.com \
--cc=michael.christie@oracle.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.