From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jiang Li <jiang.li@ugreen.com>, Song Liu <song@kernel.org>,
Sasha Levin <sashal@kernel.org>,
linux-raid@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 16/26] md/raid1: stop mdx_raid1 thread when raid1 array run failed
Date: Sun, 18 Dec 2022 11:20:06 -0500 [thread overview]
Message-ID: <20221218162016.934280-16-sashal@kernel.org> (raw)
In-Reply-To: <20221218162016.934280-1-sashal@kernel.org>
From: Jiang Li <jiang.li@ugreen.com>
[ Upstream commit b611ad14006e5be2170d9e8e611bf49dff288911 ]
fail run raid1 array when we assemble array with the inactive disk only,
but the mdx_raid1 thread were not stop, Even if the associated resources
have been released. it will caused a NULL dereference when we do poweroff.
This causes the following Oops:
[ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070
[ 287.594762] #PF: supervisor read access in kernel mode
[ 287.599912] #PF: error_code(0x0000) - not-present page
[ 287.605061] PGD 0 P4D 0
[ 287.607612] Oops: 0000 [#1] SMP NOPTI
[ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0
[ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022
[ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]
[ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......
[ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202
[ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000
[ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800
[ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff
[ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800
[ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500
[ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000
[ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0
[ 287.713033] Call Trace:
[ 287.715498] raid1d+0x6c/0xbbb [raid1]
[ 287.719256] ? __schedule+0x1ff/0x760
[ 287.722930] ? schedule+0x3b/0xb0
[ 287.726260] ? schedule_timeout+0x1ed/0x290
[ 287.730456] ? __switch_to+0x11f/0x400
[ 287.734219] md_thread+0xe9/0x140 [md_mod]
[ 287.738328] ? md_thread+0xe9/0x140 [md_mod]
[ 287.742601] ? wait_woken+0x80/0x80
[ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]
[ 287.751064] kthread+0x11a/0x140
[ 287.754300] ? kthread_park+0x90/0x90
[ 287.757974] ret_from_fork+0x1f/0x30
In fact, when raid1 array run fail, we need to do
md_unregister_thread() before raid1_free().
Signed-off-by: Jiang Li <jiang.li@ugreen.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 876d3e1339d1..0f8b1fb3d051 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -3110,6 +3110,7 @@ static int raid1_run(struct mddev *mddev)
* RAID1 needs at least one disk in active
*/
if (conf->raid_disks - mddev->degraded < 1) {
+ md_unregister_thread(&conf->thread);
ret = -EINVAL;
goto abort;
}
--
2.35.1
next prev parent reply other threads:[~2022-12-18 17:03 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-18 16:19 [PATCH AUTOSEL 4.19 01/26] wifi: ath9k: verify the expected usb_endpoints are present Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 02/26] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 03/26] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform Sasha Levin
2022-12-18 16:19 ` Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 04/26] ipmi: fix memleak when unload ipmi driver Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 05/26] bpf: make sure skb->len != 0 when redirecting to a tunneling device Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 06/26] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 07/26] hamradio: baycom_epp: Fix return type of baycom_send_packet() Sasha Levin
2022-12-18 16:19 ` [PATCH AUTOSEL 4.19 08/26] wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() Sasha Levin
2022-12-18 16:19 ` [Intel-wired-lan] [PATCH AUTOSEL 4.19 09/26] igb: Do not free q_vector unless new one was allocated Sasha Levin
2022-12-18 16:19 ` Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 10/26] drm/amdgpu: Fix type of second parameter in trans_msg() callback Sasha Levin
2022-12-18 16:20 ` Sasha Levin
2022-12-18 16:20 ` Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 11/26] s390/ctcm: Fix return type of ctc{mp,}m_tx() Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 12/26] s390/netiucv: Fix return type of netiucv_tx() Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 13/26] s390/lcs: Fix return type of lcs_start_xmit() Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 14/26] drm/sti: Use drm_mode_copy() Sasha Levin
2022-12-18 16:20 ` Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 15/26] drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Sasha Levin
2022-12-18 16:20 ` Sasha Levin [this message]
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 17/26] mrp: introduce active flags to prevent UAF when applicant uninit Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 18/26] ppp: associate skb with a device at tx Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 19/26] media: dvb-frontends: fix leak of memory fw Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 20/26] media: dvbdev: adopts refcnt to avoid UAF Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 21/26] media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 22/26] blk-mq: fix possible memleak when register 'hctx' failed Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 23/26] regulator: core: fix use_count leakage when handling boot-on Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 24/26] mmc: f-sdh30: Add quirks for broken timeout clock capability Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 25/26] media: si470x: Fix use-after-free in si470x_int_in_callback() Sasha Levin
2022-12-18 16:20 ` [PATCH AUTOSEL 4.19 26/26] clk: st: Fix memory leak in st_of_quadfs_setup() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221218162016.934280-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jiang.li@ugreen.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=song@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.