From: Bart Van Assche <bvanassche@acm.org>
To: Gautam Menghani <gautammenghani201@gmail.com>, axboe@kernel.dk
Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
skhan@linuxfoundation.org
Subject: Re: [RFC] block: Add a NULL check in blk_mq_free_rqs()
Date: Sun, 17 Jul 2022 07:49:12 -0700 [thread overview]
Message-ID: <d4efe597-94b0-5878-fb54-1c6deb915659@acm.org> (raw)
In-Reply-To: <20220717102242.219424-1-gautammenghani201@gmail.com>
On 7/17/22 03:22, Gautam Menghani wrote:
> Syzbot reported a general protection fault in the function
> blk_mq_clear_rq_mapping() in the file block/blk-mq.c.
> The issue is that the variable drv_tags is NULL, and this
> originates from the struct blk_mq_tag_set. The dashboard link for this
> issue is :
> syzkaller.appspot.com/bug?id=c3ce4caa4fc58c156d4903984131cdfa38eee354
>
> This patch fixes the above bug, but there is another syzbot bug which is
> related to this and getting triggered after the call to
> blk_mq_clear_rq_mapping(). As a result, I cannot determine if the issue
> is really solved. The link to other issue:
> syzkaller.appspot.com/bug?id=7643cea70f1d0ce15f5f4bc39488918837ad4233
>
> Please provide feedback/suggestions on the same.
>
> Signed-off-by: Gautam Menghani <gautammenghani201@gmail.com>
> ---
> block/blk-mq.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index 93d9d60980fb..c1dd1b78b95c 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -3092,7 +3092,8 @@ void blk_mq_free_rqs(struct blk_mq_tag_set *set, struct blk_mq_tags *tags,
> }
> }
>
> - blk_mq_clear_rq_mapping(drv_tags, tags);
> + if (drv_tags)
> + blk_mq_clear_rq_mapping(drv_tags, tags);
>
> while (!list_empty(&tags->page_list)) {
> page = list_first_entry(&tags->page_list, struct page, lru);
I don't see how drv_tags could be NULL without triggering a race
condition. Please take a look at the nbd driver to see whether the root
cause is perhaps in that driver instead of in the block layer core.
Thanks,
Bart.
next prev parent reply other threads:[~2022-07-17 14:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-17 10:22 [RFC] block: Add a NULL check in blk_mq_free_rqs() Gautam Menghani
2022-07-17 14:49 ` Bart Van Assche [this message]
2022-07-18 16:06 ` Gautam Menghani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d4efe597-94b0-5878-fb54-1c6deb915659@acm.org \
--to=bvanassche@acm.org \
--cc=axboe@kernel.dk \
--cc=gautammenghani201@gmail.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox