* [PATCH 1/1] btrfs: fix NPD when target device is missing @ 2018-02-20 14:46 Anand Jain 2018-02-23 22:55 ` David Sterba 0 siblings, 1 reply; 5+ messages in thread From: Anand Jain @ 2018-02-20 14:46 UTC (permalink / raw) To: linux-btrfs The replace target device can be missing in which case we don't allocate a missing btrfs_device when mounted with the -o degraded. So check the device before access. BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] Call Trace: btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] btrfs_ioctl+0x2216/0x2590 [btrfs] do_vfs_ioctl+0x625/0x650 SyS_ioctl+0x4e/0x80 do_syscall_64+0x5d/0x160 entry_SYSCALL64_slow_path+0x25/0x25 Signed-off-by: Anand Jain <anand.jain@oracle.com> --- fs/btrfs/dev-replace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index dbaa6880a15e..87f975143c05 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -312,7 +312,7 @@ void btrfs_after_dev_replace_commit(struct btrfs_fs_info *fs_info) static char* btrfs_dev_name(struct btrfs_device *device) { - if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) + if (!device || test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) return "<missing disk>"; else return rcu_str_deref(device->name); -- 2.15.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] btrfs: fix NPD when target device is missing 2018-02-20 14:46 [PATCH 1/1] btrfs: fix NPD when target device is missing Anand Jain @ 2018-02-23 22:55 ` David Sterba 2018-02-24 11:43 ` [PATCH v2] btrfs: fix null pointer deref " Anand Jain 2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain 0 siblings, 2 replies; 5+ messages in thread From: David Sterba @ 2018-02-23 22:55 UTC (permalink / raw) To: Anand Jain; +Cc: linux-btrfs On Tue, Feb 20, 2018 at 10:46:25PM +0800, Anand Jain wrote: > The replace target device can be missing in which case we don't > allocate a missing btrfs_device when mounted with the -o degraded. > So check the device before access. > > BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 Please don't use uncommon acronyms, NPD is quite confusing, null pointer deref should be fine. > IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] > Call Trace: > btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] > btrfs_ioctl+0x2216/0x2590 [btrfs] > do_vfs_ioctl+0x625/0x650 > SyS_ioctl+0x4e/0x80 > do_syscall_64+0x5d/0x160 > entry_SYSCALL64_slow_path+0x25/0x25 Do you have a reproducer for that? ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] btrfs: fix null pointer deref when target device is missing 2018-02-23 22:55 ` David Sterba @ 2018-02-24 11:43 ` Anand Jain 2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain 1 sibling, 0 replies; 5+ messages in thread From: Anand Jain @ 2018-02-24 11:43 UTC (permalink / raw) To: linux-btrfs The replace target device can be missing when mounted with -o degraded, but we wont allocate a missing btrfs_device to it. So check the device before access. BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] Call Trace: btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] btrfs_ioctl+0x2216/0x2590 [btrfs] do_vfs_ioctl+0x625/0x650 SyS_ioctl+0x4e/0x80 do_syscall_64+0x5d/0x160 entry_SYSCALL64_slow_path+0x25/0x25 Signed-off-by: Anand Jain <anand.jain@oracle.com> --- v1->v2: Fix change log. Fix $subject. Old $subject btrfs: fix NPD when target device is missing fs/btrfs/dev-replace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index c97969b2abbd..e279f04b3388 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -312,7 +312,7 @@ void btrfs_after_dev_replace_commit(struct btrfs_fs_info *fs_info) static char* btrfs_dev_name(struct btrfs_device *device) { - if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) + if (!device || test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) return "<missing disk>"; else return rcu_str_deref(device->name); -- 2.15.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] btrfs: fix NPD when target device is missing 2018-02-23 22:55 ` David Sterba 2018-02-24 11:43 ` [PATCH v2] btrfs: fix null pointer deref " Anand Jain @ 2018-02-24 14:07 ` Anand Jain 2018-02-27 17:50 ` David Sterba 1 sibling, 1 reply; 5+ messages in thread From: Anand Jain @ 2018-02-24 14:07 UTC (permalink / raw) To: dsterba, linux-btrfs On 02/24/2018 06:55 AM, David Sterba wrote: > On Tue, Feb 20, 2018 at 10:46:25PM +0800, Anand Jain wrote: >> The replace target device can be missing in which case we don't >> allocate a missing btrfs_device when mounted with the -o degraded. >> So check the device before access. >> >> BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 > > Please don't use uncommon acronyms, NPD is quite confusing, null pointer > deref should be fine. Ok, sent v2. >> IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] >> Call Trace: >> btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] >> btrfs_ioctl+0x2216/0x2590 [btrfs] >> do_vfs_ioctl+0x625/0x650 >> SyS_ioctl+0x4e/0x80 >> do_syscall_64+0x5d/0x160 >> entry_SYSCALL64_slow_path+0x25/0x25 > > Do you have a reproducer for that? For now, I used a tweaked btrfs.ko [1], then mkfs.btrfs -fq /dev/sdb && mount /dev/sdb /btrfs btrfs rep start -B /dev/sdb /dev/sdc after reboot, we have the replace target device and now use non-tweaked btrfs.ko mount -o degraded /dev/sdb /btrfs [1] ----------- diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index 476981c2cf55..8ea4856b6368 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -25,6 +25,7 @@ #include <linux/capability.h> #include <linux/kthread.h> #include <linux/math64.h> +#include <linux/reboot.h> #include <asm/div64.h> #include "ctree.h" #include "extent_map.h" @@ -419,6 +420,8 @@ int btrfs_dev_replace_start(struct btrfs_fs_info *fs_info, btrfs_device_get_total_bytes(src_device), &dev_replace->scrub_progress, 0, 1); + emergency_restart(); + ret = btrfs_dev_replace_finishing(fs_info, ret); if (ret == -EINPROGRESS) { ret = BTRFS_IOCTL_DEV_REPLACE_RESULT_SCRUB_INPROGRESS; ------------ Thanks, Anand > -- > To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] btrfs: fix NPD when target device is missing 2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain @ 2018-02-27 17:50 ` David Sterba 0 siblings, 0 replies; 5+ messages in thread From: David Sterba @ 2018-02-27 17:50 UTC (permalink / raw) To: Anand Jain; +Cc: dsterba, linux-btrfs On Sat, Feb 24, 2018 at 10:07:33PM +0800, Anand Jain wrote: > >> IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] > >> Call Trace: > >> btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] > >> btrfs_ioctl+0x2216/0x2590 [btrfs] > >> do_vfs_ioctl+0x625/0x650 > >> SyS_ioctl+0x4e/0x80 > >> do_syscall_64+0x5d/0x160 > >> entry_SYSCALL64_slow_path+0x25/0x25 > > > > Do you have a reproducer for that? > > For now, I used a tweaked btrfs.ko [1], then > > mkfs.btrfs -fq /dev/sdb && mount /dev/sdb /btrfs > btrfs rep start -B /dev/sdb /dev/sdc > after reboot, we have the replace target device > and now use non-tweaked btrfs.ko > mount -o degraded /dev/sdb /btrfs > > [1] > ----------- > diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c > index 476981c2cf55..8ea4856b6368 100644 > --- a/fs/btrfs/dev-replace.c > +++ b/fs/btrfs/dev-replace.c > @@ -25,6 +25,7 @@ > #include <linux/capability.h> > #include <linux/kthread.h> > #include <linux/math64.h> > +#include <linux/reboot.h> > #include <asm/div64.h> > #include "ctree.h" > #include "extent_map.h" > @@ -419,6 +420,8 @@ int btrfs_dev_replace_start(struct btrfs_fs_info > *fs_info, > btrfs_device_get_total_bytes(src_device), > &dev_replace->scrub_progress, 0, 1); > > + emergency_restart(); Ok, not something that we can easily turn into a regression test. I'll reorder this fix before patch "btrfs: log, when replace, is canceled by the user", so it is bisectable. Thanks. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-02-27 17:53 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-02-20 14:46 [PATCH 1/1] btrfs: fix NPD when target device is missing Anand Jain 2018-02-23 22:55 ` David Sterba 2018-02-24 11:43 ` [PATCH v2] btrfs: fix null pointer deref " Anand Jain 2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain 2018-02-27 17:50 ` David Sterba
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).