* [PATCH 1/1] btrfs: fix NPD when target device is missing
@ 2018-02-20 14:46 Anand Jain
2018-02-23 22:55 ` David Sterba
0 siblings, 1 reply; 5+ messages in thread
From: Anand Jain @ 2018-02-20 14:46 UTC (permalink / raw)
To: linux-btrfs
The replace target device can be missing in which case we don't
allocate a missing btrfs_device when mounted with the -o degraded.
So check the device before access.
BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs]
Call Trace:
btrfs_dev_replace_cancel+0x15f/0x180 [btrfs]
btrfs_ioctl+0x2216/0x2590 [btrfs]
do_vfs_ioctl+0x625/0x650
SyS_ioctl+0x4e/0x80
do_syscall_64+0x5d/0x160
entry_SYSCALL64_slow_path+0x25/0x25
Signed-off-by: Anand Jain <anand.jain@oracle.com>
---
fs/btrfs/dev-replace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index dbaa6880a15e..87f975143c05 100644
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -312,7 +312,7 @@ void btrfs_after_dev_replace_commit(struct btrfs_fs_info *fs_info)
static char* btrfs_dev_name(struct btrfs_device *device)
{
- if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
+ if (!device || test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
return "<missing disk>";
else
return rcu_str_deref(device->name);
--
2.15.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] btrfs: fix NPD when target device is missing
2018-02-20 14:46 [PATCH 1/1] btrfs: fix NPD when target device is missing Anand Jain
@ 2018-02-23 22:55 ` David Sterba
2018-02-24 11:43 ` [PATCH v2] btrfs: fix null pointer deref " Anand Jain
2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain
0 siblings, 2 replies; 5+ messages in thread
From: David Sterba @ 2018-02-23 22:55 UTC (permalink / raw)
To: Anand Jain; +Cc: linux-btrfs
On Tue, Feb 20, 2018 at 10:46:25PM +0800, Anand Jain wrote:
> The replace target device can be missing in which case we don't
> allocate a missing btrfs_device when mounted with the -o degraded.
> So check the device before access.
>
> BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
Please don't use uncommon acronyms, NPD is quite confusing, null pointer
deref should be fine.
> IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs]
> Call Trace:
> btrfs_dev_replace_cancel+0x15f/0x180 [btrfs]
> btrfs_ioctl+0x2216/0x2590 [btrfs]
> do_vfs_ioctl+0x625/0x650
> SyS_ioctl+0x4e/0x80
> do_syscall_64+0x5d/0x160
> entry_SYSCALL64_slow_path+0x25/0x25
Do you have a reproducer for that?
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] btrfs: fix null pointer deref when target device is missing
2018-02-23 22:55 ` David Sterba
@ 2018-02-24 11:43 ` Anand Jain
2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain
1 sibling, 0 replies; 5+ messages in thread
From: Anand Jain @ 2018-02-24 11:43 UTC (permalink / raw)
To: linux-btrfs
The replace target device can be missing when mounted with -o degraded,
but we wont allocate a missing btrfs_device to it. So check the device
before access.
BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs]
Call Trace:
btrfs_dev_replace_cancel+0x15f/0x180 [btrfs]
btrfs_ioctl+0x2216/0x2590 [btrfs]
do_vfs_ioctl+0x625/0x650
SyS_ioctl+0x4e/0x80
do_syscall_64+0x5d/0x160
entry_SYSCALL64_slow_path+0x25/0x25
Signed-off-by: Anand Jain <anand.jain@oracle.com>
---
v1->v2: Fix change log. Fix $subject.
Old $subject
btrfs: fix NPD when target device is missing
fs/btrfs/dev-replace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index c97969b2abbd..e279f04b3388 100644
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -312,7 +312,7 @@ void btrfs_after_dev_replace_commit(struct btrfs_fs_info *fs_info)
static char* btrfs_dev_name(struct btrfs_device *device)
{
- if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
+ if (!device || test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state))
return "<missing disk>";
else
return rcu_str_deref(device->name);
--
2.15.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] btrfs: fix NPD when target device is missing
2018-02-23 22:55 ` David Sterba
2018-02-24 11:43 ` [PATCH v2] btrfs: fix null pointer deref " Anand Jain
@ 2018-02-24 14:07 ` Anand Jain
2018-02-27 17:50 ` David Sterba
1 sibling, 1 reply; 5+ messages in thread
From: Anand Jain @ 2018-02-24 14:07 UTC (permalink / raw)
To: dsterba, linux-btrfs
On 02/24/2018 06:55 AM, David Sterba wrote:
> On Tue, Feb 20, 2018 at 10:46:25PM +0800, Anand Jain wrote:
>> The replace target device can be missing in which case we don't
>> allocate a missing btrfs_device when mounted with the -o degraded.
>> So check the device before access.
>>
>> BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
>
> Please don't use uncommon acronyms, NPD is quite confusing, null pointer
> deref should be fine.
Ok, sent v2.
>> IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs]
>> Call Trace:
>> btrfs_dev_replace_cancel+0x15f/0x180 [btrfs]
>> btrfs_ioctl+0x2216/0x2590 [btrfs]
>> do_vfs_ioctl+0x625/0x650
>> SyS_ioctl+0x4e/0x80
>> do_syscall_64+0x5d/0x160
>> entry_SYSCALL64_slow_path+0x25/0x25
>
> Do you have a reproducer for that?
For now, I used a tweaked btrfs.ko [1], then
mkfs.btrfs -fq /dev/sdb && mount /dev/sdb /btrfs
btrfs rep start -B /dev/sdb /dev/sdc
after reboot, we have the replace target device
and now use non-tweaked btrfs.ko
mount -o degraded /dev/sdb /btrfs
[1]
-----------
diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index 476981c2cf55..8ea4856b6368 100644
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -25,6 +25,7 @@
#include <linux/capability.h>
#include <linux/kthread.h>
#include <linux/math64.h>
+#include <linux/reboot.h>
#include <asm/div64.h>
#include "ctree.h"
#include "extent_map.h"
@@ -419,6 +420,8 @@ int btrfs_dev_replace_start(struct btrfs_fs_info
*fs_info,
btrfs_device_get_total_bytes(src_device),
&dev_replace->scrub_progress, 0, 1);
+ emergency_restart();
+
ret = btrfs_dev_replace_finishing(fs_info, ret);
if (ret == -EINPROGRESS) {
ret = BTRFS_IOCTL_DEV_REPLACE_RESULT_SCRUB_INPROGRESS;
------------
Thanks, Anand
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] btrfs: fix NPD when target device is missing
2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain
@ 2018-02-27 17:50 ` David Sterba
0 siblings, 0 replies; 5+ messages in thread
From: David Sterba @ 2018-02-27 17:50 UTC (permalink / raw)
To: Anand Jain; +Cc: dsterba, linux-btrfs
On Sat, Feb 24, 2018 at 10:07:33PM +0800, Anand Jain wrote:
> >> IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs]
> >> Call Trace:
> >> btrfs_dev_replace_cancel+0x15f/0x180 [btrfs]
> >> btrfs_ioctl+0x2216/0x2590 [btrfs]
> >> do_vfs_ioctl+0x625/0x650
> >> SyS_ioctl+0x4e/0x80
> >> do_syscall_64+0x5d/0x160
> >> entry_SYSCALL64_slow_path+0x25/0x25
> >
> > Do you have a reproducer for that?
>
> For now, I used a tweaked btrfs.ko [1], then
>
> mkfs.btrfs -fq /dev/sdb && mount /dev/sdb /btrfs
> btrfs rep start -B /dev/sdb /dev/sdc
> after reboot, we have the replace target device
> and now use non-tweaked btrfs.ko
> mount -o degraded /dev/sdb /btrfs
>
> [1]
> -----------
> diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
> index 476981c2cf55..8ea4856b6368 100644
> --- a/fs/btrfs/dev-replace.c
> +++ b/fs/btrfs/dev-replace.c
> @@ -25,6 +25,7 @@
> #include <linux/capability.h>
> #include <linux/kthread.h>
> #include <linux/math64.h>
> +#include <linux/reboot.h>
> #include <asm/div64.h>
> #include "ctree.h"
> #include "extent_map.h"
> @@ -419,6 +420,8 @@ int btrfs_dev_replace_start(struct btrfs_fs_info
> *fs_info,
> btrfs_device_get_total_bytes(src_device),
> &dev_replace->scrub_progress, 0, 1);
>
> + emergency_restart();
Ok, not something that we can easily turn into a regression test.
I'll reorder this fix before patch "btrfs: log, when replace, is
canceled by the user", so it is bisectable. Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-02-27 17:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-20 14:46 [PATCH 1/1] btrfs: fix NPD when target device is missing Anand Jain
2018-02-23 22:55 ` David Sterba
2018-02-24 11:43 ` [PATCH v2] btrfs: fix null pointer deref " Anand Jain
2018-02-24 14:07 ` [PATCH 1/1] btrfs: fix NPD " Anand Jain
2018-02-27 17:50 ` David Sterba
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).