From: Jan Kara <jack@suse.cz>
To: Tejun Heo <tj@kernel.org>
Cc: Jan Kara <jack@suse.cz>, Wei Fang <fangwei1@huawei.com>,
akpm@linux-foundation.org, hannes@cmpxchg.org, hch@infradead.org,
linux-mm@kvack.org, stable@vger.kernel.org,
Jens Axboe <axboe@kernel.dk>
Subject: Re: [PATCH] mm: Fix a NULL dereference crash while accessing bdev->bd_disk
Date: Wed, 30 Nov 2016 10:50:25 +0100 [thread overview]
Message-ID: <20161130095025.GA20030@quack2.suse.cz> (raw)
In-Reply-To: <20161129164350.GC19454@htj.duckdns.org>
On Tue 29-11-16 11:43:50, Tejun Heo wrote:
> Hello, Jan.
>
> On Tue, Nov 29, 2016 at 10:30:35AM +0100, Jan Kara wrote:
> > > It's kinda weird that sync() is ends up accessing bdev's without any
> > > synchronization. Can't we just make iterate_bdevs() grab bd_mutex and
> > > verify bd_disk isn't NULL before calling into the callback?
> >
> > This reminded me I've already seen something like this and indeed I've
> > already had a very similar discussion in March -
> > https://patchwork.kernel.org/patch/8556941/
>
> lol
>
> > Holding bd_mutex in iterate_devs() works but still nothing protects from
> > flusher thread just walking across the block device inode and trying to
> > write it which would result in the very same oops.
>
> Ah, right. We aren't implementing either sever or refcnted draining
> semantics properly. I wonder whether we'd be able to retire the inode
> synchronously during blkdev_put.
Yeah, I've realized flusher thread is mostly taken care of by the fact that
__blkdev_put() does bdev_write_inode() which waits for I_SYNC to get
cleared and then the inode is clean so writeback code mostly ignores it. It
is fragile but likely it works. So for now I've decided to just push the
patch mentioned above to get at least obvious breakage fixed as playing
with bdev lifetime rules definitely won't be a stable material anyway.
I was also thinking about completely tearing down bdev inode in
__blkdev_put() and it could be doable although hunting all inodes
referencing bdev inode through i_bdev will be tricky. Probably we'll need
i_devices things for block devices back...
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-11-30 9:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-26 2:06 [PATCH] mm: Fix a NULL dereference crash while accessing bdev->bd_disk Wei Fang
2016-11-28 10:07 ` Jan Kara
2016-11-28 15:57 ` Tejun Heo
2016-11-29 9:30 ` Jan Kara
2016-11-29 16:43 ` Tejun Heo
2016-11-30 9:50 ` Jan Kara [this message]
2016-11-29 1:58 ` Wei Fang
2016-11-30 9:51 ` Jan Kara
2016-12-01 2:30 ` Wei Fang
2016-12-01 8:18 ` Jan Kara
2016-11-29 23:08 ` Andrew Morton
2016-11-30 7:30 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161130095025.GA20030@quack2.suse.cz \
--to=jack@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=fangwei1@huawei.com \
--cc=hannes@cmpxchg.org \
--cc=hch@infradead.org \
--cc=linux-mm@kvack.org \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).