Re: [PATCH] block: protect rw_page against device teardown

Linux-NVDIMM Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Matthew Wilcox <willy@linux.intel.com>
To: "Williams, Dan J" <dan.j.williams@intel.com>
Cc: "axboe@fb.com" <axboe@fb.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-nvdimm@lists.01.org" <linux-nvdimm@lists.01.org>,
	"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH] block: protect rw_page against device teardown
Date: Fri, 20 Nov 2015 13:12:28 -0500	[thread overview]
Message-ID: <20151120181228.GE18246@linux.intel.com> (raw)
In-Reply-To: <1447980689.20885.16.camel@intel.com>


I'd prefer bdev_read_page() and bdev_write_page() to be a bit more consistent
(eg 'rc' vs 'result'), but:

Acked-by: Matthew Wilcox <willy@linux.intel.com>

On Fri, Nov 20, 2015 at 12:51:30AM +0000, Williams, Dan J wrote:
> On Fri, 2015-11-20 at 08:32 +0800, kbuild test robot wrote:
> > Hi Dan,
> > 
> > [auto build test ERROR on: block/for-next]
> > [also build test ERROR on: v4.4-rc1 next-20151119]
> 
> Thanks kbuild robot! ;-)
> 
> I indeed had rebased this in my tree in front of another patch that
> made blk_queue_enter() public. ï¿½Given that other patch is 4.5 material,
> move that declaration change into this patch:
> 
> 8<----
> Subject: block: protect rw_page against device teardown
> 
> From: Dan Williams <dan.j.williams@intel.com>
> 
> Fix use after free crashes like the following:
> 
> ï¿½general protection fault: 0000 [#1] SMP
> ï¿½Call Trace:
> ï¿½ [<ffffffffa0050216>] ? pmem_do_bvec.isra.12+0xa6/0xf0 [nd_pmem]
> ï¿½ [<ffffffffa0050ba2>] pmem_rw_page+0x42/0x80 [nd_pmem]
> ï¿½ [<ffffffff8128fd90>] bdev_read_page+0x50/0x60
> ï¿½ [<ffffffff812972f0>] do_mpage_readpage+0x510/0x770
> ï¿½ [<ffffffff8128fd20>] ? I_BDEV+0x20/0x20
> ï¿½ [<ffffffff811d86dc>] ? lru_cache_add+0x1c/0x50
> ï¿½ [<ffffffff81297657>] mpage_readpages+0x107/0x170
> ï¿½ [<ffffffff8128fd20>] ? I_BDEV+0x20/0x20
> ï¿½ [<ffffffff8128fd20>] ? I_BDEV+0x20/0x20
> ï¿½ [<ffffffff8129058d>] blkdev_readpages+0x1d/0x20
> ï¿½ [<ffffffff811d615f>] __do_page_cache_readahead+0x28f/0x310
> ï¿½ [<ffffffff811d6039>] ? __do_page_cache_readahead+0x169/0x310
> ï¿½ [<ffffffff811c5abd>] ? pagecache_get_page+0x2d/0x1d0
> ï¿½ [<ffffffff811c76f6>] filemap_fault+0x396/0x530
> ï¿½ [<ffffffff811f816e>] __do_fault+0x4e/0xf0
> ï¿½ [<ffffffff811fce7d>] handle_mm_fault+0x11bd/0x1b50
> 
> Cc: <stable@vger.kernel.org>
> Cc: Jens Axboe <axboe@fb.com>
> Cc: Matthew Wilcox <willy@linux.intel.com>
> Cc: Alexander Viro <viro@zeniv.linux.org.uk>
> Reported-by: kbuild test robot <lkp@intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
> ï¿½block/blk.hï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½|ï¿½ï¿½ï¿½ï¿½2 --
> ï¿½fs/block_dev.cï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½|ï¿½ï¿½ï¿½18 ++++++++++++++++--
> ï¿½include/linux/blkdev.h |ï¿½ï¿½ï¿½ï¿½2 ++
> ï¿½3 files changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/block/blk.h b/block/blk.h
> index da722eb786df..c43926d3d74d 100644
> --- a/block/blk.h
> +++ b/block/blk.h
> @@ -72,8 +72,6 @@ void blk_dequeue_request(struct request *rq);
> ï¿½void __blk_queue_free_tags(struct request_queue *q);
> ï¿½bool __blk_end_bidi_request(struct request *rq, int error,
> ï¿½			ï¿½ï¿½ï¿½ï¿½unsigned int nr_bytes, unsigned int bidi_bytes);
> -int blk_queue_enter(struct request_queue *q, gfp_t gfp);
> -void blk_queue_exit(struct request_queue *q);
> ï¿½void blk_freeze_queue(struct request_queue *q);
> ï¿½
> ï¿½static inline void blk_queue_enter_live(struct request_queue *q)
> diff --git a/fs/block_dev.c b/fs/block_dev.c
> index bb0dfb1c7af1..cc0af12acf94 100644
> --- a/fs/block_dev.c
> +++ b/fs/block_dev.c
> @@ -390,9 +390,17 @@ int bdev_read_page(struct block_device *bdev, sector_t sector,
> ï¿½			struct page *page)
> ï¿½{
> ï¿½	const struct block_device_operations *ops = bdev->bd_disk->fops;
> +	int rc = -EOPNOTSUPP;
> +
> ï¿½	if (!ops->rw_page || bdev_get_integrity(bdev))
> -		return -EOPNOTSUPP;
> -	return ops->rw_page(bdev, sector + get_start_sect(bdev), page, READ);
> +		return rc;
> +
> +	rc = blk_queue_enter(bdev->bd_queue, GFP_KERNEL);
> +	if (rc)
> +		return rc;
> +	rc = ops->rw_page(bdev, sector + get_start_sect(bdev), page, READ);
> +	blk_queue_exit(bdev->bd_queue);
> +	return rc;
> ï¿½}
> ï¿½EXPORT_SYMBOL_GPL(bdev_read_page);
> ï¿½
> @@ -421,14 +429,20 @@ int bdev_write_page(struct block_device *bdev, sector_t sector,
> ï¿½	int result;
> ï¿½	int rw = (wbc->sync_mode == WB_SYNC_ALL) ? WRITE_SYNC : WRITE;
> ï¿½	const struct block_device_operations *ops = bdev->bd_disk->fops;
> +
> ï¿½	if (!ops->rw_page || bdev_get_integrity(bdev))
> ï¿½		return -EOPNOTSUPP;
> +	result = blk_queue_enter(bdev->bd_queue, GFP_KERNEL);
> +	if (result)
> +		return result;
> +
> ï¿½	set_page_writeback(page);
> ï¿½	result = ops->rw_page(bdev, sector + get_start_sect(bdev), page, rw);
> ï¿½	if (result)
> ï¿½		end_page_writeback(page);
> ï¿½	else
> ï¿½		unlock_page(page);
> +	blk_queue_exit(bdev->bd_queue);
> ï¿½	return result;
> ï¿½}
> ï¿½EXPORT_SYMBOL_GPL(bdev_write_page);
> diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
> index 3fe27f8d91f0..c0d2b7927c1f 100644
> --- a/include/linux/blkdev.h
> +++ b/include/linux/blkdev.h
> @@ -794,6 +794,8 @@ extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t,
> ï¿½extern int sg_scsi_ioctl(struct request_queue *, struct gendisk *, fmode_t,
> ï¿½			ï¿½struct scsi_ioctl_command __user *);
> ï¿½
> +extern int blk_queue_enter(struct request_queue *q, gfp_t gfp);
> +extern void blk_queue_exit(struct request_queue *q);
> ï¿½extern void blk_start_queue(struct request_queue *q);
> ï¿½extern void blk_stop_queue(struct request_queue *q);
> ï¿½extern void blk_sync_queue(struct request_queue *q);

next prev parent reply	other threads:[~2015-11-20 18:12 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-20  0:14 [PATCH] block: protect rw_page against device teardown Dan Williams
2015-11-20  0:32 ` kbuild test robot
2015-11-20  0:51   ` Williams, Dan J
2015-11-20 18:12     ` Matthew Wilcox [this message]
2015-11-20 18:26       ` Williams, Dan J

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151120181228.GE18246@linux.intel.com \
    --to=willy@linux.intel.com \
    --cc=axboe@fb.com \
    --cc=dan.j.williams@intel.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    --cc=stable@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox