From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Breno Leitao <leitao@debian.org>, Tejun Heo <tj@kernel.org>,
Christoph Hellwig <hch@lst.de>, Jens Axboe <axboe@kernel.dk>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 70/71] blk-iocost: Pass gendisk to ioc_refresh_params
Date: Wed, 13 Mar 2024 12:39:56 -0400 [thread overview]
Message-ID: <20240313163957.615276-71-sashal@kernel.org> (raw)
In-Reply-To: <20240313163957.615276-1-sashal@kernel.org>
From: Breno Leitao <leitao@debian.org>
[ Upstream commit e33b93650fc5364f773985a3e961e24349330d97 ]
Current kernel (d2980d8d826554fa6981d621e569a453787472f8) crashes
when blk_iocost_init for `nvme1` disk.
BUG: kernel NULL pointer dereference, address: 0000000000000050
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
blk_iocost_init (include/asm-generic/qspinlock.h:128
include/linux/spinlock.h:203
include/linux/spinlock_api_smp.h:158
include/linux/spinlock.h:400
block/blk-iocost.c:2884)
ioc_qos_write (block/blk-iocost.c:3198)
? kretprobe_perf_func (kernel/trace/trace_kprobe.c:1566)
? kernfs_fop_write_iter (include/linux/slab.h:584 fs/kernfs/file.c:311)
? __kmem_cache_alloc_node (mm/slab.h:? mm/slub.c:3452 mm/slub.c:3491)
? _copy_from_iter (arch/x86/include/asm/uaccess_64.h:46
arch/x86/include/asm/uaccess_64.h:52
lib/iov_iter.c:183 lib/iov_iter.c:628)
? kretprobe_dispatcher (kernel/trace/trace_kprobe.c:1693)
cgroup_file_write (kernel/cgroup/cgroup.c:4061)
kernfs_fop_write_iter (fs/kernfs/file.c:334)
vfs_write (include/linux/fs.h:1849 fs/read_write.c:491
fs/read_write.c:584)
ksys_write (fs/read_write.c:637)
do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
This happens because ioc_refresh_params() is being called without
a properly initialized ioc->rqos, which is happening later in the callee
side.
ioc_refresh_params() -> ioc_autop_idx() tries to access
ioc->rqos.disk->queue but ioc->rqos.disk is NULL, causing the BUG above.
Create function, called ioc_refresh_params_disk(), that is similar to
ioc_refresh_params() but where the "struct gendisk" could be passed as
an explicit argument. This function will be called when ioc->rqos.disk
is not initialized.
Fixes: ce57b558604e ("blk-rq-qos: make rq_qos_add and rq_qos_del more useful")
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20230228111654.1778120-1-leitao@debian.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-iocost.c | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/block/blk-iocost.c b/block/blk-iocost.c
index ab5830ba23e0f..0d4bc9d8f2cac 100644
--- a/block/blk-iocost.c
+++ b/block/blk-iocost.c
@@ -801,7 +801,11 @@ static void ioc_refresh_period_us(struct ioc *ioc)
ioc_refresh_margins(ioc);
}
-static int ioc_autop_idx(struct ioc *ioc)
+/*
+ * ioc->rqos.disk isn't initialized when this function is called from
+ * the init path.
+ */
+static int ioc_autop_idx(struct ioc *ioc, struct gendisk *disk)
{
int idx = ioc->autop_idx;
const struct ioc_params *p = &autop[idx];
@@ -809,11 +813,11 @@ static int ioc_autop_idx(struct ioc *ioc)
u64 now_ns;
/* rotational? */
- if (!blk_queue_nonrot(ioc->rqos.disk->queue))
+ if (!blk_queue_nonrot(disk->queue))
return AUTOP_HDD;
/* handle SATA SSDs w/ broken NCQ */
- if (blk_queue_depth(ioc->rqos.disk->queue) == 1)
+ if (blk_queue_depth(disk->queue) == 1)
return AUTOP_SSD_QD1;
/* use one of the normal ssd sets */
@@ -902,14 +906,19 @@ static void ioc_refresh_lcoefs(struct ioc *ioc)
&c[LCOEF_WPAGE], &c[LCOEF_WSEQIO], &c[LCOEF_WRANDIO]);
}
-static bool ioc_refresh_params(struct ioc *ioc, bool force)
+/*
+ * struct gendisk is required as an argument because ioc->rqos.disk
+ * is not properly initialized when called from the init path.
+ */
+static bool ioc_refresh_params_disk(struct ioc *ioc, bool force,
+ struct gendisk *disk)
{
const struct ioc_params *p;
int idx;
lockdep_assert_held(&ioc->lock);
- idx = ioc_autop_idx(ioc);
+ idx = ioc_autop_idx(ioc, disk);
p = &autop[idx];
if (idx == ioc->autop_idx && !force)
@@ -938,6 +947,11 @@ static bool ioc_refresh_params(struct ioc *ioc, bool force)
return true;
}
+static bool ioc_refresh_params(struct ioc *ioc, bool force)
+{
+ return ioc_refresh_params_disk(ioc, force, ioc->rqos.disk);
+}
+
/*
* When an iocg accumulates too much vtime or gets deactivated, we throw away
* some vtime, which lowers the overall device utilization. As the exact amount
@@ -2884,7 +2898,7 @@ static int blk_iocost_init(struct gendisk *disk)
spin_lock_irq(&ioc->lock);
ioc->autop_idx = AUTOP_INVALID;
- ioc_refresh_params(ioc, true);
+ ioc_refresh_params_disk(ioc, true, disk);
spin_unlock_irq(&ioc->lock);
/*
--
2.43.0
next prev parent reply other threads:[~2024-03-13 16:41 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 16:38 [PATCH 6.1 00/71] 6.1.82-rc1 review Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 01/71] ceph: switch to corrected encoding of max_xattr_size in mdsmap Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 02/71] net: lan78xx: fix runtime PM count underflow on link stop Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 03/71] ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 04/71] i40e: disable NAPI right after disabling irqs when handling xsk_pool Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 05/71] ice: reorder disabling IRQ and NAPI in ice_qp_dis Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 06/71] tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 07/71] geneve: make sure to pull inner header in geneve_rx() Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 08/71] net: sparx5: Fix use after free inside sparx5_del_mact_entry Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 09/71] ice: virtchnl: stop pretending to support RSS over AQ or registers Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 10/71] net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 11/71] igc: avoid returning frame twice in XDP_REDIRECT Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 12/71] net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Sasha Levin
2024-03-13 16:38 ` [PATCH 6.1 13/71] cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 14/71] net: dsa: microchip: fix register write order in ksz8_ind_write8() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 15/71] net/rds: fix WARNING in rds_conn_connect_if_down Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 16/71] netfilter: nft_ct: fix l3num expectations with inet pseudo family Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 17/71] netfilter: nf_conntrack_h323: Add protection for bmp length out of range Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 18/71] erofs: apply proper VMA alignment for memory mapped files on THP Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 19/71] netrom: Fix a data-race around sysctl_netrom_default_path_quality Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 20/71] netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 21/71] netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 22/71] netrom: Fix a data-race around sysctl_netrom_transport_timeout Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 23/71] netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 24/71] netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 25/71] netrom: Fix a data-race around sysctl_netrom_transport_busy_delay Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 26/71] netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 27/71] netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 28/71] netrom: Fix a data-race around sysctl_netrom_routing_control Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 29/71] netrom: Fix a data-race around sysctl_netrom_link_fails_count Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 30/71] netrom: Fix data-races around sysctl_net_busy_read Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 31/71] KVM: s390: add stat counter for shadow gmap events Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 32/71] KVM: s390: vsie: fix race during shadow creation Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 33/71] ASoC: codecs: wcd938x: fix headphones volume controls Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 34/71] drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 35/71] nfp: flower: add goto_chain_index for ct entry Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 36/71] nfp: flower: add hardware offload check for post " Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 37/71] readahead: avoid multiple marked readahead pages Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 38/71] selftests/mm: switch to bash from sh Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 39/71] selftests: mm: fix map_hugetlb failure on 64K page size systems Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 40/71] xhci: process isoc TD properly when there was a transaction error mid TD Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 41/71] xhci: handle isoc Babble and Buffer Overrun events properly Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 42/71] drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 43/71] x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 44/71] Documentation/hw-vuln: Add documentation for RFDS Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 45/71] x86/rfds: Mitigate Register File Data Sampling (RFDS) Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 46/71] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 47/71] selftests: mptcp: decrease BW in simult flows Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 48/71] blk-iocost: disable writeback throttling Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 49/71] elevator: remove redundant code in elv_unregister_queue() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 50/71] blk-wbt: remove unnecessary check in wbt_enable_default() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 51/71] elevator: add new field flags in struct elevator_queue Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 52/71] blk-wbt: don't enable throttling if default elevator is bfq Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 53/71] blk-wbt: pass a gendisk to wbt_{enable,disable}_default Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 54/71] blk-wbt: pass a gendisk to wbt_init Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 55/71] blk-rq-qos: move rq_qos_add and rq_qos_del out of line Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 56/71] blk-rq-qos: make rq_qos_add and rq_qos_del more useful Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 57/71] blk-rq-qos: constify rq_qos_ops Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 58/71] blk-rq-qos: store a gendisk instead of request_queue in struct rq_qos Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 59/71] blk-wbt: Fix detection of dirty-throttled tasks Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 60/71] drm/amd/display: Wrong colorimetry workaround Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 61/71] drm/amd/display: Fix MST Null Ptr for RV Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 62/71] getrusage: add the "signal_struct *sig" local variable Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 63/71] getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 64/71] getrusage: use __for_each_thread() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 65/71] getrusage: use sig->stats_lock rather than lock_task_sighand() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 66/71] fs/proc: do_task_stat: use __for_each_thread() Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 67/71] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 68/71] exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Sasha Levin
2024-03-13 16:39 ` [PATCH 6.1 69/71] blk-wbt: fix that wbt can't be disabled by default Sasha Levin
2024-03-13 16:39 ` Sasha Levin [this message]
2024-03-13 16:39 ` [PATCH 6.1 71/71] Linux 6.1.82-rc1 Sasha Levin
2024-03-13 20:04 ` [PATCH 6.1 00/71] 6.1.82-rc1 review Pavel Machek
2024-03-13 20:13 ` Mateusz Jończyk
2024-03-13 21:27 ` Mateusz Jończyk
2024-03-14 21:12 ` Mateusz Jończyk
2024-03-14 22:04 ` Jens Axboe
2024-03-14 22:35 ` Sasha Levin
2024-03-14 22:40 ` Jens Axboe
2024-03-15 12:14 ` Sasha Levin
2024-03-15 14:42 ` Sasha Levin
2024-03-15 14:49 ` Jens Axboe
2024-03-15 19:31 ` Ron Economos
2024-03-14 14:43 ` Naresh Kamboju
2024-03-14 20:45 ` Florian Fainelli
2024-03-15 10:37 ` Shreeya Patel
2024-03-15 15:34 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240313163957.615276-71-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox