From: Pavel Begunkov <asml.silence@gmail.com>
To: 王贇 <yun.wang@linux.alibaba.com>, "Jens Axboe" <axboe@kernel.dk>,
"open list:IO_URING" <io-uring@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH] io_uring: stop issue failed request to fix panic
Date: Wed, 1 Sep 2021 10:47:15 +0100 [thread overview]
Message-ID: <b2bd9fd0-736d-668f-7c32-3dda6f862758@gmail.com> (raw)
In-Reply-To: <b04adedd-a78a-634f-f28b-5840d5ec01df@linux.alibaba.com>
On 9/1/21 10:39 AM, 王贇 wrote:
> We observed panic:
> BUG: kernel NULL pointer dereference, address:0000000000000028
> [skip]
> Oops: 0000 [#1] SMP PTI
> CPU: 1 PID: 737 Comm: a.out Not tainted 5.14.0+ #58
> Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
> RIP: 0010:vfs_fadvise+0x1e/0x80
> [skip]
> Call Trace:
> ? tctx_task_work+0x111/0x2a0
> io_issue_sqe+0x524/0x1b90
Most likely it was fixed yesterday. Can you try?
https://git.kernel.dk/cgit/linux-block/log/?h=for-5.15/io_uring
Or these two patches in particular
https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.15/io_uring&id=c6d3d9cbd659de8f2176b4e4721149c88ac096d4
https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.15/io_uring&id=b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8
> This is caused by io_wq_submit_work() calling io_issue_sqe()
> on a failed fadvise request, and the io_init_req() return error
> before initialize the file for it, lead into the panic when
> vfs_fadvise() try to access 'req->file'.
>
> This patch add the missing check & handle for failed request
> before calling io_issue_sqe().
>
> Signed-off-by: Michael Wang <yun.wang@linux.alibaba.com>
> ---
> fs/io_uring.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 6f35b12..bfec7bf 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -2214,7 +2214,8 @@ static void io_req_task_submit(struct io_kiocb *req, bool *locked)
>
> io_tw_lock(ctx, locked);
> /* req->task == current here, checking PF_EXITING is safe */
> - if (likely(!(req->task->flags & PF_EXITING)))
> + if (likely(!(req->task->flags & PF_EXITING) &&
> + !(req->flags & REQ_F_FAIL)))
> __io_queue_sqe(req);
> else
> io_req_complete_failed(req, -EFAULT);
> @@ -6704,7 +6705,10 @@ static void io_wq_submit_work(struct io_wq_work *work)
>
> if (!ret) {
> do {
> - ret = io_issue_sqe(req, 0);
> + if (likely(!(req->flags & REQ_F_FAIL)))
> + ret = io_issue_sqe(req, 0);
> + else
> + io_req_complete_failed(req, -EFAULT);
> /*
> * We can get EAGAIN for polled IO even though we're
> * forcing a sync submission from here, since we can't
>
--
Pavel Begunkov
next prev parent reply other threads:[~2021-09-01 9:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-01 9:39 [RFC PATCH] io_uring: stop issue failed request to fix panic 王贇
2021-09-01 9:47 ` Pavel Begunkov [this message]
2021-09-01 9:52 ` 王贇
2021-09-01 10:59 ` Pavel Begunkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b2bd9fd0-736d-668f-7c32-3dda6f862758@gmail.com \
--to=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=io-uring@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=yun.wang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.