From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757572AbcAaWo3 (ORCPT ); Sun, 31 Jan 2016 17:44:29 -0500 Received: from ipmail07.adl2.internode.on.net ([150.101.137.131]:30581 "EHLO ipmail07.adl2.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757515AbcAaWo2 (ORCPT ); Sun, 31 Jan 2016 17:44:28 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2D1BgDHja5W/xATLHldgzqBP4JmhXKddAEBAQEBAQaLYoVFhASGCQQCAoEiTQEBAQEBAYELhEIBAQQnExwzCAMYCSUPBSUDIQESiBq8dAweGIUwhH6IbAEElm+NQo55jj5ihAAoLoh9AQEB Date: Mon, 1 Feb 2016 09:44:13 +1100 From: Dave Chinner To: Ross Zwisler , Christoph Hellwig , linux-kernel@vger.kernel.org, Alexander Viro , Andrew Morton , Dan Williams , Jan Kara , Matthew Wilcox , linux-fsdevel@vger.kernel.org, linux-nvdimm@ml01.01.org Subject: Re: [PATCH 2/2] dax: fix bdev NULL pointer dereferences Message-ID: <20160131224413.GN20456@dastard> References: <1454009704-25959-1-git-send-email-ross.zwisler@linux.intel.com> <1454009704-25959-2-git-send-email-ross.zwisler@linux.intel.com> <20160128213858.GA29114@infradead.org> <20160129182815.GB5224@linux.intel.com> <20160129233430.GA20549@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160129233430.GA20549@linux.intel.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 29, 2016 at 04:34:30PM -0700, Ross Zwisler wrote: > On Fri, Jan 29, 2016 at 11:28:15AM -0700, Ross Zwisler wrote: > > On Thu, Jan 28, 2016 at 01:38:58PM -0800, Christoph Hellwig wrote: > > > On Thu, Jan 28, 2016 at 12:35:04PM -0700, Ross Zwisler wrote: > > > > There are a number of places in dax.c that look up the struct block_device > > > > associated with an inode. Previously this was done by just using > > > > inode->i_sb->s_bdev. This is correct for inodes that exist within the > > > > filesystems supported by DAX (ext2, ext4 & XFS), but when running DAX > > > > against raw block devices this value is NULL. This causes NULL pointer > > > > dereferences when these block_device pointers are used. > > > > > > It's also wrong for an XFS file system with a RT device.. > > > > > > > +#define DAX_BDEV(inode) (S_ISBLK(inode->i_mode) ? I_BDEV(inode) \ > > > > + : inode->i_sb->s_bdev) > > > > > > .. but this isn't going to fix it. You must use a bdev returned by > > > get_blocks or a similar file system method. > > > > I guess I need to go off and understand if we can have DAX mappings on such a > > device. If we can, we may have a problem - we can get the block_device from > > get_block() in I/O path and the various fault paths, but we don't have access > > to get_block() when flushing via dax_writeback_mapping_range(). We avoid > > needing it the normal case by storing the sector results from get_block() in > > the radix tree. > > > > /me is off to play with RT devices... > > Well, RT devices are completely broken as far as I can see. I've reported the > breakage to the XFS list. Anything I do that triggers a RT block allocation > in XFS causes a lockdep splat + a kernel BUG - I've tried regular pwrite(), Set CONFIG_XFS_DEBUG=n (assert failure that can be ignored causing the bug, and lockdep simply has an annotation problem) and it should work. Cheers, Dave. -- Dave Chinner david@fromorbit.com