From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Chao Yu <yuchao0@huawei.com>, Jaegeuk Kim <jaegeuk@kernel.org>, Sasha Levin <sashal@kernel.org>, linux-f2fs-devel@lists.sourceforge.net Subject: [PATCH AUTOSEL 5.3 18/33] f2fs: fix to avoid discard command leak Date: Fri, 25 Oct 2019 09:54:50 -0400 [thread overview] Message-ID: <20191025135505.24762-18-sashal@kernel.org> (raw) In-Reply-To: <20191025135505.24762-1-sashal@kernel.org> From: Chao Yu <yuchao0@huawei.com> [ Upstream commit 04f9287ab395a5a279db44fb39de69b23640abb9 ] ============================================================================= BUG discard_cmd (Tainted: G B OE ): Objects remaining in discard_cmd on __kmem_cache_shutdown() ----------------------------------------------------------------------------- INFO: Slab 0xffffe1ac481d22c0 objects=36 used=2 fp=0xffff936b4748bf50 flags=0x2ffff0000000100 Call Trace: dump_stack+0x63/0x87 slab_err+0xa1/0xb0 __kmem_cache_shutdown+0x183/0x390 shutdown_cache+0x14/0x110 kmem_cache_destroy+0x195/0x1c0 f2fs_destroy_segment_manager_caches+0x21/0x40 [f2fs] exit_f2fs_fs+0x35/0x641 [f2fs] SyS_delete_module+0x155/0x230 ? vtime_user_exit+0x29/0x70 do_syscall_64+0x6e/0x160 entry_SYSCALL64_slow_path+0x25/0x25 INFO: Object 0xffff936b4748b000 @offset=0 INFO: Object 0xffff936b4748b070 @offset=112 kmem_cache_destroy discard_cmd: Slab cache still has objects Call Trace: dump_stack+0x63/0x87 kmem_cache_destroy+0x1b4/0x1c0 f2fs_destroy_segment_manager_caches+0x21/0x40 [f2fs] exit_f2fs_fs+0x35/0x641 [f2fs] SyS_delete_module+0x155/0x230 do_syscall_64+0x6e/0x160 entry_SYSCALL64_slow_path+0x25/0x25 Recovery can cache discard commands, so in error path of fill_super(), we need give a chance to handle them, otherwise it will lead to leak of discard_cmd slab cache. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> --- fs/f2fs/segment.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a661ac32e829e..a1ece0caad788 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -2084,6 +2084,13 @@ static void destroy_discard_cmd_control(struct f2fs_sb_info *sbi) f2fs_stop_discard_thread(sbi); + /* + * Recovery can cache discard commands, so in error path of + * fill_super(), it needs to give a chance to handle them. + */ + if (unlikely(atomic_read(&dcc->discard_cmd_cnt))) + f2fs_issue_discard_timeout(sbi); + kvfree(dcc); SM_I(sbi)->dcc_info = NULL; } -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sasha Levin <sashal@kernel.org>, Jaegeuk Kim <jaegeuk@kernel.org>, linux-f2fs-devel@lists.sourceforge.net Subject: [f2fs-dev] [PATCH AUTOSEL 5.3 18/33] f2fs: fix to avoid discard command leak Date: Fri, 25 Oct 2019 09:54:50 -0400 [thread overview] Message-ID: <20191025135505.24762-18-sashal@kernel.org> (raw) In-Reply-To: <20191025135505.24762-1-sashal@kernel.org> From: Chao Yu <yuchao0@huawei.com> [ Upstream commit 04f9287ab395a5a279db44fb39de69b23640abb9 ] ============================================================================= BUG discard_cmd (Tainted: G B OE ): Objects remaining in discard_cmd on __kmem_cache_shutdown() ----------------------------------------------------------------------------- INFO: Slab 0xffffe1ac481d22c0 objects=36 used=2 fp=0xffff936b4748bf50 flags=0x2ffff0000000100 Call Trace: dump_stack+0x63/0x87 slab_err+0xa1/0xb0 __kmem_cache_shutdown+0x183/0x390 shutdown_cache+0x14/0x110 kmem_cache_destroy+0x195/0x1c0 f2fs_destroy_segment_manager_caches+0x21/0x40 [f2fs] exit_f2fs_fs+0x35/0x641 [f2fs] SyS_delete_module+0x155/0x230 ? vtime_user_exit+0x29/0x70 do_syscall_64+0x6e/0x160 entry_SYSCALL64_slow_path+0x25/0x25 INFO: Object 0xffff936b4748b000 @offset=0 INFO: Object 0xffff936b4748b070 @offset=112 kmem_cache_destroy discard_cmd: Slab cache still has objects Call Trace: dump_stack+0x63/0x87 kmem_cache_destroy+0x1b4/0x1c0 f2fs_destroy_segment_manager_caches+0x21/0x40 [f2fs] exit_f2fs_fs+0x35/0x641 [f2fs] SyS_delete_module+0x155/0x230 do_syscall_64+0x6e/0x160 entry_SYSCALL64_slow_path+0x25/0x25 Recovery can cache discard commands, so in error path of fill_super(), we need give a chance to handle them, otherwise it will lead to leak of discard_cmd slab cache. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> --- fs/f2fs/segment.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a661ac32e829e..a1ece0caad788 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -2084,6 +2084,13 @@ static void destroy_discard_cmd_control(struct f2fs_sb_info *sbi) f2fs_stop_discard_thread(sbi); + /* + * Recovery can cache discard commands, so in error path of + * fill_super(), it needs to give a chance to handle them. + */ + if (unlikely(atomic_read(&dcc->discard_cmd_cnt))) + f2fs_issue_discard_timeout(sbi); + kvfree(dcc); SM_I(sbi)->dcc_info = NULL; } -- 2.20.1 _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2019-10-25 13:55 UTC|newest] Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-25 13:54 [PATCH AUTOSEL 5.3 01/33] net: ipv6: fix listify ip6_rcv_finish in case of forwarding Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 02/33] sch_netem: fix rcu splat in netem_enqueue() Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 03/33] net: sched: sch_sfb: don't call qdisc_put() while holding tree lock Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 04/33] rxrpc: Fix call ref leak Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 05/33] rxrpc: Fix trace-after-put looking at the put peer record Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 06/33] rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 07/33] llc: fix sk_buff leak in llc_sap_state_process() Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 08/33] llc: fix sk_buff leak in llc_conn_service() Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 09/33] NFC: pn533: fix use-after-free and memleaks Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 10/33] bonding: fix potential NULL deref in bond_update_slave_arr Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 11/33] netfilter: conntrack: avoid possible false sharing Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 12/33] blackhole_netdev: fix syzkaller reported issue Sasha Levin 2019-10-25 15:49 ` Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 13/33] net: usb: sr9800: fix uninitialized local variable Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 14/33] scsi: qla2xxx: Fix different size DMA Alloc/Unmap Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 15/33] jbd2: flush_descriptor(): Do not decrease buffer head's ref count Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 16/33] netfilter: connlabels: prefer static lock initialiser Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 17/33] usb: typec: fusb302: Call fusb302_debugfs_init earlier Sasha Levin 2019-10-25 13:54 ` Sasha Levin [this message] 2019-10-25 13:54 ` [f2fs-dev] [PATCH AUTOSEL 5.3 18/33] f2fs: fix to avoid discard command leak Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 19/33] net/rds: Whitelist rdma_cookie and rx_tstamp for usercopy Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 20/33] scsi: qedf: Fix crash during sg_reset Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 21/33] ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 22/33] Btrfs: fix hang when loading existing inode cache off disk Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 23/33] Btrfs: fix inode cache block reserve leak on failure to allocate data space Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 24/33] ubi: ubi_wl_get_peb: Increase the number of attempts while getting PEB Sasha Levin 2019-10-25 13:54 ` Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 25/33] net: sched: sch_htb: don't call qdisc_put() while holding tree lock Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 26/33] net: sched: multiq: " Sasha Levin 2019-10-25 13:54 ` [PATCH AUTOSEL 5.3 27/33] RDMA/siw: Fix serialization issue in write_space() Sasha Levin 2019-10-25 13:55 ` [PATCH AUTOSEL 5.3 28/33] RDMA/iwcm: Fix a lock inversion issue Sasha Levin 2019-10-25 13:55 ` [PATCH AUTOSEL 5.3 29/33] ipv6: Handle race in addrconf_dad_work Sasha Levin 2019-10-25 13:55 ` [PATCH AUTOSEL 5.3 30/33] bdi: Do not use freezable workqueue Sasha Levin 2019-10-25 13:55 ` [PATCH AUTOSEL 5.3 31/33] sctp: add chunks to sk_backlog when the newsk sk_socket is not set Sasha Levin 2019-10-25 13:55 ` Sasha Levin 2019-10-25 13:55 ` [PATCH AUTOSEL 5.3 32/33] ALSA: hda: Add codec on bus address table lately Sasha Levin 2019-10-25 14:09 ` Takashi Iwai 2019-10-25 13:55 ` [PATCH AUTOSEL 5.3 33/33] nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T Sasha Levin 2019-10-25 13:55 ` Sasha Levin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191025135505.24762-18-sashal@kernel.org \ --to=sashal@kernel.org \ --cc=jaegeuk@kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-kernel@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=yuchao0@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.