From: Yufen Yu <yuyufen@huawei.com>
To: <axboe@kernel.dk>, <linux-block@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>
Cc: <tj@kernel.org>, <jack@suse.cz>, <bvanassche@acm.org>, <tytso@mit.edu>
Subject: [PATCH v2 5/7] bfq: fix potential kernel crash when print dev err info
Date: Wed, 26 Feb 2020 19:18:49 +0800 [thread overview]
Message-ID: <20200226111851.55348-6-yuyufen@huawei.com> (raw)
In-Reply-To: <20200226111851.55348-1-yuyufen@huawei.com>
We use bdi_get_dev_name() to get device name, avoiding
use-after-free or NULL pointer reference for ->dev.
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
---
block/bfq-iosched.c | 7 +++++--
include/linux/backing-dev.h | 2 ++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 00904611b8e4..8d41783d8e77 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -123,6 +123,7 @@
#include <linux/ioprio.h>
#include <linux/sbitmap.h>
#include <linux/delay.h>
+#include <linux/backing-dev.h>
#include "blk.h"
#include "blk-mq.h"
@@ -4971,6 +4972,7 @@ bfq_set_next_ioprio_data(struct bfq_queue *bfqq, struct bfq_io_cq *bic)
struct task_struct *tsk = current;
int ioprio_class;
struct bfq_data *bfqd = bfqq->bfqd;
+ char dname[BDI_DEV_NAME_LEN];
if (!bfqd)
return;
@@ -4978,8 +4980,9 @@ bfq_set_next_ioprio_data(struct bfq_queue *bfqq, struct bfq_io_cq *bic)
ioprio_class = IOPRIO_PRIO_CLASS(bic->ioprio);
switch (ioprio_class) {
default:
- dev_err(&bfqq->bfqd->queue->backing_dev_info->rcu_dev->dev,
- "bfq: bad prio class %d\n", ioprio_class);
+ bdi_get_dev_name(bfqq->bfqd->queue->backing_dev_info,
+ dname, BDI_DEV_NAME_LEN);
+ pr_err("bdi %s: bfq: bad prio class %d\n", dname, ioprio_class);
/* fall through */
case IOPRIO_CLASS_NONE:
/*
diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
index 89d1cb7923f5..291db069f7da 100644
--- a/include/linux/backing-dev.h
+++ b/include/linux/backing-dev.h
@@ -19,6 +19,8 @@
#include <linux/backing-dev-defs.h>
#include <linux/slab.h>
+#define BDI_DEV_NAME_LEN 32
+
static inline struct backing_dev_info *bdi_get(struct backing_dev_info *bdi)
{
kref_get(&bdi->refcnt);
--
2.16.2.dirty
next prev parent reply other threads:[~2020-02-26 11:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-26 11:18 [PATCH v2 0/7] bdi: fix use-after-free for bdi device Yufen Yu
2020-02-26 11:18 ` [PATCH v2 1/7] blk-wbt: use bdi_dev_name() to get device name Yufen Yu
2020-02-26 11:18 ` [PATCH v2 2/7] fs/ceph: " Yufen Yu
2020-02-26 11:18 ` [PATCH v2 3/7] bdi: protect device lifetime with RCU Yufen Yu
2020-03-04 17:05 ` Tejun Heo
2020-03-04 17:22 ` Greg Kroah-Hartman
2020-03-04 17:23 ` Greg Kroah-Hartman
2020-03-04 18:50 ` Tejun Heo
2020-03-04 19:10 ` Theodore Y. Ts'o
2020-03-04 19:15 ` Tejun Heo
2020-03-04 20:05 ` Greg Kroah-Hartman
2020-03-05 1:22 ` Tejun Heo
2020-03-06 16:25 ` Greg Kroah-Hartman
2020-03-07 9:13 ` Yufen Yu
2020-02-26 11:18 ` [PATCH v2 4/7] bdi: create a new function bdi_get_dev_name() Yufen Yu
2020-02-26 11:18 ` Yufen Yu [this message]
2020-02-26 11:18 ` [PATCH v2 6/7] memcg: fix crash in wb_workfn when bdi unregister Yufen Yu
2020-02-26 11:18 ` [PATCH v2 7/7] blk-wbt: replace bdi_dev_name() with bdi_get_dev_name() Yufen Yu
2020-03-04 17:29 ` [PATCH v2 0/7] bdi: fix use-after-free for bdi device Greg KH
2020-03-04 18:57 ` Tejun Heo
2020-03-04 20:07 ` Greg KH
2020-03-04 19:02 ` Theodore Y. Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200226111851.55348-6-yuyufen@huawei.com \
--to=yuyufen@huawei.com \
--cc=axboe@kernel.dk \
--cc=bvanassche@acm.org \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tj@kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.