From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, hdk1983@gmail.com,
hermes@ceres.dti.ne.jp, konishi.ryusuke@gmail.com,
linux-mm@kvack.org, me@waltonhoops.com,
mm-commits@vger.kernel.org, stable@vger.kernel.org,
tom@logand.com, torvalds@linux-foundation.org
Subject: [patch 05/25] nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
Date: Wed, 10 Jun 2020 18:41:35 -0700 [thread overview]
Message-ID: <20200611014135.qj6WrSl6h%akpm__46696.0384904937$1591839706$gmane$org@linux-foundation.org> (raw)
In-Reply-To: <20200610184053.3fa7368ab80e23bfd44de71f@linux-foundation.org>
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Subject: nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
After commit c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if
mapping has no dirty pages"), the following null pointer dereference has
been reported on nilfs2:
BUG: kernel NULL pointer dereference, address: 00000000000000a8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
...
RIP: 0010:percpu_counter_add_batch+0xa/0x60
...
Call Trace:
__test_set_page_writeback+0x2d3/0x330
nilfs_segctor_do_construct+0x10d3/0x2110 [nilfs2]
nilfs_segctor_construct+0x168/0x260 [nilfs2]
nilfs_segctor_thread+0x127/0x3b0 [nilfs2]
kthread+0xf8/0x130
...
This crash turned out to be caused by set_page_writeback() call for
segment summary buffers at nilfs_segctor_prepare_write().
set_page_writeback() can call inc_wb_stat(inode_to_wb(inode),
WB_WRITEBACK) where inode_to_wb(inode) is NULL if the inode of
underlying block device does not have an associated wb.
This fixes the issue by calling inode_attach_wb() in advance to ensure
to associate the bdev inode with its wb.
Link: http://lkml.kernel.org/r/20200608.011819.1399059588922299158.konishi.ryusuke@gmail.com
Fixes: c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: Walton Hoops <me@waltonhoops.com>
Reported-by: Tomas Hlavaty <tom@logand.com>
Reported-by: ARAI Shun-ichi <hermes@ceres.dti.ne.jp>
Reported-by: Hideki EIRAKU <hdk1983@gmail.com>
Cc: <stable@vger.kernel.org> [5.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/nilfs2/segment.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/nilfs2/segment.c~nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct
+++ a/fs/nilfs2/segment.c
@@ -2780,6 +2780,8 @@ int nilfs_attach_log_writer(struct super
if (!nilfs->ns_writer)
return -ENOMEM;
+ inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL);
+
err = nilfs_segctor_start_thread(nilfs->ns_writer);
if (err) {
kfree(nilfs->ns_writer);
_
next prev parent reply other threads:[~2020-06-11 1:41 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-11 1:40 incoming Andrew Morton
2020-06-11 1:41 ` [patch 01/25] khugepaged: selftests: fix timeout condition in wait_for_scan() Andrew Morton
2020-06-11 1:41 ` [patch 02/25] scripts/spelling: add a few more typos Andrew Morton
2020-06-11 1:41 ` [patch 03/25] kcov: check kcov_softirq in kcov_remote_stop() Andrew Morton
2020-06-11 1:41 ` Andrew Morton
2020-06-11 1:41 ` [patch 04/25] lib/lz4/lz4_decompress.c: document deliberate use of `&' Andrew Morton
2020-06-11 1:41 ` Andrew Morton [this message]
2020-06-11 1:41 ` [patch 05/25] nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Andrew Morton
2020-06-11 1:41 ` [patch 06/25] checkpatch: correct check for kernel parameters doc Andrew Morton
2020-06-11 1:41 ` [patch 07/25] lib: fix bitmap_parse() on 64-bit big endian archs Andrew Morton
2020-06-11 1:41 ` [patch 08/25] mm/debug_vm_pgtable: fix kernel crash by checking for THP support Andrew Morton
2020-06-11 1:41 ` [patch 09/25] ocfs2: fix spelling mistake and grammar Andrew Morton
2020-06-11 1:41 ` [patch 10/25] mm: add comments on pglist_data zones Andrew Morton
2020-06-11 1:41 ` [patch 11/25] lib: test get_count_order/long in test_bitops.c Andrew Morton
2020-06-11 1:41 ` [patch 12/25] stacktrace: cleanup inconsistent variable type Andrew Morton
2020-06-11 1:41 ` [patch 13/25] kernel: move use_mm/unuse_mm to kthread.c Andrew Morton
2020-06-11 1:41 ` Andrew Morton
2020-06-11 1:42 ` [patch 14/25] " Andrew Morton
2020-06-11 1:42 ` [patch 15/25] kernel: better document the use_mm/unuse_mm API contract Andrew Morton
2020-06-11 1:42 ` [patch 16/25] kernel: set USER_DS in kthread_use_mm Andrew Morton
2020-06-11 1:42 ` [patch 17/25] mm/madvise: pass task and mm to do_madvise Andrew Morton
2020-06-11 1:42 ` [patch 18/25] mm/madvise: introduce process_madvise() syscall: an external memory hinting API Andrew Morton
2020-06-11 1:42 ` [patch 19/25] mm/madvise: check fatal signal pending of target process Andrew Morton
2020-06-11 1:42 ` [patch 20/25] pid: move pidfd_get_pid() to pid.c Andrew Morton
2020-06-11 1:42 ` [patch 21/25] mm/madvise: support both pid and pidfd for process_madvise Andrew Morton
2020-06-11 1:42 ` [patch 22/25] mm/madvise: allow KSM hints for remote API Andrew Morton
2020-06-11 1:42 ` [patch 23/25] mm: support vector address ranges for process_madvise Andrew Morton
2020-06-11 1:42 ` [patch 24/25] mm: use only pidfd for process_madvise syscall Andrew Morton
2020-06-11 2:09 ` Linus Torvalds
2020-06-11 3:10 ` Minchan Kim
2020-06-11 1:42 ` [patch 25/25] mm/madvise.c: remove duplicated include Andrew Morton
2020-06-11 5:25 ` [to-be-updated] mm-pass-task-and-mm-to-do_madvise.patch removed from -mm tree Andrew Morton
2020-06-11 5:26 ` [to-be-updated] mm-introduce-external-memory-hinting-api.patch " Andrew Morton
2020-06-11 5:26 ` [to-be-updated] mm-check-fatal-signal-pending-of-target-process.patch " Andrew Morton
2020-06-11 5:26 ` [to-be-updated] pid-move-pidfd_get_pid-function-to-pidc.patch " Andrew Morton
2020-06-11 5:26 ` [to-be-updated] mm-support-both-pid-and-pidfd-for-process_madvise.patch " Andrew Morton
2020-06-11 5:26 ` [to-be-updated] mm-madvise-allow-ksm-hints-for-remote-api.patch " Andrew Morton
2020-06-11 5:26 ` [to-be-updated] mm-support-vector-address-ranges-for-process_madvise.patch " Andrew Morton
2020-06-11 5:26 ` [to-be-updated] mm-use-only-pidfd-for-process_madvise-syscall.patch " Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='20200611014135.qj6WrSl6h%akpm__46696.0384904937$1591839706$gmane$org@linux-foundation.org' \
--to=akpm@linux-foundation.org \
--cc=hdk1983@gmail.com \
--cc=hermes@ceres.dti.ne.jp \
--cc=konishi.ryusuke@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=me@waltonhoops.com \
--cc=mm-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tom@logand.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.