All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] nvmet: use new ana_log_size instead the old one
@ 2021-05-13 13:04 Hou Pu
  2021-05-27 11:24 ` Hannes Reinecke
  0 siblings, 1 reply; 3+ messages in thread
From: Hou Pu @ 2021-05-13 13:04 UTC (permalink / raw)
  To: sagi, hch, chaitanya.kulkarni; +Cc: linux-nvme, houpu.main

The new ana_log_size should be used instead of the old one.
Or kernel NULL pointer dereference will happen like below:

[   38.957849][   T69] BUG: kernel NULL pointer dereference, address: 000000000000003c
[   38.975550][   T69] #PF: supervisor write access in kernel mode
[   38.975955][   T69] #PF: error_code(0x0002) - not-present page
[   38.976905][   T69] PGD 0 P4D 0
[   38.979388][   T69] Oops: 0002 [#1] SMP NOPTI
[   38.980488][   T69] CPU: 0 PID: 69 Comm: kworker/0:2 Not tainted 5.12.0+ #54
[   38.981254][   T69] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[   38.982502][   T69] Workqueue: events nvme_loop_execute_work
[   38.985219][   T69] RIP: 0010:memcpy_orig+0x68/0x10f
[   38.986203][   T69] Code: 83 c2 20 eb 44 48 01 d6 48 01 d7 48 83 ea 20 0f 1f 00 48 83 ea 20 4c 8b 46 f8 4c 8b 4e f0 4c 8b 56 e8 4c 8b 5e e0 48 8d 76 e0 <4c> 89 47 f8 4c 89 4f f0 4c 89 57 e8 4c 89 5f e0 48 8d 7f e0 73 d2
[   38.987677][   T69] RSP: 0018:ffffc900001b7d48 EFLAGS: 00000287
[   38.987996][   T69] RAX: 0000000000000020 RBX: 0000000000000024 RCX: 0000000000000010
[   38.988327][   T69] RDX: ffffffffffffffe4 RSI: ffff8881084bc004 RDI: 0000000000000044
[   38.988620][   T69] RBP: 0000000000000024 R08: 0000000100000000 R09: 0000000000000000
[   38.988991][   T69] R10: 0000000100000000 R11: 0000000000000001 R12: 0000000000000024
[   38.989289][   T69] R13: ffff8881084bc000 R14: 0000000000000000 R15: 0000000000000024
[   38.989845][   T69] FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[   38.990234][   T69] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.990490][   T69] CR2: 000000000000003c CR3: 00000001085b2000 CR4: 00000000000006f0
[   38.991105][   T69] Call Trace:
[   38.994157][   T69]  sg_copy_buffer+0xb8/0xf0
[   38.995357][   T69]  nvmet_copy_to_sgl+0x48/0x6d
[   38.995565][   T69]  nvmet_execute_get_log_page_ana+0xd4/0x1cb
[   38.995792][   T69]  nvmet_execute_get_log_page+0xc9/0x146
[   38.995992][   T69]  nvme_loop_execute_work+0x3e/0x44
[   38.996181][   T69]  process_one_work+0x1c3/0x3c0
[   38.996393][   T69]  worker_thread+0x44/0x3d0
[   38.996600][   T69]  ? cancel_delayed_work+0x90/0x90
[   38.996804][   T69]  kthread+0xf7/0x130
[   38.996961][   T69]  ? kthread_create_worker_on_cpu+0x70/0x70
[   38.997171][   T69]  ret_from_fork+0x22/0x30
[   38.997705][   T69] Modules linked in:
[   38.998741][   T69] CR2: 000000000000003c
[   39.000104][   T69] ---[ end trace e719927b609d0fa0 ]---

Fixes: 5e1f689913a4 ("nvme-multipath: fix double initialization of ANA state")
Signed-off-by: Hou Pu <houpu.main@gmail.com>
---
 drivers/nvme/host/multipath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
index deb14562c96a..f81871c7128a 100644
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -817,7 +817,7 @@ int nvme_mpath_init_identify(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id)
 	if (ana_log_size > ctrl->ana_log_size) {
 		nvme_mpath_stop(ctrl);
 		kfree(ctrl->ana_log_buf);
-		ctrl->ana_log_buf = kmalloc(ctrl->ana_log_size, GFP_KERNEL);
+		ctrl->ana_log_buf = kmalloc(ana_log_size, GFP_KERNEL);
 		if (!ctrl->ana_log_buf)
 			return -ENOMEM;
 	}
-- 
2.28.0


_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] nvmet: use new ana_log_size instead the old one
  2021-05-13 13:04 [PATCH] nvmet: use new ana_log_size instead the old one Hou Pu
@ 2021-05-27 11:24 ` Hannes Reinecke
  2021-05-27 11:33   ` Hou Pu
  0 siblings, 1 reply; 3+ messages in thread
From: Hannes Reinecke @ 2021-05-27 11:24 UTC (permalink / raw)
  To: Hou Pu, sagi, hch, chaitanya.kulkarni; +Cc: linux-nvme

On 5/13/21 3:04 PM, Hou Pu wrote:
> The new ana_log_size should be used instead of the old one.
> Or kernel NULL pointer dereference will happen like below:
> 
> [   38.957849][   T69] BUG: kernel NULL pointer dereference, address: 000000000000003c
> [   38.975550][   T69] #PF: supervisor write access in kernel mode
> [   38.975955][   T69] #PF: error_code(0x0002) - not-present page
> [   38.976905][   T69] PGD 0 P4D 0
> [   38.979388][   T69] Oops: 0002 [#1] SMP NOPTI
> [   38.980488][   T69] CPU: 0 PID: 69 Comm: kworker/0:2 Not tainted 5.12.0+ #54
> [   38.981254][   T69] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> [   38.982502][   T69] Workqueue: events nvme_loop_execute_work
> [   38.985219][   T69] RIP: 0010:memcpy_orig+0x68/0x10f
> [   38.986203][   T69] Code: 83 c2 20 eb 44 48 01 d6 48 01 d7 48 83 ea 20 0f 1f 00 48 83 ea 20 4c 8b 46 f8 4c 8b 4e f0 4c 8b 56 e8 4c 8b 5e e0 48 8d 76 e0 <4c> 89 47 f8 4c 89 4f f0 4c 89 57 e8 4c 89 5f e0 48 8d 7f e0 73 d2
> [   38.987677][   T69] RSP: 0018:ffffc900001b7d48 EFLAGS: 00000287
> [   38.987996][   T69] RAX: 0000000000000020 RBX: 0000000000000024 RCX: 0000000000000010
> [   38.988327][   T69] RDX: ffffffffffffffe4 RSI: ffff8881084bc004 RDI: 0000000000000044
> [   38.988620][   T69] RBP: 0000000000000024 R08: 0000000100000000 R09: 0000000000000000
> [   38.988991][   T69] R10: 0000000100000000 R11: 0000000000000001 R12: 0000000000000024
> [   38.989289][   T69] R13: ffff8881084bc000 R14: 0000000000000000 R15: 0000000000000024
> [   38.989845][   T69] FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
> [   38.990234][   T69] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   38.990490][   T69] CR2: 000000000000003c CR3: 00000001085b2000 CR4: 00000000000006f0
> [   38.991105][   T69] Call Trace:
> [   38.994157][   T69]  sg_copy_buffer+0xb8/0xf0
> [   38.995357][   T69]  nvmet_copy_to_sgl+0x48/0x6d
> [   38.995565][   T69]  nvmet_execute_get_log_page_ana+0xd4/0x1cb
> [   38.995792][   T69]  nvmet_execute_get_log_page+0xc9/0x146
> [   38.995992][   T69]  nvme_loop_execute_work+0x3e/0x44
> [   38.996181][   T69]  process_one_work+0x1c3/0x3c0
> [   38.996393][   T69]  worker_thread+0x44/0x3d0
> [   38.996600][   T69]  ? cancel_delayed_work+0x90/0x90
> [   38.996804][   T69]  kthread+0xf7/0x130
> [   38.996961][   T69]  ? kthread_create_worker_on_cpu+0x70/0x70
> [   38.997171][   T69]  ret_from_fork+0x22/0x30
> [   38.997705][   T69] Modules linked in:
> [   38.998741][   T69] CR2: 000000000000003c
> [   39.000104][   T69] ---[ end trace e719927b609d0fa0 ]---
> 
> Fixes: 5e1f689913a4 ("nvme-multipath: fix double initialization of ANA state")
> Signed-off-by: Hou Pu <houpu.main@gmail.com>
> ---
>  drivers/nvme/host/multipath.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
> index deb14562c96a..f81871c7128a 100644
> --- a/drivers/nvme/host/multipath.c
> +++ b/drivers/nvme/host/multipath.c
> @@ -817,7 +817,7 @@ int nvme_mpath_init_identify(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id)
>  	if (ana_log_size > ctrl->ana_log_size) {
>  		nvme_mpath_stop(ctrl);
>  		kfree(ctrl->ana_log_buf);
> -		ctrl->ana_log_buf = kmalloc(ctrl->ana_log_size, GFP_KERNEL);
> +		ctrl->ana_log_buf = kmalloc(ana_log_size, GFP_KERNEL);
>  		if (!ctrl->ana_log_buf)
>  			return -ENOMEM;
>  	}
> 
Please fixup the subject line; this is _not_ for nvmet, but rather the
initiator side 'nvme'.

Otherwise:

Reviewed-by: Hannes Reinecke <hare@suse.de>

Christoph, please pull this in; it reliably kills my testbed ...

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		        Kernel Storage Architect
hare@suse.de			               +49 911 74053 688
SUSE Software Solutions Germany GmbH, 90409 Nürnberg
GF: F. Imendörffer, HRB 36809 (AG Nürnberg)

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] nvmet: use new ana_log_size instead the old one
  2021-05-27 11:24 ` Hannes Reinecke
@ 2021-05-27 11:33   ` Hou Pu
  0 siblings, 0 replies; 3+ messages in thread
From: Hou Pu @ 2021-05-27 11:33 UTC (permalink / raw)
  To: Hannes Reinecke; +Cc: Sagi Grimberg, hch, Chaitanya Kulkarni, linux-nvme

On Thu, May 27, 2021 at 7:24 PM Hannes Reinecke <hare@suse.de> wrote:
>
> On 5/13/21 3:04 PM, Hou Pu wrote:
> > The new ana_log_size should be used instead of the old one.
> > Or kernel NULL pointer dereference will happen like below:
> >
> > [   38.957849][   T69] BUG: kernel NULL pointer dereference, address: 000000000000003c
> > [   38.975550][   T69] #PF: supervisor write access in kernel mode
> > [   38.975955][   T69] #PF: error_code(0x0002) - not-present page
> > [   38.976905][   T69] PGD 0 P4D 0
> > [   38.979388][   T69] Oops: 0002 [#1] SMP NOPTI
> > [   38.980488][   T69] CPU: 0 PID: 69 Comm: kworker/0:2 Not tainted 5.12.0+ #54
> > [   38.981254][   T69] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> > [   38.982502][   T69] Workqueue: events nvme_loop_execute_work
> > [   38.985219][   T69] RIP: 0010:memcpy_orig+0x68/0x10f
> > [   38.986203][   T69] Code: 83 c2 20 eb 44 48 01 d6 48 01 d7 48 83 ea 20 0f 1f 00 48 83 ea 20 4c 8b 46 f8 4c 8b 4e f0 4c 8b 56 e8 4c 8b 5e e0 48 8d 76 e0 <4c> 89 47 f8 4c 89 4f f0 4c 89 57 e8 4c 89 5f e0 48 8d 7f e0 73 d2
> > [   38.987677][   T69] RSP: 0018:ffffc900001b7d48 EFLAGS: 00000287
> > [   38.987996][   T69] RAX: 0000000000000020 RBX: 0000000000000024 RCX: 0000000000000010
> > [   38.988327][   T69] RDX: ffffffffffffffe4 RSI: ffff8881084bc004 RDI: 0000000000000044
> > [   38.988620][   T69] RBP: 0000000000000024 R08: 0000000100000000 R09: 0000000000000000
> > [   38.988991][   T69] R10: 0000000100000000 R11: 0000000000000001 R12: 0000000000000024
> > [   38.989289][   T69] R13: ffff8881084bc000 R14: 0000000000000000 R15: 0000000000000024
> > [   38.989845][   T69] FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
> > [   38.990234][   T69] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [   38.990490][   T69] CR2: 000000000000003c CR3: 00000001085b2000 CR4: 00000000000006f0
> > [   38.991105][   T69] Call Trace:
> > [   38.994157][   T69]  sg_copy_buffer+0xb8/0xf0
> > [   38.995357][   T69]  nvmet_copy_to_sgl+0x48/0x6d
> > [   38.995565][   T69]  nvmet_execute_get_log_page_ana+0xd4/0x1cb
> > [   38.995792][   T69]  nvmet_execute_get_log_page+0xc9/0x146
> > [   38.995992][   T69]  nvme_loop_execute_work+0x3e/0x44
> > [   38.996181][   T69]  process_one_work+0x1c3/0x3c0
> > [   38.996393][   T69]  worker_thread+0x44/0x3d0
> > [   38.996600][   T69]  ? cancel_delayed_work+0x90/0x90
> > [   38.996804][   T69]  kthread+0xf7/0x130
> > [   38.996961][   T69]  ? kthread_create_worker_on_cpu+0x70/0x70
> > [   38.997171][   T69]  ret_from_fork+0x22/0x30
> > [   38.997705][   T69] Modules linked in:
> > [   38.998741][   T69] CR2: 000000000000003c
> > [   39.000104][   T69] ---[ end trace e719927b609d0fa0 ]---
> >
> > Fixes: 5e1f689913a4 ("nvme-multipath: fix double initialization of ANA state")
> > Signed-off-by: Hou Pu <houpu.main@gmail.com>
> > ---
> >  drivers/nvme/host/multipath.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
> > index deb14562c96a..f81871c7128a 100644
> > --- a/drivers/nvme/host/multipath.c
> > +++ b/drivers/nvme/host/multipath.c
> > @@ -817,7 +817,7 @@ int nvme_mpath_init_identify(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id)
> >       if (ana_log_size > ctrl->ana_log_size) {
> >               nvme_mpath_stop(ctrl);
> >               kfree(ctrl->ana_log_buf);
> > -             ctrl->ana_log_buf = kmalloc(ctrl->ana_log_size, GFP_KERNEL);
> > +             ctrl->ana_log_buf = kmalloc(ana_log_size, GFP_KERNEL);
> >               if (!ctrl->ana_log_buf)
> >                       return -ENOMEM;
> >       }
> >
> Please fixup the subject line; this is _not_ for nvmet, but rather the
> initiator side 'nvme'.
>
> Otherwise:
>
> Reviewed-by: Hannes Reinecke <hare@suse.de>
>
> Christoph, please pull this in; it reliably kills my testbed ...
I found that this patch has been applied to nvme-5.13 already.
I am sorry for the improper subject line.

Thanks,
Hou

>
> Cheers,
>
> Hannes
> --
> Dr. Hannes Reinecke                     Kernel Storage Architect
> hare@suse.de                                   +49 911 74053 688
> SUSE Software Solutions Germany GmbH, 90409 Nürnberg
> GF: F. Imendörffer, HRB 36809 (AG Nürnberg)

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-27 11:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-13 13:04 [PATCH] nvmet: use new ana_log_size instead the old one Hou Pu
2021-05-27 11:24 ` Hannes Reinecke
2021-05-27 11:33   ` Hou Pu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.