* [PATCH 0/1] bcache patche for Linux v5.16-rc1
@ 2021-11-12 5:36 Coly Li
2021-11-12 5:36 ` [PATCH 1/1] bcache: fix NULL pointer reference in cached_dev_detach_finish Coly Li
2021-12-15 3:33 ` [PATCH 0/1] bcache patche for Linux v5.16-rc1 Jens Axboe
0 siblings, 2 replies; 3+ messages in thread
From: Coly Li @ 2021-11-12 5:36 UTC (permalink / raw)
To: axboe; +Cc: linux-bcache, linux-block, Coly Li
Hi Jens,
Here we have 1 patch from Lin Feng, which is a fix for his previous
patch which already picked in Linux v5.16 merge window.
Please take it, and thank you in advance.
Coly Li
---
Lin Feng (1):
bcache: fix NULL pointer reference in cached_dev_detach_finish
drivers/md/bcache/super.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.31.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] bcache: fix NULL pointer reference in cached_dev_detach_finish
2021-11-12 5:36 [PATCH 0/1] bcache patche for Linux v5.16-rc1 Coly Li
@ 2021-11-12 5:36 ` Coly Li
2021-12-15 3:33 ` [PATCH 0/1] bcache patche for Linux v5.16-rc1 Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Coly Li @ 2021-11-12 5:36 UTC (permalink / raw)
To: axboe; +Cc: linux-bcache, linux-block, Lin Feng, Coly Li
From: Lin Feng <linf@wangsu.com>
Commit 0259d4498ba4 ("bcache: move calc_cached_dev_sectors to proper
place on backing device detach") tries to fix calc_cached_dev_sectors
when bcache device detaches, but now we have:
cached_dev_detach_finish
...
bcache_device_detach(&dc->disk);
...
closure_put(&d->c->caching);
d->c = NULL; [*explicitly set dc->disk.c to NULL*]
list_move(&dc->list, &uncached_devices);
calc_cached_dev_sectors(dc->disk.c); [*passing a NULL pointer*]
...
Upper codeflows shows how bug happens, this patch fix the problem by
caching dc->disk.c beforehand, and cache_set won't be freed under us
because c->caching closure at least holds a reference count and closure
callback __cache_set_unregister only being called by bch_cache_set_stop
which using closure_queue(&c->caching), that means c->caching closure
callback for destroying cache_set won't be trigger by previous
closure_put(&d->c->caching).
So at this stage(while cached_dev_detach_finish is calling) it's safe to
access cache_set dc->disk.c.
Fixes: 0259d4498ba4 ("bcache: move calc_cached_dev_sectors to proper place on backing device detach")
Signed-off-by: Lin Feng <linf@wangsu.com>
Signed-off-by: Coly Li <colyli@suse.de>
---
drivers/md/bcache/super.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
index 86b9e355c583..140f35dc0c45 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1139,6 +1139,7 @@ static void cancel_writeback_rate_update_dwork(struct cached_dev *dc)
static void cached_dev_detach_finish(struct work_struct *w)
{
struct cached_dev *dc = container_of(w, struct cached_dev, detach);
+ struct cache_set *c = dc->disk.c;
BUG_ON(!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags));
BUG_ON(refcount_read(&dc->count));
@@ -1156,7 +1157,7 @@ static void cached_dev_detach_finish(struct work_struct *w)
bcache_device_detach(&dc->disk);
list_move(&dc->list, &uncached_devices);
- calc_cached_dev_sectors(dc->disk.c);
+ calc_cached_dev_sectors(c);
clear_bit(BCACHE_DEV_DETACHING, &dc->disk.flags);
clear_bit(BCACHE_DEV_UNLINK_DONE, &dc->disk.flags);
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 0/1] bcache patche for Linux v5.16-rc1
2021-11-12 5:36 [PATCH 0/1] bcache patche for Linux v5.16-rc1 Coly Li
2021-11-12 5:36 ` [PATCH 1/1] bcache: fix NULL pointer reference in cached_dev_detach_finish Coly Li
@ 2021-12-15 3:33 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2021-12-15 3:33 UTC (permalink / raw)
To: Coly Li; +Cc: linux-bcache, linux-block
On Fri, 12 Nov 2021 13:36:28 +0800, Coly Li wrote:
> Here we have 1 patch from Lin Feng, which is a fix for his previous
> patch which already picked in Linux v5.16 merge window.
>
> Please take it, and thank you in advance.
>
> Coly Li
>
> [...]
Applied, thanks!
[1/1] bcache: fix NULL pointer reference in cached_dev_detach_finish
commit: aa97f6cdb7e92909e17c8ca63e622fcb81d57a57
Best regards,
--
Jens Axboe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-15 3:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-12 5:36 [PATCH 0/1] bcache patche for Linux v5.16-rc1 Coly Li
2021-11-12 5:36 ` [PATCH 1/1] bcache: fix NULL pointer reference in cached_dev_detach_finish Coly Li
2021-12-15 3:33 ` [PATCH 0/1] bcache patche for Linux v5.16-rc1 Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).