* [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings [not found] <20191001163922.14735-1-sashal@kernel.org> @ 2019-10-01 16:38 ` Sasha Levin 2019-10-01 17:15 ` Ilya Dryomov 2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 54/71] blk-mq: move lockdep_assert_held() into elevator_exit Sasha Levin 1 sibling, 1 reply; 5+ messages in thread From: Sasha Levin @ 2019-10-01 16:38 UTC (permalink / raw) To: linux-kernel, stable Cc: Dongsheng Yang, Ilya Dryomov, Sasha Levin, ceph-devel, linux-block From: Dongsheng Yang <dongsheng.yang@easystack.cn> [ Upstream commit 5435d2069503e2aa89c34a94154f4f2fa4a0c9c4 ] rbd_dev_image_id() allocates space for length but passes a smaller value to rbd_obj_method_sync(). rbd_dev_v2_object_prefix() doesn't allocate space for length. Fix both to be consistent. Signed-off-by: Dongsheng Yang <dongsheng.yang@easystack.cn> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Sasha Levin <sashal@kernel.org> --- drivers/block/rbd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index c8fb886aebd4e..69db7385c8df5 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -5669,17 +5669,20 @@ static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev) static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev) { + size_t size; void *reply_buf; int ret; void *p; - reply_buf = kzalloc(RBD_OBJ_PREFIX_LEN_MAX, GFP_KERNEL); + /* Response will be an encoded string, which includes a length */ + size = sizeof(__le32) + RBD_OBJ_PREFIX_LEN_MAX; + reply_buf = kzalloc(size, GFP_KERNEL); if (!reply_buf) return -ENOMEM; ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid, &rbd_dev->header_oloc, "get_object_prefix", - NULL, 0, reply_buf, RBD_OBJ_PREFIX_LEN_MAX); + NULL, 0, reply_buf, size); dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); if (ret < 0) goto out; @@ -6696,7 +6699,6 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) dout("rbd id object name is %s\n", oid.name); /* Response will be an encoded string, which includes a length */ - size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX; response = kzalloc(size, GFP_NOIO); if (!response) { @@ -6708,7 +6710,7 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) ret = rbd_obj_method_sync(rbd_dev, &oid, &rbd_dev->header_oloc, "get_id", NULL, 0, - response, RBD_IMAGE_ID_LEN_MAX); + response, size); dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); if (ret == -ENOENT) { image_id = kstrdup("", GFP_KERNEL); -- 2.20.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings 2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings Sasha Levin @ 2019-10-01 17:15 ` Ilya Dryomov 2019-10-08 21:29 ` Sasha Levin 0 siblings, 1 reply; 5+ messages in thread From: Ilya Dryomov @ 2019-10-01 17:15 UTC (permalink / raw) To: Sasha Levin; +Cc: LKML, stable, Dongsheng Yang, Ceph Development, linux-block On Tue, Oct 1, 2019 at 6:39 PM Sasha Levin <sashal@kernel.org> wrote: > > From: Dongsheng Yang <dongsheng.yang@easystack.cn> > > [ Upstream commit 5435d2069503e2aa89c34a94154f4f2fa4a0c9c4 ] > > rbd_dev_image_id() allocates space for length but passes a smaller > value to rbd_obj_method_sync(). rbd_dev_v2_object_prefix() doesn't > allocate space for length. Fix both to be consistent. > > Signed-off-by: Dongsheng Yang <dongsheng.yang@easystack.cn> > Reviewed-by: Ilya Dryomov <idryomov@gmail.com> > Signed-off-by: Ilya Dryomov <idryomov@gmail.com> > Signed-off-by: Sasha Levin <sashal@kernel.org> > --- > drivers/block/rbd.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c > index c8fb886aebd4e..69db7385c8df5 100644 > --- a/drivers/block/rbd.c > +++ b/drivers/block/rbd.c > @@ -5669,17 +5669,20 @@ static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev) > > static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev) > { > + size_t size; > void *reply_buf; > int ret; > void *p; > > - reply_buf = kzalloc(RBD_OBJ_PREFIX_LEN_MAX, GFP_KERNEL); > + /* Response will be an encoded string, which includes a length */ > + size = sizeof(__le32) + RBD_OBJ_PREFIX_LEN_MAX; > + reply_buf = kzalloc(size, GFP_KERNEL); > if (!reply_buf) > return -ENOMEM; > > ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid, > &rbd_dev->header_oloc, "get_object_prefix", > - NULL, 0, reply_buf, RBD_OBJ_PREFIX_LEN_MAX); > + NULL, 0, reply_buf, size); > dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); > if (ret < 0) > goto out; > @@ -6696,7 +6699,6 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) > dout("rbd id object name is %s\n", oid.name); > > /* Response will be an encoded string, which includes a length */ > - > size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX; > response = kzalloc(size, GFP_NOIO); > if (!response) { > @@ -6708,7 +6710,7 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) > > ret = rbd_obj_method_sync(rbd_dev, &oid, &rbd_dev->header_oloc, > "get_id", NULL, 0, > - response, RBD_IMAGE_ID_LEN_MAX); > + response, size); > dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); > if (ret == -ENOENT) { > image_id = kstrdup("", GFP_KERNEL); Hi Sasha, This patch just made things consistent, there was no bug here. I don't think it should be backported. Thanks, Ilya ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings 2019-10-01 17:15 ` Ilya Dryomov @ 2019-10-08 21:29 ` Sasha Levin 2019-10-09 3:45 ` Jens Axboe 0 siblings, 1 reply; 5+ messages in thread From: Sasha Levin @ 2019-10-08 21:29 UTC (permalink / raw) To: Ilya Dryomov; +Cc: LKML, stable, Dongsheng Yang, Ceph Development, linux-block On Tue, Oct 01, 2019 at 07:15:49PM +0200, Ilya Dryomov wrote: >On Tue, Oct 1, 2019 at 6:39 PM Sasha Levin <sashal@kernel.org> wrote: >> >> From: Dongsheng Yang <dongsheng.yang@easystack.cn> >> >> [ Upstream commit 5435d2069503e2aa89c34a94154f4f2fa4a0c9c4 ] >> >> rbd_dev_image_id() allocates space for length but passes a smaller >> value to rbd_obj_method_sync(). rbd_dev_v2_object_prefix() doesn't >> allocate space for length. Fix both to be consistent. >> >> Signed-off-by: Dongsheng Yang <dongsheng.yang@easystack.cn> >> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> >> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> >> Signed-off-by: Sasha Levin <sashal@kernel.org> >> --- >> drivers/block/rbd.c | 10 ++++++---- >> 1 file changed, 6 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c >> index c8fb886aebd4e..69db7385c8df5 100644 >> --- a/drivers/block/rbd.c >> +++ b/drivers/block/rbd.c >> @@ -5669,17 +5669,20 @@ static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev) >> >> static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev) >> { >> + size_t size; >> void *reply_buf; >> int ret; >> void *p; >> >> - reply_buf = kzalloc(RBD_OBJ_PREFIX_LEN_MAX, GFP_KERNEL); >> + /* Response will be an encoded string, which includes a length */ >> + size = sizeof(__le32) + RBD_OBJ_PREFIX_LEN_MAX; >> + reply_buf = kzalloc(size, GFP_KERNEL); >> if (!reply_buf) >> return -ENOMEM; >> >> ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid, >> &rbd_dev->header_oloc, "get_object_prefix", >> - NULL, 0, reply_buf, RBD_OBJ_PREFIX_LEN_MAX); >> + NULL, 0, reply_buf, size); >> dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); >> if (ret < 0) >> goto out; >> @@ -6696,7 +6699,6 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) >> dout("rbd id object name is %s\n", oid.name); >> >> /* Response will be an encoded string, which includes a length */ >> - >> size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX; >> response = kzalloc(size, GFP_NOIO); >> if (!response) { >> @@ -6708,7 +6710,7 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) >> >> ret = rbd_obj_method_sync(rbd_dev, &oid, &rbd_dev->header_oloc, >> "get_id", NULL, 0, >> - response, RBD_IMAGE_ID_LEN_MAX); >> + response, size); >> dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); >> if (ret == -ENOENT) { >> image_id = kstrdup("", GFP_KERNEL); > >Hi Sasha, > >This patch just made things consistent, there was no bug here. I don't >think it should be backported. I'll drop it, thanks! -- Thanks, Sasha ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings 2019-10-08 21:29 ` Sasha Levin @ 2019-10-09 3:45 ` Jens Axboe 0 siblings, 0 replies; 5+ messages in thread From: Jens Axboe @ 2019-10-09 3:45 UTC (permalink / raw) To: Sasha Levin, Ilya Dryomov Cc: LKML, stable, Dongsheng Yang, Ceph Development, linux-block On 10/8/19 3:29 PM, Sasha Levin wrote: > On Tue, Oct 01, 2019 at 07:15:49PM +0200, Ilya Dryomov wrote: >> On Tue, Oct 1, 2019 at 6:39 PM Sasha Levin <sashal@kernel.org> wrote: >>> >>> From: Dongsheng Yang <dongsheng.yang@easystack.cn> >>> >>> [ Upstream commit 5435d2069503e2aa89c34a94154f4f2fa4a0c9c4 ] >>> >>> rbd_dev_image_id() allocates space for length but passes a smaller >>> value to rbd_obj_method_sync(). rbd_dev_v2_object_prefix() doesn't >>> allocate space for length. Fix both to be consistent. >>> >>> Signed-off-by: Dongsheng Yang <dongsheng.yang@easystack.cn> >>> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> >>> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> >>> Signed-off-by: Sasha Levin <sashal@kernel.org> >>> --- >>> drivers/block/rbd.c | 10 ++++++---- >>> 1 file changed, 6 insertions(+), 4 deletions(-) >>> >>> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c >>> index c8fb886aebd4e..69db7385c8df5 100644 >>> --- a/drivers/block/rbd.c >>> +++ b/drivers/block/rbd.c >>> @@ -5669,17 +5669,20 @@ static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev) >>> >>> static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev) >>> { >>> + size_t size; >>> void *reply_buf; >>> int ret; >>> void *p; >>> >>> - reply_buf = kzalloc(RBD_OBJ_PREFIX_LEN_MAX, GFP_KERNEL); >>> + /* Response will be an encoded string, which includes a length */ >>> + size = sizeof(__le32) + RBD_OBJ_PREFIX_LEN_MAX; >>> + reply_buf = kzalloc(size, GFP_KERNEL); >>> if (!reply_buf) >>> return -ENOMEM; >>> >>> ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid, >>> &rbd_dev->header_oloc, "get_object_prefix", >>> - NULL, 0, reply_buf, RBD_OBJ_PREFIX_LEN_MAX); >>> + NULL, 0, reply_buf, size); >>> dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); >>> if (ret < 0) >>> goto out; >>> @@ -6696,7 +6699,6 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) >>> dout("rbd id object name is %s\n", oid.name); >>> >>> /* Response will be an encoded string, which includes a length */ >>> - >>> size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX; >>> response = kzalloc(size, GFP_NOIO); >>> if (!response) { >>> @@ -6708,7 +6710,7 @@ static int rbd_dev_image_id(struct rbd_device *rbd_dev) >>> >>> ret = rbd_obj_method_sync(rbd_dev, &oid, &rbd_dev->header_oloc, >>> "get_id", NULL, 0, >>> - response, RBD_IMAGE_ID_LEN_MAX); >>> + response, size); >>> dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret); >>> if (ret == -ENOENT) { >>> image_id = kstrdup("", GFP_KERNEL); >> >> Hi Sasha, >> >> This patch just made things consistent, there was no bug here. I don't >> think it should be backported. > > I'll drop it, thanks! How did it even get picked up, it's not marked for stable? -- Jens Axboe ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH AUTOSEL 5.3 54/71] blk-mq: move lockdep_assert_held() into elevator_exit [not found] <20191001163922.14735-1-sashal@kernel.org> 2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings Sasha Levin @ 2019-10-01 16:39 ` Sasha Levin 1 sibling, 0 replies; 5+ messages in thread From: Sasha Levin @ 2019-10-01 16:39 UTC (permalink / raw) To: linux-kernel, stable Cc: Ming Lei, syzbot+da3b7677bb913dc1b737, Bart Van Assche, Damien Le Moal, Jens Axboe, Sasha Levin, linux-block From: Ming Lei <ming.lei@redhat.com> [ Upstream commit 284b94be1925dbe035ce5218d8b5c197321262c7 ] Commit c48dac137a62 ("block: don't hold q->sysfs_lock in elevator_init_mq") removes q->sysfs_lock from elevator_init_mq(), but forgot to deal with lockdep_assert_held() called in blk_mq_sched_free_requests() which is run in failure path of elevator_init_mq(). blk_mq_sched_free_requests() is called in the following 3 functions: elevator_init_mq() elevator_exit() blk_cleanup_queue() In blk_cleanup_queue(), blk_mq_sched_free_requests() is followed exactly by 'mutex_lock(&q->sysfs_lock)'. So moving the lockdep_assert_held() from blk_mq_sched_free_requests() into elevator_exit() for fixing the report by syzbot. Reported-by: syzbot+da3b7677bb913dc1b737@syzkaller.appspotmail.com Fixed: c48dac137a62 ("block: don't hold q->sysfs_lock in elevator_init_mq") Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com> Signed-off-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> --- block/blk-mq-sched.c | 2 -- block/blk.h | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c index c9d183d6c4999..ca22afd47b3dc 100644 --- a/block/blk-mq-sched.c +++ b/block/blk-mq-sched.c @@ -555,8 +555,6 @@ void blk_mq_sched_free_requests(struct request_queue *q) struct blk_mq_hw_ctx *hctx; int i; - lockdep_assert_held(&q->sysfs_lock); - queue_for_each_hw_ctx(q, hctx, i) { if (hctx->sched_tags) blk_mq_free_rqs(q->tag_set, hctx->sched_tags, i); diff --git a/block/blk.h b/block/blk.h index de6b2e146d6eb..3ce8b73bb2264 100644 --- a/block/blk.h +++ b/block/blk.h @@ -194,6 +194,8 @@ void elv_unregister_queue(struct request_queue *q); static inline void elevator_exit(struct request_queue *q, struct elevator_queue *e) { + lockdep_assert_held(&q->sysfs_lock); + blk_mq_sched_free_requests(q); __elevator_exit(q, e); } -- 2.20.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-10-09 3:45 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <20191001163922.14735-1-sashal@kernel.org> 2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 15/71] rbd: fix response length parameter for encoded strings Sasha Levin 2019-10-01 17:15 ` Ilya Dryomov 2019-10-08 21:29 ` Sasha Levin 2019-10-09 3:45 ` Jens Axboe 2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 54/71] blk-mq: move lockdep_assert_held() into elevator_exit Sasha Levin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).