From: Dan Williams <dan.j.williams@intel.com>
To: akpm@linux-foundation.org
Cc: Jens Axboe <axboe@kernel.dk>,
linux-nvdimm@lists.01.org, Dave Chinner <david@fromorbit.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org,
Ross Zwisler <ross.zwisler@linux.intel.com>,
Christoph Hellwig <hch@lst.de>
Subject: [PATCH 09/15] block, pmem: fix null pointer de-reference on shutdown, check for queue death
Date: Wed, 23 Sep 2015 00:42:00 -0400 [thread overview]
Message-ID: <20150923044200.36490.54494.stgit@dwillia2-desk3.jf.intel.com> (raw)
In-Reply-To: <20150923043737.36490.70547.stgit@dwillia2-desk3.jf.intel.com>
After the driver has been unbound the queue is dead and the private data
pointer is invalid. Check that the queue is still alive, or otherwise
pin it active before using queuedata.
Fixes crash signatures like the following.
BUG: unable to handle kernel paging request at ffff880140000000
[..]
Call Trace:
[<ffffffff8145e8bf>] ? copy_user_handle_tail+0x5f/0x70
[<ffffffffa004e1e0>] pmem_do_bvec.isra.11+0x70/0xf0 [nd_pmem]
[<ffffffffa004e331>] pmem_make_request+0xd1/0x200 [nd_pmem]
[<ffffffff811c3162>] ? mempool_alloc+0x72/0x1a0
[<ffffffff8141f8b6>] generic_make_request+0xd6/0x110
[<ffffffff8141f966>] submit_bio+0x76/0x170
[<ffffffff81286dff>] submit_bh_wbc+0x12f/0x160
[<ffffffff81286e62>] submit_bh+0x12/0x20
[<ffffffff813395bd>] jbd2_write_superblock+0x8d/0x170
[<ffffffff8133974d>] jbd2_mark_journal_empty+0x5d/0x90
[<ffffffff813399cb>] jbd2_journal_destroy+0x24b/0x270
[<ffffffff810bc4ca>] ? put_pwq_unlocked+0x2a/0x30
[<ffffffff810bc6f5>] ? destroy_workqueue+0x225/0x250
[<ffffffff81303494>] ext4_put_super+0x64/0x360
[<ffffffff8124ab1a>] generic_shutdown_super+0x6a/0xf0
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
block/blk-core.c | 2 ++
drivers/nvdimm/pmem.c | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/block/blk-core.c b/block/blk-core.c
index 13764f8b22e0..0ea7d285b886 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -532,11 +532,13 @@ int blk_dax_get(struct request_queue *q)
{
return blk_qref_enter(&q->dax_ref, GFP_NOWAIT);
}
+EXPORT_SYMBOL(blk_dax_get);
void blk_dax_put(struct request_queue *q)
{
percpu_ref_put(&q->dax_ref.count);
}
+EXPORT_SYMBOL(blk_dax_put);
static void blk_dax_freeze(struct request_queue *q)
{
diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c
index a01611d8f351..3ee02af73ad0 100644
--- a/drivers/nvdimm/pmem.c
+++ b/drivers/nvdimm/pmem.c
@@ -73,6 +73,12 @@ static void pmem_make_request(struct request_queue *q, struct bio *bio)
struct block_device *bdev = bio->bi_bdev;
struct pmem_device *pmem = bdev->bd_disk->private_data;
+ if (blk_dax_get(q) != 0) {
+ bio->bi_error = -ENODEV;
+ bio_endio(bio);
+ return;
+ }
+
do_acct = nd_iostat_start(bio, &start);
bio_for_each_segment(bvec, bio, iter)
pmem_do_bvec(pmem, bvec.bv_page, bvec.bv_len, bvec.bv_offset,
@@ -84,6 +90,8 @@ static void pmem_make_request(struct request_queue *q, struct bio *bio)
wmb_pmem();
bio_endio(bio);
+
+ blk_dax_put(q);
}
static int pmem_rw_page(struct block_device *bdev, sector_t sector,
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Dan Williams <dan.j.williams@intel.com>
To: akpm@linux-foundation.org
Cc: Jens Axboe <axboe@kernel.dk>,
linux-nvdimm@ml01.01.org, Dave Chinner <david@fromorbit.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org,
Ross Zwisler <ross.zwisler@linux.intel.com>,
Christoph Hellwig <hch@lst.de>
Subject: [PATCH 09/15] block, pmem: fix null pointer de-reference on shutdown, check for queue death
Date: Wed, 23 Sep 2015 00:42:00 -0400 [thread overview]
Message-ID: <20150923044200.36490.54494.stgit@dwillia2-desk3.jf.intel.com> (raw)
In-Reply-To: <20150923043737.36490.70547.stgit@dwillia2-desk3.jf.intel.com>
After the driver has been unbound the queue is dead and the private data
pointer is invalid. Check that the queue is still alive, or otherwise
pin it active before using queuedata.
Fixes crash signatures like the following.
BUG: unable to handle kernel paging request at ffff880140000000
[..]
Call Trace:
[<ffffffff8145e8bf>] ? copy_user_handle_tail+0x5f/0x70
[<ffffffffa004e1e0>] pmem_do_bvec.isra.11+0x70/0xf0 [nd_pmem]
[<ffffffffa004e331>] pmem_make_request+0xd1/0x200 [nd_pmem]
[<ffffffff811c3162>] ? mempool_alloc+0x72/0x1a0
[<ffffffff8141f8b6>] generic_make_request+0xd6/0x110
[<ffffffff8141f966>] submit_bio+0x76/0x170
[<ffffffff81286dff>] submit_bh_wbc+0x12f/0x160
[<ffffffff81286e62>] submit_bh+0x12/0x20
[<ffffffff813395bd>] jbd2_write_superblock+0x8d/0x170
[<ffffffff8133974d>] jbd2_mark_journal_empty+0x5d/0x90
[<ffffffff813399cb>] jbd2_journal_destroy+0x24b/0x270
[<ffffffff810bc4ca>] ? put_pwq_unlocked+0x2a/0x30
[<ffffffff810bc6f5>] ? destroy_workqueue+0x225/0x250
[<ffffffff81303494>] ext4_put_super+0x64/0x360
[<ffffffff8124ab1a>] generic_shutdown_super+0x6a/0xf0
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
block/blk-core.c | 2 ++
drivers/nvdimm/pmem.c | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/block/blk-core.c b/block/blk-core.c
index 13764f8b22e0..0ea7d285b886 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -532,11 +532,13 @@ int blk_dax_get(struct request_queue *q)
{
return blk_qref_enter(&q->dax_ref, GFP_NOWAIT);
}
+EXPORT_SYMBOL(blk_dax_get);
void blk_dax_put(struct request_queue *q)
{
percpu_ref_put(&q->dax_ref.count);
}
+EXPORT_SYMBOL(blk_dax_put);
static void blk_dax_freeze(struct request_queue *q)
{
diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c
index a01611d8f351..3ee02af73ad0 100644
--- a/drivers/nvdimm/pmem.c
+++ b/drivers/nvdimm/pmem.c
@@ -73,6 +73,12 @@ static void pmem_make_request(struct request_queue *q, struct bio *bio)
struct block_device *bdev = bio->bi_bdev;
struct pmem_device *pmem = bdev->bd_disk->private_data;
+ if (blk_dax_get(q) != 0) {
+ bio->bi_error = -ENODEV;
+ bio_endio(bio);
+ return;
+ }
+
do_acct = nd_iostat_start(bio, &start);
bio_for_each_segment(bvec, bio, iter)
pmem_do_bvec(pmem, bvec.bv_page, bvec.bv_len, bvec.bv_offset,
@@ -84,6 +90,8 @@ static void pmem_make_request(struct request_queue *q, struct bio *bio)
wmb_pmem();
bio_endio(bio);
+
+ blk_dax_put(q);
}
static int pmem_rw_page(struct block_device *bdev, sector_t sector,
next prev parent reply other threads:[~2015-09-23 4:42 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-23 4:41 [PATCH 00/15] get_user_pages() for dax mappings Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-23 4:41 ` [PATCH 01/15] avr32: convert to asm-generic/memory_model.h Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-24 15:10 ` Christoph Hellwig
2015-09-24 15:10 ` Christoph Hellwig
2015-09-26 0:36 ` Dan Williams
2015-09-26 0:36 ` Dan Williams
2015-09-26 20:10 ` Christoph Hellwig
2015-09-26 20:10 ` Christoph Hellwig
2015-09-28 18:44 ` Luck, Tony
2015-09-28 18:44 ` Luck, Tony
2015-09-23 4:41 ` [PATCH 02/15] hugetlb: fix compile error on tile Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-23 4:41 ` [PATCH 03/15] frv: fix compiler warning from definition of __pmd() Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-23 4:41 ` [PATCH 04/15] x86, mm: quiet arch_add_memory() Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-24 15:10 ` Christoph Hellwig
2015-09-24 15:10 ` Christoph Hellwig
2015-09-23 4:41 ` [PATCH 05/15] pmem: kill memremap_pmem() Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-24 15:11 ` Christoph Hellwig
2015-09-24 15:11 ` Christoph Hellwig
2015-09-23 4:41 ` [PATCH 06/15] devm_memunmap: use devres_release() Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-24 15:13 ` Christoph Hellwig
2015-09-24 15:13 ` Christoph Hellwig
2015-09-23 4:41 ` [PATCH 07/15] devm_memremap: convert to return ERR_PTR Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-24 15:13 ` Christoph Hellwig
2015-09-24 15:13 ` Christoph Hellwig
2015-09-23 4:41 ` [PATCH 08/15] block, dax, pmem: reference counting infrastructure Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-23 4:41 ` Dan Williams
2015-09-24 15:15 ` Christoph Hellwig
2015-09-24 15:15 ` Christoph Hellwig
2015-09-25 0:03 ` Dan Williams
2015-09-25 0:03 ` Dan Williams
2015-09-25 11:32 ` Christoph Hellwig
2015-09-25 11:32 ` Christoph Hellwig
2015-09-25 21:08 ` Williams, Dan J
2015-09-25 21:08 ` Williams, Dan J
2015-09-23 4:42 ` Dan Williams [this message]
2015-09-23 4:42 ` [PATCH 09/15] block, pmem: fix null pointer de-reference on shutdown, check for queue death Dan Williams
2015-09-23 4:42 ` [PATCH 10/15] block, dax: fix lifetime of in-kernel dax mappings Dan Williams
2015-09-23 4:42 ` Dan Williams
2015-10-07 22:56 ` Logan Gunthorpe
2015-10-07 22:56 ` Logan Gunthorpe
2015-10-09 21:12 ` Dan Williams
2015-10-09 21:12 ` Dan Williams
2015-09-23 4:42 ` [PATCH 11/15] mm, dax, pmem: introduce __pfn_t Dan Williams
2015-09-23 4:42 ` Dan Williams
2015-09-23 16:02 ` Dave Hansen
2015-09-23 16:02 ` Dave Hansen
2015-09-23 23:36 ` Williams, Dan J
2015-09-23 23:36 ` Williams, Dan J
2015-09-23 4:42 ` [PATCH 12/15] mm, dax, gpu: convert vm_insert_mixed to __pfn_t, introduce _PAGE_DEVMAP Dan Williams
2015-09-23 4:42 ` Dan Williams
2015-09-23 13:47 ` Geert Uytterhoeven
2015-09-23 13:47 ` Geert Uytterhoeven
2015-09-23 13:47 ` Geert Uytterhoeven
2015-09-23 16:59 ` Dan Williams
2015-09-23 16:59 ` Dan Williams
2015-09-23 4:42 ` [PATCH 13/15] mm, dax: convert vmf_insert_pfn_pmd() to __pfn_t Dan Williams
2015-09-23 4:42 ` Dan Williams
2015-09-23 4:42 ` [PATCH 14/15] mm, dax, pmem: introduce {get|put}_dev_pagemap() for dax-gup Dan Williams
2015-09-23 4:42 ` Dan Williams
2015-10-02 21:21 ` Logan Gunthorpe
2015-10-02 21:21 ` Logan Gunthorpe
2015-10-02 21:53 ` Dan Williams
2015-10-02 21:53 ` Dan Williams
2015-10-02 22:14 ` Logan Gunthorpe
2015-10-02 22:14 ` Logan Gunthorpe
2015-10-02 22:14 ` Logan Gunthorpe
2015-10-02 22:42 ` Logan Gunthorpe
2015-10-02 22:42 ` Logan Gunthorpe
2015-10-02 22:42 ` Logan Gunthorpe
2015-10-02 22:55 ` Dan Williams
2015-10-02 22:55 ` Dan Williams
2015-10-02 22:55 ` Dan Williams
2015-09-23 4:42 ` [PATCH 15/15] mm, x86: get_user_pages() for dax mappings Dan Williams
2015-09-23 4:42 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150923044200.36490.54494.stgit@dwillia2-desk3.jf.intel.com \
--to=dan.j.williams@intel.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=david@fromorbit.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nvdimm@lists.01.org \
--cc=ross.zwisler@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.