From patchwork Fri Nov 20 18:26:19 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 7670751 Return-Path: X-Original-To: patchwork-linux-nvdimm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id DADC99F392 for ; Fri, 20 Nov 2015 18:26:34 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D83AD20439 for ; Fri, 20 Nov 2015 18:26:33 +0000 (UTC) Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E5CD12042A for ; Fri, 20 Nov 2015 18:26:32 +0000 (UTC) Received: from ml01.vlan14.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C59811A2056; Fri, 20 Nov 2015 10:26:32 -0800 (PST) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by ml01.01.org (Postfix) with ESMTP id 7AE991A2056 for ; Fri, 20 Nov 2015 10:26:31 -0800 (PST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP; 20 Nov 2015 10:26:21 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,323,1444719600"; d="scan'208";a="825432557" Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by orsmga001.jf.intel.com with ESMTP; 20 Nov 2015 10:26:21 -0800 Received: from orsmsx151.amr.corp.intel.com (10.22.226.38) by ORSMSX109.amr.corp.intel.com (10.22.240.7) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 20 Nov 2015 10:26:20 -0800 Received: from orsmsx107.amr.corp.intel.com ([169.254.1.20]) by ORSMSX151.amr.corp.intel.com ([169.254.7.146]) with mapi id 14.03.0248.002; Fri, 20 Nov 2015 10:26:20 -0800 From: "Williams, Dan J" To: "willy@linux.intel.com" Subject: Re: [PATCH] block: protect rw_page against device teardown Thread-Topic: [PATCH] block: protect rw_page against device teardown Thread-Index: AQHRIyhuSG9JiWRUaU+5Fg2UB8U5lp6klY0AgAAFbYCAASLZAIAAA90A Date: Fri, 20 Nov 2015 18:26:19 +0000 Message-ID: <1448043978.29114.1.camel@intel.com> References: <201511200825.O2a2KLtg%fengguang.wu@intel.com> <1447980689.20885.16.camel@intel.com> <20151120181228.GE18246@linux.intel.com> In-Reply-To: <20151120181228.GE18246@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.252.137.149] Content-ID: <3C9BEFE31A4D1A41A216BF6264E82D6B@intel.com> MIME-Version: 1.0 Cc: "axboe@fb.com" , "linux-nvdimm@lists.01.org" , "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" , "linux-block@vger.kernel.org" , "viro@zeniv.linux.org.uk" X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Fri, 2015-11-20 at 13:12 -0500, Matthew Wilcox wrote: > I'd prefer bdev_read_page() and bdev_write_page() to be a bit more > consistent > (eg 'rc' vs 'result'), but: > > Acked-by: Matthew Wilcox Thanks!  Fixed up version: 8<---- Subject: block: protect rw_page against device teardown From: Dan Williams Fix use after free crashes like the following:  general protection fault: 0000 [#1] SMP  Call Trace:   [] ? pmem_do_bvec.isra.12+0xa6/0xf0 [nd_pmem]   [] pmem_rw_page+0x42/0x80 [nd_pmem]   [] bdev_read_page+0x50/0x60   [] do_mpage_readpage+0x510/0x770   [] ? I_BDEV+0x20/0x20   [] ? lru_cache_add+0x1c/0x50   [] mpage_readpages+0x107/0x170   [] ? I_BDEV+0x20/0x20   [] ? I_BDEV+0x20/0x20   [] blkdev_readpages+0x1d/0x20   [] __do_page_cache_readahead+0x28f/0x310   [] ? __do_page_cache_readahead+0x169/0x310   [] ? pagecache_get_page+0x2d/0x1d0   [] filemap_fault+0x396/0x530   [] __do_fault+0x4e/0xf0   [] handle_mm_fault+0x11bd/0x1b50 Cc: Cc: Jens Axboe Cc: Alexander Viro Reported-by: kbuild test robot Acked-by: Matthew Wilcox [willy: symmetry fixups] Signed-off-by: Dan Williams ---  block/blk.h            |    2 --  fs/block_dev.c         |   18 ++++++++++++++++--  include/linux/blkdev.h |    2 ++  3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/block/blk.h b/block/blk.h index da722eb786df..c43926d3d74d 100644 --- a/block/blk.h +++ b/block/blk.h @@ -72,8 +72,6 @@ void blk_dequeue_request(struct request *rq);  void __blk_queue_free_tags(struct request_queue *q);  bool __blk_end_bidi_request(struct request *rq, int error,       unsigned int nr_bytes, unsigned int bidi_bytes); -int blk_queue_enter(struct request_queue *q, gfp_t gfp); -void blk_queue_exit(struct request_queue *q);  void blk_freeze_queue(struct request_queue *q);    static inline void blk_queue_enter_live(struct request_queue *q) diff --git a/fs/block_dev.c b/fs/block_dev.c index bb0dfb1c7af1..c25639e907bd 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -390,9 +390,17 @@ int bdev_read_page(struct block_device *bdev, sector_t sector,   struct page *page)  {   const struct block_device_operations *ops = bdev->bd_disk->fops; + int result = -EOPNOTSUPP; +   if (!ops->rw_page || bdev_get_integrity(bdev)) - return -EOPNOTSUPP; - return ops->rw_page(bdev, sector + get_start_sect(bdev), page, READ); + return result; + + result = blk_queue_enter(bdev->bd_queue, GFP_KERNEL); + if (result) + return result; + result = ops->rw_page(bdev, sector + get_start_sect(bdev), page, READ); + blk_queue_exit(bdev->bd_queue); + return result;  }  EXPORT_SYMBOL_GPL(bdev_read_page);   @@ -421,14 +429,20 @@ int bdev_write_page(struct block_device *bdev, sector_t sector,   int result;   int rw = (wbc->sync_mode == WB_SYNC_ALL) ? WRITE_SYNC : WRITE;   const struct block_device_operations *ops = bdev->bd_disk->fops; +   if (!ops->rw_page || bdev_get_integrity(bdev))   return -EOPNOTSUPP; + result = blk_queue_enter(bdev->bd_queue, GFP_KERNEL); + if (result) + return result; +   set_page_writeback(page);   result = ops->rw_page(bdev, sector + get_start_sect(bdev), page, rw);   if (result)   end_page_writeback(page);   else   unlock_page(page); + blk_queue_exit(bdev->bd_queue);   return result;  }  EXPORT_SYMBOL_GPL(bdev_write_page); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 3fe27f8d91f0..c0d2b7927c1f 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -794,6 +794,8 @@ extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t,  extern int sg_scsi_ioctl(struct request_queue *, struct gendisk *, fmode_t,    struct scsi_ioctl_command __user *);   +extern int blk_queue_enter(struct request_queue *q, gfp_t gfp); +extern void blk_queue_exit(struct request_queue *q);  extern void blk_start_queue(struct request_queue *q);  extern void blk_stop_queue(struct request_queue *q);  extern void blk_sync_queue(struct request_queue *q);