leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f06c609645
linux/drivers
History
Damien Le Moal de3510e52b null_blk: fix command timeout completion handling 
Memory backed or zoned null block devices may generate actual request
timeout errors due to the submission path being blocked on memory
allocation or zone locking. Unlike fake timeouts or injected timeouts,
the request submission path will call blk_mq_complete_request() or
blk_mq_end_request() for these real timeout errors, causing a double
completion and use after free situation as the block layer timeout
handler executes blk_mq_rq_timed_out() and __blk_mq_free_request() in
blk_mq_check_expired(). This problem often triggers a NULL pointer
dereference such as:

BUG: kernel NULL pointer dereference, address: 0000000000000050
RIP: 0010:blk_mq_sched_mark_restart_hctx+0x5/0x20
...
Call Trace:
  dd_finish_request+0x56/0x80
  blk_mq_free_request+0x37/0x130
  null_handle_cmd+0xbf/0x250 [null_blk]
  ? null_queue_rq+0x67/0xd0 [null_blk]
  blk_mq_dispatch_rq_list+0x122/0x850
  __blk_mq_do_dispatch_sched+0xbb/0x2c0
  __blk_mq_sched_dispatch_requests+0x13d/0x190
  blk_mq_sched_dispatch_requests+0x30/0x60
  __blk_mq_run_hw_queue+0x49/0x90
  process_one_work+0x26c/0x580
  worker_thread+0x55/0x3c0
  ? process_one_work+0x580/0x580
  kthread+0x134/0x150
  ? kthread_create_worker_on_cpu+0x70/0x70
  ret_from_fork+0x1f/0x30

This problem very often triggers when running the full btrfs xfstests
on a memory-backed zoned null block device in a VM with limited amount
of memory.

Avoid this by executing blk_mq_complete_request() in null_timeout_rq()
only for commands that are marked for a fake timeout completion using
the fake_timeout boolean in struct null_cmd. For timeout errors injected
through debugfs, the timeout handler will execute
blk_mq_complete_request()i as before. This is safe as the submission
path does not execute complete requests in this case.

In null_timeout_rq(), also make sure to set the command error field to
BLK_STS_TIMEOUT and to propagate this error through to the request
completion.

Reported-by: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Tested-by: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Reviewed-by: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Link: https://lore.kernel.org/r/20210331225244.126426-1-damien.lemoal@wdc.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-01 07:03:46 -06:00
..
accessibility Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
acpi Additional ACPI updates for v5.12-rc1 2021-02-25 12:03:13 -08:00
amba
android
ata
atm atm: idt77252: fix null-ptr-dereference 2021-03-08 15:16:30 -08:00
auxdisplay treewide: Miguel has moved 2021-02-26 09:41:03 -08:00
base software node: Fix device_add_software_node() 2021-03-10 15:25:02 +01:00
bcma
block null_blk: fix command timeout completion handling 2021-04-01 07:03:46 -06:00
bluetooth TTY/Serial driver changes for 5.12-rc1 2021-02-20 21:28:04 -08:00
bus Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
cdrom
char powerpc fixes for 5.12 2021-03-07 13:24:44 -08:00
clk RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
clocksource A small set of clockevent fixes which fell through the cracks 2021-02-22 14:11:36 -08:00
connector
counter
cpufreq cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev 2021-03-08 16:20:07 +05:30
cpuidle
crypto vio: make remove callback return void 2021-03-02 22:41:23 +11:00
cxl cxl/mem: Fix potential memory leak 2021-02-22 14:44:39 -08:00
dax Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
dca
devfreq Merge branches 'pm-devfreq' and 'pm-tools' 2021-02-15 17:02:04 +01:00
dio
dma dmaengine updates for v5.12-rc1 2021-02-23 15:05:10 -08:00
dma-buf dma-fence: allow signaling drivers to set fence timestamp 2021-02-24 21:05:28 +05:30
edac Merge branch 'edac-misc' into edac-updates-for-v5.12 2021-02-15 10:06:58 +01:00
eisa
extcon
firewire
firmware EFI fix for 5.12-rc2 2021-03-14 12:54:56 -07:00
fpga
fsi
gnss
gpio gpiolib: Read "gpio-line-names" from a firmware node 2021-03-08 11:59:17 +01:00
gpu mm: use is_cow_mapping() across tree where proper 2021-03-13 11:27:30 -08:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2021-02-23 14:52:22 -08:00
hsi
hv mm/memory_hotplug: MEMHP_MERGE_RESOURCE -> MHP_MERGE_RESOURCE 2021-02-26 09:41:00 -08:00
hwmon Devicetree updates for v5.12: 2021-02-22 10:05:12 -08:00
hwspinlock
hwtracing ARM updates for 5.12-rc1: 2021-02-22 14:27:07 -08:00
i2c i2c: exynos5: Preserve high speed master code 2021-02-26 11:47:42 +01:00
i3c I3C for 5.12 2021-02-22 09:52:55 -08:00
ide ide-5.11-2021-02-28 2021-02-28 15:48:25 -08:00
idle
iio - Use the newly introduced 'hot' and 'critical' ops for the acpi 2021-02-22 09:39:11 -08:00
infiniband RDMA/rxe: Fix errant WARN_ONCE in rxe_completer() 2021-03-05 14:15:22 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2021-02-23 14:56:23 -08:00
interconnect
iommu IOMMU Fixes for Linux v5.12-rc1 2021-03-05 12:26:24 -08:00
ipack
irqchip irqchip/ingenic: Add support for the JZ4760 2021-03-09 08:45:17 +00:00
isdn
leds leds: trigger/tty: Use led_set_brightness_sync() from workqueue 2021-03-10 09:27:56 +01:00
lightnvm lightnvm: pblk: Replace guid_copy() with export_guid()/import_guid() 2021-02-14 21:27:24 -07:00
macintosh
mailbox mailbox: arm_mhuv2: Skip calling kfree() with invalid pointer 2021-02-22 13:34:27 -06:00
mcb
md block-5.12-2021-03-12-v2 2021-03-12 13:25:49 -08:00
media media: rkisp1: params: fix wrong bits settings 2021-03-11 11:40:29 +01:00
memory Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
memstick
message
mfd Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00
misc Char/misc driver fixes for 5.12-rc3 2021-03-13 12:38:44 -08:00
mmc mmc: cqhci: Fix random crash when remove mmc module/card 2021-03-09 10:00:52 +01:00
most
mtd This pull request contains changes (actually just fixes) for UBIFS 2021-02-21 13:57:08 -08:00
mux
net Merge git://git.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-03-09 17:15:56 -08:00
nfc Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
ntb NTB: Add support for EPF PCI Non-Transparent Bridge 2021-02-23 14:12:53 -06:00
nubus
nvdimm libnvdimm + device-dax for 5.12 2021-02-24 09:35:54 -08:00
nvme nvmet-tcp: fix kmap leak when data digest in use 2021-03-18 05:39:18 +01:00
nvmem
of Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
opp opp: Don't drop extra references to OPPs accidentally 2021-03-12 09:26:52 +05:30
parisc
parport
pci xen: branch for v5.12-rc3 2021-03-12 11:34:36 -08:00
pcmcia Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux 2021-02-26 13:54:43 -08:00
perf perf/arm_dmc620_pmu: Fix error return code in dmc620_pmu_device_probe() 2021-03-12 11:30:31 +00:00
phy phy: second round of phy fixes for v5.11 2021-02-10 10:39:23 +01:00
pinctrl RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
platform Additional ACPI updates for v5.12-rc1 2021-02-25 12:03:13 -08:00
pnp
power
powercap powercap/drivers/dtpm: Add the experimental label to the option description 2021-03-01 17:43:29 +01:00
pps
ps3
ptp ptp: ptp_clockmatrix: clean-up - parenthesis around a == b are unnecessary 2021-02-17 13:49:26 -08:00
pwm pwm: Changes for v5.12-rc1 2021-02-25 12:23:49 -08:00
rapidio
ras
regulator regulator: mt6315: Fix off-by-one for .n_voltages 2021-03-11 13:23:21 +00:00
remoteproc remoteproc: qcom: pas: Add SM8350 PAS remoteprocs 2021-02-11 12:52:18 -06:00
reset RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
rpmsg
rtc Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
s390 block-5.12-2021-03-12-v2 2021-03-12 13:25:49 -08:00
sbus
scsi SCSI fixes on 20210312 2021-03-12 13:37:18 -08:00
sh
siox
slimbus
soc OpenRISC updates for 5.12 2021-02-26 14:16:06 -08:00
soundwire ALSA: hda: move Intel SoundWire ACPI scan to dedicated module 2021-03-02 15:33:00 +01:00
spi powerpc updates for 5.12 2021-02-22 14:34:00 -08:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-02-12 12:26:46 +01:00
ssb
staging Revert "staging: wfx: remove unused included header files" 2021-03-10 09:23:30 +01:00
target SCSI misc on 20210228 2021-02-28 11:51:20 -08:00
tc
tee
thermal - Use the newly introduced 'hot' and 'critical' ops for the acpi 2021-02-22 09:39:11 -08:00
thunderbolt
tty TTY/Serial fixes for 5.12-rc3 2021-03-13 12:34:29 -08:00
uio
usb USB fixes for 5.12-rc3 2021-03-13 12:32:57 -08:00
vdpa vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() 2021-02-23 07:52:59 -05:00
vfio VFIO updates for v5.12-rc1 2021-02-24 10:43:40 -08:00
vhost virtio: features, fixes 2021-02-25 12:21:08 -08:00
video fbdev: atyfb: use LCD management functions for PPC_PMAC also 2021-03-11 11:11:32 +01:00
virt virt: acrn: Correct type casting of argument of copy_from_user() 2021-03-10 16:59:50 +01:00
virtio Merge branch 'akpm' (patches from Andrew) 2021-02-26 09:50:09 -08:00
visorbus
vlynq
vme
w1
watchdog Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
xen xen: branch for v5.12-rc3 2021-03-12 11:34:36 -08:00
zorro
Kconfig cxl/mem: Introduce a driver for CXL-2.0-Type-3 endpoints 2021-02-16 20:36:38 -08:00
Makefile Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00