From patchwork Wed Jun 28 01:07:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu Kuai X-Patchwork-Id: 113644 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp8586175vqr; Tue, 27 Jun 2023 18:31:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ57LkSuEBxKgVZi4Xym/gdcX545C+N5tobg1lfLaVsQsymom06PLFpd1Gt0XwdDDVP+KWh+ X-Received: by 2002:a05:6e02:df2:b0:345:a3d0:f0d4 with SMTP id m18-20020a056e020df200b00345a3d0f0d4mr7338967ilj.3.1687915891520; Tue, 27 Jun 2023 18:31:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687915891; cv=none; d=google.com; s=arc-20160816; b=mBsO+vmREmiORbtdco44SbhUSyswjMhGL/gAJuBnxMmku5R5uczwBdCiNekZGVqrNa nP+vvtuT0y9qJ+EErPmv9U4ufeLL17Sa7u8MuPOsIuMdetJz95TZqZoh4k8LjEXTAFPA sJGncYKNFgDJjWHwi+B3qc1fS3S+PlqSF71mdgQBGkMVIOKZ6FOTpQUhmERjPIOe1z+5 HDWPpM40qiP+Npx4CaVBvwrldnjesA5KVVtSA3MyGe2sDUUc9HppgG8In2u5p6xXYU0A kwXgEoEYiIeVJL23rUoJRur6uBX48rzdATkr2bFue301J8zzHKNQkgsYui5iLXbGop0f GwTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=OZCGAHNGukDTgyLKplwOQffrVFT6sVk224R3x6kJ2kE=; fh=CNPfzJmXt2KJRCpL3llkx/AHHq+6yMm+feqYWlKOpCk=; b=JaAwXVrAN6H2J18O1vN9bv/fbxDe5qA2DCswcTNlt1lZuy1TngGLqSbQW3hBwmyqLp b+ciC3ryejASQWgYRxygOQ2g0ac/K1MFeMF/1nlEowcEOjvn5/49jAG3ZuQXCG+MJXce 1a3pJWoizokwloA56TEJIKTvY1jUPvEaTShlltwDq6N9Kfhh+M6mdIR/9ApHA2u76e/2 uDFb05EBmrEKppDjS92/gAWBIoNGngN7rIqXPfgvQQ+RO3RPnMuWuEZX+3gQZgS74Mxw lwWczSaUu4WHQbec6sspvBRrsdhF8YXpe3GQ+YjPnLQEOYQq+UIMUXDtRo2mHj/EkjO9 rGUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r20-20020a6560d4000000b0055b0c720e92si1981370pgv.488.2023.06.27.18.31.16; Tue, 27 Jun 2023 18:31:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230361AbjF1BJH (ORCPT + 99 others); Tue, 27 Jun 2023 21:09:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229459AbjF1BIy (ORCPT ); Tue, 27 Jun 2023 21:08:54 -0400 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC48DE7F; Tue, 27 Jun 2023 18:08:52 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4QrNkn12yMz4f3n6K; Wed, 28 Jun 2023 09:08:49 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.67]) by APP4 (Coremail) with SMTP id gCh0CgAHuKsfiJtk9u_GMg--.34640S5; Wed, 28 Jun 2023 09:08:49 +0800 (CST) From: Yu Kuai To: xni@redhat.com, logang@deltatee.com, hch@lst.de, song@kernel.org, shli@fb.com Cc: linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, yukuai3@huawei.com, yukuai1@huaweicloud.com, yi.zhang@huawei.com, yangerkun@huawwe.com Subject: [PATCH -next v2 1/2] md/raid5-cache: Revert "md/raid5-cache: Clear conf->log after finishing work" Date: Wed, 28 Jun 2023 09:07:55 +0800 Message-Id: <20230628010756.70649-2-yukuai1@huaweicloud.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230628010756.70649-1-yukuai1@huaweicloud.com> References: <20230628010756.70649-1-yukuai1@huaweicloud.com> MIME-Version: 1.0 X-CM-TRANSID: gCh0CgAHuKsfiJtk9u_GMg--.34640S5 X-Coremail-Antispam: 1UD129KBjvJXoW7tF1fXF1UKryDAF1DJFWkWFg_yoW8JFy5pa yfW3yYg3yUury7ZF4DG3WUuFyrCa1xKryxWFyfGw4FvayfXFy0kw4rKFyUXFs5AF4Syr4f tFW5JrWkZr18Jr7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBE14x267AKxVW5JVWrJwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_Jr4l82xGYIkIc2 x26xkF7I0E14v26r4j6ryUM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJw A2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq3wAS 0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2 IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0 Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2 xKxwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v2 6r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GFylIxkGc2 Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_ Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r1j6r4UMI IF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x0JU2_M3UUUUU = X-CM-SenderInfo: 51xn3trlr6x35dzhxuhorxvhhfrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769908093708575627?= X-GMAIL-MSGID: =?utf-8?q?1769908093708575627?= From: Yu Kuai This reverts commit b13015af94cf405f73ff64ce0797269554020c37. Because this will cause that r5c_disable_writeback_async() to wait forever, since caller hold reconfig_mutex and conf->log is not NULL: wait_event conf->log == NULL || (!test_bit(MD_SB_CHANGE_PENDING, &mddev->sb_flags) && (locked = mddev_trylock(mddev))) This problem is found by code review, and the null-ptr-deref this patch fixed will be fixed by another approch in the next patch. Signed-off-by: Yu Kuai --- drivers/md/raid5-cache.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/md/raid5-cache.c b/drivers/md/raid5-cache.c index 47ba7d9e81e1..083288e36949 100644 --- a/drivers/md/raid5-cache.c +++ b/drivers/md/raid5-cache.c @@ -3168,13 +3168,12 @@ void r5l_exit_log(struct r5conf *conf) { struct r5l_log *log = conf->log; + conf->log = NULL; + /* Ensure disable_writeback_work wakes up and exits */ wake_up(&conf->mddev->sb_wait); flush_work(&log->disable_writeback_work); md_unregister_thread(&log->reclaim_thread); - - conf->log = NULL; - mempool_exit(&log->meta_pool); bioset_exit(&log->bs); mempool_exit(&log->io_pool); From patchwork Wed Jun 28 01:07:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu Kuai X-Patchwork-Id: 113650 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp8597795vqr; Tue, 27 Jun 2023 19:00:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7AoYK76XbODXN5GgHAiJXGIlDA1pg8LD6GEn2u8OQpyDOOU5x4bopWrSGu+VKrbUAkBGpx X-Received: by 2002:a05:6a21:338c:b0:11f:985e:ae2c with SMTP id yy12-20020a056a21338c00b0011f985eae2cmr5120167pzb.3.1687917657030; Tue, 27 Jun 2023 19:00:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687917657; cv=none; d=google.com; s=arc-20160816; b=SQFMUgge3QJTmEdzupd/z7DdyvnTRwdCzCwIk2B6cOkop7APAlmQq47DPa0btYOGeq ExYccTaKVad9vd7L/U5GzSFTue22Dn82IbOQPPZ7y9m1Pv+jiWAOQRpskmpj7k3+WX8h lydMlSlh4/PP3OKRFPuDeB6AJfdupV3kopwPu2UcVyN54qaZc+4wQ/c7v7Yk7QdbEN3O qbnnICS5yFGCoX/Z8DbASMWzk1cD7g+oQxDBZtZnupStS2mCCMVceA2A9y7tV5WFlRL5 giZp4GMi+zDkLxMPBToVUuKHQDZKpbP3drU+KeMq0CPkkdYasE+RyhNEB11PJ/Z/r+h3 Pyuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=F/FCi+NR5uTLfnFgsDwhE2KHM2W3Sd+XfX9VzvPKy2w=; fh=CNPfzJmXt2KJRCpL3llkx/AHHq+6yMm+feqYWlKOpCk=; b=sPgckY7nNdO/tTLMEjHYG7p3NldGuCGJ/CIfTEboJFkF5zKAD9BprdQX5NygVGbDJO baNpzPI2CtRhqkoCqeKI5ncfFiKzyMSyxNojw2ePjPkEzeh4ErVE/KwULXkenQaki/nZ X+L7bBQuDUdIsiN/XgLnFb3yA+5G+BBh88D7XyuFXZIwW6zUcPJhtCDNJfEDxUQJy5sX tSrdH9g7r9fcJ9TP5WoFL6qqbMmRD2Yp+o4lvQwwTqHqAN7mmskd1uwNIRYUUuYZRUgM VrWI0MV0DJCgHvCIYPRbP6Pi73GndRmKXwuGOwePXwEPDvnpUX8MoGMW9rt0oFWa9kNS s+/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j10-20020a056a00234a00b00666e1259fa4si7844056pfj.141.2023.06.27.19.00.44; Tue, 27 Jun 2023 19:00:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230058AbjF1BI4 (ORCPT + 99 others); Tue, 27 Jun 2023 21:08:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229719AbjF1BIy (ORCPT ); Tue, 27 Jun 2023 21:08:54 -0400 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1638E1BD4; Tue, 27 Jun 2023 18:08:53 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4QrNkn4Xqfz4f3nTp; Wed, 28 Jun 2023 09:08:49 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.67]) by APP4 (Coremail) with SMTP id gCh0CgAHuKsfiJtk9u_GMg--.34640S6; Wed, 28 Jun 2023 09:08:50 +0800 (CST) From: Yu Kuai To: xni@redhat.com, logang@deltatee.com, hch@lst.de, song@kernel.org, shli@fb.com Cc: linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, yukuai3@huawei.com, yukuai1@huaweicloud.com, yi.zhang@huawei.com, yangerkun@huawwe.com Subject: [PATCH -next v2 2/2] md/raid5-cache: fix null-ptr-deref in r5l_reclaim_thread() Date: Wed, 28 Jun 2023 09:07:56 +0800 Message-Id: <20230628010756.70649-3-yukuai1@huaweicloud.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230628010756.70649-1-yukuai1@huaweicloud.com> References: <20230628010756.70649-1-yukuai1@huaweicloud.com> MIME-Version: 1.0 X-CM-TRANSID: gCh0CgAHuKsfiJtk9u_GMg--.34640S6 X-Coremail-Antispam: 1UD129KBjvJXoWxAr4fuw1rtw1UXr4Uuw1ftFb_yoW5tw48pa 1Sg3y3Ww48urWfAFnrWr1Dur4F93sF934xG3y5Cwn2yr13Xry8Ja47CayUZFy5JFW8Ary3 XrZ8tF48WrnrtrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBE14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_Jryl82xGYIkIc2 x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJw A2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq3wAS 0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2 IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0 Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2 xKxwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v2 6r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GFylIxkGc2 Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_ Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r1j6r4UMI IF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x0JUHbyAUUUUU = X-CM-SenderInfo: 51xn3trlr6x35dzhxuhorxvhhfrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769909945086353950?= X-GMAIL-MSGID: =?utf-8?q?1769909945086353950?= From: Yu Kuai r5l_reclaim_thread() already check that 'conf->log' is not NULL in the beginning, however, r5c_do_reclaim() and r5l_do_reclaim() will dereference 'conf->log' again, which will cause null-ptr-deref if 'conf->log' is set to NULL from r5l_exit_log() concurrently. Fix this problem by don't dereference 'conf->log' again in r5c_do_reclaim() and r5c_do_reclaim(). Fixes: a39f7afde358 ("md/r5cache: write-out phase and reclaim support") Signed-off-by: Yu Kuai --- drivers/md/raid5-cache.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/drivers/md/raid5-cache.c b/drivers/md/raid5-cache.c index 083288e36949..ba6fc146d265 100644 --- a/drivers/md/raid5-cache.c +++ b/drivers/md/raid5-cache.c @@ -1148,10 +1148,9 @@ static void r5l_run_no_space_stripes(struct r5l_log *log) * for write through mode, returns log->next_checkpoint * for write back, returns log_start of first sh in stripe_in_journal_list */ -static sector_t r5c_calculate_new_cp(struct r5conf *conf) +static sector_t r5c_calculate_new_cp(struct r5l_log *log) { struct stripe_head *sh; - struct r5l_log *log = conf->log; sector_t new_cp; unsigned long flags; @@ -1159,12 +1158,12 @@ static sector_t r5c_calculate_new_cp(struct r5conf *conf) return log->next_checkpoint; spin_lock_irqsave(&log->stripe_in_journal_lock, flags); - if (list_empty(&conf->log->stripe_in_journal_list)) { + if (list_empty(&log->stripe_in_journal_list)) { /* all stripes flushed */ spin_unlock_irqrestore(&log->stripe_in_journal_lock, flags); return log->next_checkpoint; } - sh = list_first_entry(&conf->log->stripe_in_journal_list, + sh = list_first_entry(&log->stripe_in_journal_list, struct stripe_head, r5c); new_cp = sh->log_start; spin_unlock_irqrestore(&log->stripe_in_journal_lock, flags); @@ -1173,10 +1172,8 @@ static sector_t r5c_calculate_new_cp(struct r5conf *conf) static sector_t r5l_reclaimable_space(struct r5l_log *log) { - struct r5conf *conf = log->rdev->mddev->private; - return r5l_ring_distance(log, log->last_checkpoint, - r5c_calculate_new_cp(conf)); + r5c_calculate_new_cp(log)); } static void r5l_run_no_mem_stripe(struct r5l_log *log) @@ -1419,9 +1416,9 @@ void r5c_flush_cache(struct r5conf *conf, int num) } } -static void r5c_do_reclaim(struct r5conf *conf) +static void r5c_do_reclaim(struct r5l_log *log) { - struct r5l_log *log = conf->log; + struct r5conf *conf = log->rdev->mddev->private; struct stripe_head *sh; int count = 0; unsigned long flags; @@ -1496,7 +1493,6 @@ static void r5c_do_reclaim(struct r5conf *conf) static void r5l_do_reclaim(struct r5l_log *log) { - struct r5conf *conf = log->rdev->mddev->private; sector_t reclaim_target = xchg(&log->reclaim_target, 0); sector_t reclaimable; sector_t next_checkpoint; @@ -1525,7 +1521,7 @@ static void r5l_do_reclaim(struct r5l_log *log) log->io_list_lock); } - next_checkpoint = r5c_calculate_new_cp(conf); + next_checkpoint = r5c_calculate_new_cp(log); spin_unlock_irq(&log->io_list_lock); if (reclaimable == 0 || !write_super) @@ -1554,7 +1550,7 @@ static void r5l_reclaim_thread(struct md_thread *thread) if (!log) return; - r5c_do_reclaim(conf); + r5c_do_reclaim(log); r5l_do_reclaim(log); }