mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-23 11:01:15 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/md
History
David Sloan c66a6f41e0 md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() 
When running chunk-sized reads on disks with badblocks duplicate bio
free/puts are observed:

   =============================================================================
   BUG bio-200 (Not tainted): Object already free
   -----------------------------------------------------------------------------
   Allocated in mempool_alloc_slab+0x17/0x20 age=3 cpu=2 pid=7504
    __slab_alloc.constprop.0+0x5a/0xb0
    kmem_cache_alloc+0x31e/0x330
    mempool_alloc_slab+0x17/0x20
    mempool_alloc+0x100/0x2b0
    bio_alloc_bioset+0x181/0x460
    do_mpage_readpage+0x776/0xd00
    mpage_readahead+0x166/0x320
    blkdev_readahead+0x15/0x20
    read_pages+0x13f/0x5f0
    page_cache_ra_unbounded+0x18d/0x220
    force_page_cache_ra+0x181/0x1c0
    page_cache_sync_ra+0x65/0xb0
    filemap_get_pages+0x1df/0xaf0
    filemap_read+0x1e1/0x700
    blkdev_read_iter+0x1e5/0x330
    vfs_read+0x42a/0x570
   Freed in mempool_free_slab+0x17/0x20 age=3 cpu=2 pid=7504
    kmem_cache_free+0x46d/0x490
    mempool_free_slab+0x17/0x20
    mempool_free+0x66/0x190
    bio_free+0x78/0x90
    bio_put+0x100/0x1a0
    raid5_make_request+0x2259/0x2450
    md_handle_request+0x402/0x600
    md_submit_bio+0xd9/0x120
    __submit_bio+0x11f/0x1b0
    submit_bio_noacct_nocheck+0x204/0x480
    submit_bio_noacct+0x32e/0xc70
    submit_bio+0x98/0x1a0
    mpage_readahead+0x250/0x320
    blkdev_readahead+0x15/0x20
    read_pages+0x13f/0x5f0
    page_cache_ra_unbounded+0x18d/0x220
   Slab 0xffffea000481b600 objects=21 used=0 fp=0xffff8881206d8940 flags=0x17ffffc0010201(locked|slab|head|node=0|zone=2|lastcpupid=0x1fffff)
   CPU: 0 PID: 34525 Comm: kworker/u24:2 Not tainted 6.0.0-rc2-localyes-265166-gf11c5343fa3f #143
   Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
   Workqueue: raid5wq raid5_do_work
   Call Trace:
    <TASK>
    dump_stack_lvl+0x5a/0x78
    dump_stack+0x10/0x16
    print_trailer+0x158/0x165
    object_err+0x35/0x50
    free_debug_processing.cold+0xb7/0xbe
    __slab_free+0x1ae/0x330
    kmem_cache_free+0x46d/0x490
    mempool_free_slab+0x17/0x20
    mempool_free+0x66/0x190
    bio_free+0x78/0x90
    bio_put+0x100/0x1a0
    mpage_end_io+0x36/0x150
    bio_endio+0x2fd/0x360
    md_end_io_acct+0x7e/0x90
    bio_endio+0x2fd/0x360
    handle_failed_stripe+0x960/0xb80
    handle_stripe+0x1348/0x3760
    handle_active_stripes.constprop.0+0x72a/0xaf0
    raid5_do_work+0x177/0x330
    process_one_work+0x616/0xb20
    worker_thread+0x2bd/0x6f0
    kthread+0x179/0x1b0
    ret_from_fork+0x22/0x30
    </TASK>

The double free is caused by an unnecessary bio_put() in the
if(is_badblock(...)) error path in raid5_read_one_chunk().

The error path was moved ahead of bio_alloc_clone() in c82aa1b767
("md/raid5: move checking badblock before clone bio in
raid5_read_one_chunk"). The previous code checked and freed align_bio
which required a bio_put. After the move that is no longer needed as
raid_bio is returned to the control of the common io path which
performs its own endio resulting in a double free on bad device blocks.

Fixes: c82aa1b767 ("md/raid5: move checking badblock before clone bio in raid5_read_one_chunk")
Signed-off-by: David Sloan <david.sloan@eideticom.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Guoqing Jiang <Guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <song@kernel.org>
2022-09-22 00:05:04 -07:00
..
bcache bcache: fix set_at_max_writeback_rate() for multiple attached devices 2022-09-19 11:12:35 -06:00
persistent-data dm bufio: Add flags argument to dm_bufio_client_create 2022-07-28 17:46:14 -04:00
dm-audit.c dm: introduce audit event module for device mapper 2021-10-27 16:53:47 -04:00
dm-audit.h dm: introduce audit event module for device mapper 2021-10-27 16:53:47 -04:00
dm-bio-prison-v1.c
dm-bio-prison-v1.h
dm-bio-prison-v2.c
dm-bio-prison-v2.h
dm-bio-record.h block: move integrity handling out of <linux/blkdev.h> 2021-10-18 06:17:02 -06:00
dm-bufio.c - A few fixes for the DM verity and bufio changes from the 6.0 merge. 2022-08-11 19:46:48 -07:00
dm-builtin.c
dm-cache-background-tracker.c
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c dm cache metadata: remove unnecessary variable in __dump_mapping 2022-05-09 15:40:10 -04:00
dm-cache-metadata.h dm cache: fix typo in 2 comment blocks 2022-07-07 11:49:37 -04:00
dm-cache-policy-internal.h
dm-cache-policy-smq.c dm cache policy smq: make static read-only array table const 2022-02-22 10:35:53 -05:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c dm cache: fix typo in 2 comment blocks 2022-07-07 11:49:37 -04:00
dm-clone-metadata.c dm clone metadata: remove unused function 2021-04-19 13:20:31 -04:00
dm-clone-metadata.h
dm-clone-target.c block: remove QUEUE_FLAG_DISCARD 2022-04-17 19:49:59 -06:00
dm-core.h dm table: audit all dm_table_get_target() callers 2022-07-07 11:49:34 -04:00
dm-crypt.c dm crypt: make printing of the key constant-time 2022-05-09 12:34:03 -04:00
dm-delay.c dm: simplify basic targets 2022-05-05 17:31:35 -04:00
dm-dust.c dm: use bdev_nr_sectors and bdev_nr_bytes instead of open coding them 2021-10-18 14:43:22 -06:00
dm-ebs-target.c - Add flags argument to dm_bufio_client_create and introduce 2022-08-06 11:09:55 -07:00
dm-era-target.c dm era: commit metadata in postsuspend after worker stops 2022-06-21 13:35:01 -04:00
dm-exception-store.c
dm-exception-store.h dm: use bdev_nr_sectors and bdev_nr_bytes instead of open coding them 2021-10-18 14:43:22 -06:00
dm-flakey.c dm/dm-flakey: Use the new blk_opf_t type 2022-07-14 12:14:31 -06:00
dm-ima.c dm table: audit all dm_table_get_target() callers 2022-07-07 11:49:34 -04:00
dm-ima.h dm ima: add version info to dm related events in ima log 2021-08-20 15:59:47 -04:00
dm-init.c
dm-integrity.c - Add flags argument to dm_bufio_client_create and introduce 2022-08-06 11:09:55 -07:00
dm-io-rewind.c dm: add two stage requeue mechanism 2022-07-07 11:49:32 -04:00
dm-io-tracker.h dm writecache: make writeback pause configurable 2021-06-28 16:30:13 -04:00
dm-io.c dm/core: Combine request operation type and flags 2022-07-14 12:14:31 -06:00
dm-ioctl.c dm table: remove dm_table_get_num_targets() wrapper 2022-07-07 11:49:33 -04:00
dm-kcopyd.c - Refactor DM core's mempool allocation so that it clearer by not 2022-08-02 14:21:25 -07:00
dm-linear.c libnvdimm for 5.19 2022-05-27 15:49:30 -07:00
dm-log-userspace-base.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c libnvdimm for 5.19 2022-05-27 15:49:30 -07:00
dm-log.c dm mirror log: Use the new blk_opf_t type 2022-07-14 12:14:31 -06:00
dm-mpath.c dm mpath: provide high-resolution timer to HST for bio-based 2022-05-09 15:39:23 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h dm mpath: provide high-resolution timer to HST for bio-based 2022-05-09 15:39:23 -04:00
dm-ps-historical-service-time.c dm mpath: provide high-resolution timer to HST for bio-based 2022-05-09 15:39:23 -04:00
dm-ps-io-affinity.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ps-queue-length.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ps-round-robin.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ps-service-time.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-raid.c md: unlock mddev before reap sync_thread in action_store 2022-08-02 17:14:40 -06:00
dm-raid1.c dm/core: Reduce the size of struct dm_io_request 2022-07-14 12:14:31 -06:00
dm-region-hash.c
dm-rq.c dm: unexport dm_get_reserved_rq_based_ios 2022-06-29 12:46:05 -04:00
dm-rq.h
dm-snap-persistent.c - Add flags argument to dm_bufio_client_create and introduce 2022-08-06 11:09:55 -07:00
dm-snap-transient.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-snap.c dm snapshot: fix typo in snapshot_map() comment 2022-07-07 11:49:39 -04:00
dm-stats.c dm stats: add cond_resched when looping over entries 2022-05-09 12:11:07 -04:00
dm-stats.h dm stats: fix too short end duration_ns when using precise_timestamps 2022-02-21 15:35:39 -05:00
dm-stripe.c dax: add .recovery_write dax_operation 2022-05-16 13:37:59 -07:00
dm-switch.c dm: use bdev_nr_sectors and bdev_nr_bytes instead of open coding them 2021-10-18 14:43:22 -06:00
dm-sysfs.c dm sysfs: use default_groups in kobj_type 2022-01-06 09:48:55 -05:00
dm-table.c - Refactor DM core's mempool allocation so that it clearer by not 2022-08-02 14:21:25 -07:00
dm-target.c dax: introduce DAX_RECOVERY_WRITE dax access mode 2022-05-16 13:35:56 -07:00
dm-thin-metadata.c dm thin: fix use-after-free crash in dm_sm_register_threshold_callback 2022-07-15 18:09:14 -04:00
dm-thin-metadata.h dm thin metadata: remove unused dm_thin_remove_block and __remove 2022-02-22 13:55:50 -05:00
dm-thin.c dm thin: fix use-after-free crash in dm_sm_register_threshold_callback 2022-07-15 18:09:14 -04:00
dm-uevent.c
dm-uevent.h
dm-unstripe.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-verity-fec.c dm bufio: Add flags argument to dm_bufio_client_create 2022-07-28 17:46:14 -04:00
dm-verity-fec.h dm verity fec: fix misaligned RS roots IO 2021-04-14 14:28:29 -04:00
dm-verity-loadpin.c dm: verity-loadpin: Drop use of dm_table_get_num_targets() 2022-07-28 21:48:12 -07:00
dm-verity-target.c - A few fixes for the DM verity and bufio changes from the 6.0 merge. 2022-08-11 19:46:48 -07:00
dm-verity-verify-sig.c dm verity: fix require_signatures module_param permissions 2021-05-25 16:14:05 -04:00
dm-verity-verify-sig.h
dm-verity.h - Add flags argument to dm_bufio_client_create and introduce 2022-08-06 11:09:55 -07:00
dm-writecache.c - A few fixes for the DM verity and bufio changes from the 6.0 merge. 2022-08-11 19:46:48 -07:00
dm-zero.c
dm-zone.c - Refactor DM core's mempool allocation so that it clearer by not 2022-08-02 14:21:25 -07:00
dm-zoned-metadata.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
dm-zoned-reclaim.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-zoned-target.c dm-zoned: cleanup dmz_fixup_devices 2022-07-06 06:46:26 -06:00
dm-zoned.h dm/dm-zoned: Use the enum req_op type 2022-07-14 12:14:31 -06:00
dm.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
dm.h dm table: audit all dm_table_get_target() callers 2022-07-07 11:49:34 -04:00
Kconfig blk-mq: make the blk-mq stacking code optional 2022-02-16 19:39:09 -07:00
Makefile hardening updates for v5.20-rc1 2022-08-02 14:38:59 -07:00
md-autodetect.c md: return the allocated devices from md_alloc 2022-08-02 17:22:46 -06:00
md-bitmap.c fs/buffer: Combine two submit_bh() and ll_rw_block() arguments 2022-07-14 12:14:32 -06:00
md-bitmap.h
md-cluster.c md: Fix spelling mistake in comments 2022-08-02 17:14:44 -06:00
md-cluster.h
md-faulty.c block: pass a block_device to bio_clone_fast 2022-02-04 07:43:18 -07:00
md-linear.c md: remove most calls to bdevname 2022-05-22 23:07:21 -07:00
md-linear.h
md-multipath.c md: remove most calls to bdevname 2022-05-22 23:07:21 -07:00
md-multipath.h
md.c block: change the blk_queue_split calling convention 2022-08-02 17:22:53 -06:00
md.h md: return the allocated devices from md_alloc 2022-08-02 17:22:46 -06:00
raid0.c md: Replace snprintf with scnprintf 2022-09-22 00:05:03 -07:00
raid0.h
raid1-10.c md: raid1/raid10: drop pending_cnt 2022-03-08 15:16:54 -08:00
raid1.c md/raid1: Use the new blk_opf_t type 2022-07-14 12:14:31 -06:00
raid1.h md: raid1/raid10: drop pending_cnt 2022-03-08 15:16:54 -08:00
raid5-cache.c md/raid5: Cleanup prototype of raid5_get_active_stripe() 2022-09-22 00:05:04 -07:00
raid5-log.h md/raid5-ppl: Drop unused argument from ppl_handle_flush_request() 2022-08-02 17:14:31 -06:00
raid5-ppl.c md/raid5-ppl: Drop unused argument from ppl_handle_flush_request() 2022-08-02 17:14:31 -06:00
raid5.c md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() 2022-09-22 00:05:04 -07:00
raid5.h md/raid5: Cleanup prototype of raid5_get_active_stripe() 2022-09-22 00:05:04 -07:00
raid10.c md/raid10: fix compile warning 2022-09-22 00:05:03 -07:00
raid10.h md: raid1/raid10: drop pending_cnt 2022-03-08 15:16:54 -08:00