[RH7] ploop: don't set current exec_ub to preq_ub if the latter is NULL

Submitted by Pavel Tikhomirov on Aug. 29, 2018, 2:24 p.m.

Details

Message ID 20180829142410.17957-1-ptikhomirov@virtuozzo.com
State New
Series "ploop: don't set current exec_ub to preq_ub if the latter is NULL"
Headers show

Commit Message

Pavel Tikhomirov Aug. 29, 2018, 2:24 p.m.
[  149.489777] BUG: unable to handle kernel NULL pointer dereference at 0000000000000100
[  149.497630] IP: [<ffffffffc05ef198>] iolimit_virtinfo+0x38/0x410 [vziolimit]
[  149.504693] PGD 0
[  149.506722] Oops: 0000 [#1] SMP
[  149.509981] Modules linked in: binfmt_misc xt_CHECKSUM tun devlink tcp_diag inet_diag ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic fuse i915 i2c_algo_bit intel_powerclamp drm_kms_helper snd_hda_intel coretemp syscopyarea snd_hda_codec sysfillrect intel_rapl sysimgblt fb_sys_fops snd_hda_core iosf_mbi drm kvm_intel snd_hwdep kvm snd_pcm snd_timer snd iTCO_wdt irqbypass iTCO_vendor_support
[  149.581657]  mei_me mei soundcore sg nuvoton_cir rc_core i2c_i801 shpchp i2c_core lpc_ich ie31200_edac pcspkr ip_vs nf_conntrack libcrc32c br_netfilter veth overlay ip6_vzprivnet ip6_vznetstat ip_vznetstat ip_vzprivnet vziolimit vzevent vzlist vzstat vznetstat vznetdev vzmon vzdev bridge pio_kaio pio_nfs pio_direct pfmt_raw pfmt_ploop1 ploop ip_tables ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel ghash_clmulni_intel ata_generic aesni_intel ahci lrw pata_acpi scsi_transport_iscsi gf128mul libahci glue_helper ablk_helper ata_piix 8021q garp mrp stp libata dm_multipath llc cryptd e1000 r8169 serio_raw mii video sunrpc dm_mirror dm_region_hash dm_log dm_mod
[  149.646514] CPU: 1 PID: 8472 Comm: ploop34743 ve: 0 Kdump: loaded Not tainted 3.10.0-862.11.6.vz7.71.5 #1 71.5
[  149.656506] Hardware name: DEPO Computers To Be Filled By O.E.M./H77 Pro4/MVP, BIOS P1.50B 03/20/2013
[  149.665710] task: ffff96f7f973a120 ti: ffff96f7f0bf0000 task.ti: ffff96f7f0bf0000
[  149.673181] RIP: 0010:[<ffffffffc05ef198>]  [<ffffffffc05ef198>] iolimit_virtinfo+0x38/0x410 [vziolimit]
[  149.682661] RSP: 0018:ffff96f7f0bf3ae0  EFLAGS: 00010246
[  149.687967] RAX: 0000000000000000 RBX: ffffffffc05f15b0 RCX: 0000000000000000
[  149.695090] RDX: ffff96f7f973a120 RSI: 0000000000000000 RDI: ffffffffc05f15b0
[  149.702215] RBP: ffff96f7f0bf3b48 R08: ffffffffc05ef160 R09: ffff96f7fab86008
[  149.709339] R10: 0000000000000000 R11: ffff96f7fab86008 R12: 0000000000000000
[  149.716464] R13: ffff96f7f0bf3ba8 R14: 0000000000000000 R15: ffff96f7f0bf3ba8
[  149.723588] FS:  0000000000000000(0000) GS:ffff96f81f240000(0000) knlGS:0000000000000000
[  149.731667] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  149.737413] CR2: 0000000000000100 CR3: 000000038c20e000 CR4: 00000000001607e0
[  149.744545] Call Trace:
[  149.746994]  [<ffffffff95011b08>] ? kmem_cache_alloc+0xf8/0x240
[  149.752911]  [<ffffffff94eae3cc>] do_virtinfo_notifier_call+0x4c/0x60
[  149.759351]  [<ffffffff94eae420>] virtinfo_notifier_call+0x40/0x70
[  149.765539]  [<ffffffff95142282>] submit_bio+0xf2/0x1c0
[  149.770774]  [<ffffffffc03f4ff0>] dio_io_page+0x1b0/0x300 [pio_direct]
[  149.777298]  [<ffffffffc03f51cc>] dio_read_page+0x1c/0x20 [pio_direct]
[  149.783823]  [<ffffffffc03fe05d>] ploop1_read_index+0x1d/0x20 [pfmt_ploop1]
[  149.790782]  [<ffffffffc05ad720>] ploop_read_map+0x1b0/0x2a0 [ploop]
[  149.797132]  [<ffffffffc05ae88b>] ploop_find_map+0x6b/0x160 [ploop]
[  149.803426]  [<ffffffffc05a7e36>] ploop_entry_request+0x6a6/0x15b0 [ploop]
[  149.810294]  [<ffffffff94ec0486>] ? finish_wait+0x56/0x70
[  149.815695]  [<ffffffffc05a971f>] ploop_req_state_process+0x9df/0xd10 [ploop]
[  149.822853]  [<ffffffff94ec0800>] ? wake_up_atomic_t+0x30/0x30
[  149.828688]  [<ffffffffc05a9c8d>] ploop_thread+0x23d/0x4f0 [ploop]
[  149.834893]  [<ffffffffc05a9a50>] ? ploop_req_state_process+0xd10/0xd10 [ploop]
[  149.842215]  [<ffffffff94ebf621>] kthread+0xd1/0xe0
[  149.847085]  [<ffffffff94ebf550>] ? create_kthread+0x60/0x60
[  149.852736]  [<ffffffff95553677>] ret_from_fork_nospec_begin+0x21/0x21
[  149.859263]  [<ffffffff94ebf550>] ? create_kthread+0x60/0x60
[  149.864945] Code: d7 65 48 8b 14 25 c0 0e 01 00 41 56 41 55 41 54 53 48 83 ec 40 4c 8b b2 18 0b 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 <49> 8b 9e 00 01 00 00 48 85 db 0f 84 c8 02 00 00 8b 03 85 c0 74
[  149.884945] RIP  [<ffffffffc05ef198>] iolimit_virtinfo+0x38/0x410 [vziolimit]
[  149.892110]  RSP <ffff96f7f0bf3ae0>
[  149.895601] CR2: 0000000000000100

In ploop_req_state_process preq->preq_ub is NULL. That's why
ploop_req_state_process sets current exec_ub to NULL and
iolimit_virtinfo does not expect these and while getting ub->iolimit
crashes. So set exec_ub only if preq_ub is not NULL same as we did
before for ioc->ioc_ub.

https://jira.sw.ru/browse/PSBM-88112

Fixes: commit ae4abe579715 ("ploop: store exec_ub in ploop request and use it while processing requests")
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 drivers/block/ploop/dev.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

Patch hide | download patch | download mbox

diff --git a/drivers/block/ploop/dev.c b/drivers/block/ploop/dev.c
index a71f28476eca..fc5f84cb1ce5 100644
--- a/drivers/block/ploop/dev.c
+++ b/drivers/block/ploop/dev.c
@@ -2534,7 +2534,7 @@  static void ploop_req_state_process(struct ploop_request * preq)
 	struct io_context * saved_ioc = NULL;
 	int release_ioc = 0;
 #ifdef CONFIG_BEANCOUNTERS
-	struct user_beancounter *saved_ub;
+	struct user_beancounter *saved_ub = NULL;
 #endif
 
 	trace_req_state_process(preq);
@@ -2546,8 +2546,10 @@  static void ploop_req_state_process(struct ploop_request * preq)
 		release_ioc = 1;
 	}
 #ifdef CONFIG_BEANCOUNTERS
-	get_beancounter(preq->preq_ub);
-	saved_ub = set_exec_ub(preq->preq_ub);
+	if (preq->preq_ub) {
+		get_beancounter(preq->preq_ub);
+		saved_ub = set_exec_ub(preq->preq_ub);
+	}
 #endif
 
 	if (preq->eng_state != PLOOP_E_COMPLETE &&
@@ -2609,8 +2611,10 @@  static void ploop_req_state_process(struct ploop_request * preq)
 			preq->error = -EOPNOTSUPP;
 			ploop_complete_io_state(preq);
 #ifdef CONFIG_BEANCOUNTERS
-			saved_ub = set_exec_ub(saved_ub);
-			put_beancounter(saved_ub);
+			if (saved_ub) {
+				saved_ub = set_exec_ub(saved_ub);
+				put_beancounter(saved_ub);
+			}
 #endif
 			return;
 		}
@@ -2890,8 +2894,10 @@  static void ploop_req_state_process(struct ploop_request * preq)
 		put_io_context(ioc);
 	}
 #ifdef CONFIG_BEANCOUNTERS
-	saved_ub = set_exec_ub(saved_ub);
-	put_beancounter(saved_ub);
+	if (saved_ub) {
+		saved_ub = set_exec_ub(saved_ub);
+		put_beancounter(saved_ub);
+	}
 #endif
 }