From patchwork Tue May 3 20:42:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikulas Patocka X-Patchwork-Id: 569290 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDF22C433F5 for ; Tue, 3 May 2022 20:43:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236280AbiECUqo (ORCPT ); Tue, 3 May 2022 16:46:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231410AbiECUqn (ORCPT ); Tue, 3 May 2022 16:46:43 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D4E4633A1B for ; Tue, 3 May 2022 13:43:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651610587; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=9RuBntnBqG6yjLEUMDRt7zLnBdn8yVf2oOpi78Qq53U=; b=PwLmcJ3UH9pabT3AWWIyEMMWCNNfa5e40bHiy/8T2CVjYJ3mlJn9JgLa8NfzApNfLbm2dD Tx7HJfnKifmXr8myD2pwsmnYWJnz5WPB/QraGjMQAd5ptglsVCB5uWjjgsgUpHTBtUtLo/ xed3O4hBv6afTTL42TxFeDPkmkeWodw= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-373-ubR5pce1O2qUOWQGXmweCw-1; Tue, 03 May 2022 16:42:07 -0400 X-MC-Unique: ubR5pce1O2qUOWQGXmweCw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BED821DC243A; Tue, 3 May 2022 20:42:05 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (file01.intranet.prod.int.rdu2.redhat.com [10.11.5.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B769F154497C; Tue, 3 May 2022 20:42:05 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (localhost [127.0.0.1]) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4) with ESMTP id 243Kg5ux012032; Tue, 3 May 2022 16:42:05 -0400 Received: from localhost (mpatocka@localhost) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4/Submit) with ESMTP id 243Kg52X012028; Tue, 3 May 2022 16:42:05 -0400 X-Authentication-Warning: file01.intranet.prod.int.rdu2.redhat.com: mpatocka owned process doing -bs Date: Tue, 3 May 2022 16:42:05 -0400 (EDT) From: Mikulas Patocka X-X-Sender: mpatocka@file01.intranet.prod.int.rdu2.redhat.com To: Greg Kroah-Hartman cc: Mike Snitzer , dm-devel@redhat.com, stable@vger.kernel.org Subject: [PATCH v5.4] dm: fix mempool NULL pointer race when completing IO Message-ID: User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org This is backport of the patch d208b89401e0 ("dm: fix mempool NULL pointer race when completing IO") for the kernel 5.4. The bugs fixed by this patch can cause random crashing when reloading dm table, so it is eligible for stable backport. Signed-off-by: Mikulas Patocka Reviewed-by: Mike Snitzer --- drivers/md/dm.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) Index: linux-stable/drivers/md/dm.c =================================================================== --- linux-stable.orig/drivers/md/dm.c 2022-04-30 19:53:42.000000000 +0200 +++ linux-stable/drivers/md/dm.c 2022-04-30 19:57:03.000000000 +0200 @@ -676,19 +676,18 @@ static void start_io_acct(struct dm_io * false, 0, &io->stats_aux); } -static void end_io_acct(struct dm_io *io) +static void end_io_acct(struct mapped_device *md, struct bio *bio, + unsigned long start_time, struct dm_stats_aux *stats_aux) { - struct mapped_device *md = io->md; - struct bio *bio = io->orig_bio; - unsigned long duration = jiffies - io->start_time; + unsigned long duration = jiffies - start_time; generic_end_io_acct(md->queue, bio_op(bio), &dm_disk(md)->part0, - io->start_time); + start_time); if (unlikely(dm_stats_used(&md->stats))) dm_stats_account_io(&md->stats, bio_data_dir(bio), bio->bi_iter.bi_sector, bio_sectors(bio), - true, duration, &io->stats_aux); + true, duration, stats_aux); /* nudge anyone waiting on suspend queue */ if (unlikely(wq_has_sleeper(&md->wait))) @@ -909,6 +908,8 @@ static void dec_pending(struct dm_io *io blk_status_t io_error; struct bio *bio; struct mapped_device *md = io->md; + unsigned long start_time = 0; + struct dm_stats_aux stats_aux; /* Push-back supersedes any I/O errors */ if (unlikely(error)) { @@ -935,8 +936,10 @@ static void dec_pending(struct dm_io *io io_error = io->status; bio = io->orig_bio; - end_io_acct(io); + start_time = io->start_time; + stats_aux = io->stats_aux; free_io(md, io); + end_io_acct(md, bio, start_time, &stats_aux); if (io_error == BLK_STS_DM_REQUEUE) return;