lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110120143546.GA18875@redhat.com>
Date:	Thu, 20 Jan 2011 09:35:46 -0500
From:	Vivek Goyal <vgoyal@...hat.com>
To:	Sergey Senozhatsky <sergey.senozhatsky@...il.com>
Cc:	Jens Axboe <jaxboe@...ionio.com>,
	Philipp Reisner <philipp.reisner@...bit.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Lars Ellenberg <lars.ellenberg@...bit.com>,
	"Stephen M. Cameron" <scameron@...rdog.cce.hp.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] loop: queue_lock NULL pointer derefence in
 blk_throtl_exit (v2)

On Thu, Jan 20, 2011 at 02:58:49PM +0200, Sergey Senozhatsky wrote:
> Performing
> $ sudo mount -o loop -o umask=0 /dev/sdb1 /mnt/
> mount: wrong fs type, bad option, bad superblock on /dev/loop0,
>        missing codepage or helper program, or other error
>        In some cases useful info is found in syslog - try
>        dmesg | tail  or so
> 
> $ sudo modprobe -r loop
> 
> results in oops:
> 
>  BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
>  IP: [<ffffffff812479d4>] do_raw_spin_lock+0x14/0x122
>  Process modprobe (pid: 6189, threadinfo ffff88009a898000, task ffff880154a88000)
>  Call Trace:
>   [<ffffffff81486788>] _raw_spin_lock_irq+0x4a/0x51
>   [<ffffffff8123404b>] ? blk_throtl_exit+0x3b/0xa0
>   [<ffffffff8105b120>] ? cancel_delayed_work_sync+0xd/0xf
>   [<ffffffff8123404b>] blk_throtl_exit+0x3b/0xa0
>   [<ffffffff81229bc8>] blk_release_queue+0x21/0x65
>   [<ffffffff8123bb06>] kobject_release+0x51/0x66
>   [<ffffffff8123bab5>] ? kobject_release+0x0/0x66
>   [<ffffffff8123ce1e>] kref_put+0x43/0x4d
>   [<ffffffff8123ba27>] kobject_put+0x47/0x4b
>   [<ffffffff8122717c>] blk_cleanup_queue+0x56/0x5b
>   [<ffffffffa01c3824>] loop_exit+0x68/0x844 [loop]
>   [<ffffffff8107cccc>] sys_delete_module+0x1e8/0x25b
>   [<ffffffff814864c9>] ? trace_hardirqs_on_thunk+0x3a/0x3f
>   [<ffffffff81002112>] system_call_fastpath+0x16/0x1b
> 
> 
> because of an attempt to acquire NULL queue_lock.
> I added the same lines as in blk_queue_make_request -
> `fall back to embedded per-queue lock'.
> 
> v2: According to comment by Vivek Goyal, queue_lock NULL check and fix moved 
> out from loop driver code to blk_cleanup_queue, which is more general approach.
> 
> 
> Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@...il.com>
> 
> ---
> 
>  block/blk-core.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/block/blk-core.c b/block/blk-core.c
> index 2f4002f..45073ab 100644
> --- a/block/blk-core.c
> +++ b/block/blk-core.c
> @@ -458,6 +458,10 @@ void blk_put_queue(struct request_queue *q)
>  
>  void blk_cleanup_queue(struct request_queue *q)
>  {
> +	/* fall back to our embedded per-queue locks */
> +	if (!q->queue_lock)
> +		q->queue_lock = &q->__queue_lock;
> +

Hi Sergey,

Can we expand a little bit on comment that why do we need to have
q->queue_lock initialized here now. Basically in the past nobody tried
to take q->queue_lock in blk_cleanup_queue() path hence things just
worked. Now blk throttling code is new and it takes q->queue_lock hence we
run into issues. This could be true for some other future code too.

Secondly currently blk throttle code seems to be the only user dependent
on this lock initialization. So it might make sense to move this code
closer to the actual call and blk_release_queue() might be even better
place to do it atleast for now.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ