| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Mar 2012 14:04:06 +0100 From: Jens Axboe <axboe@...nel.dk> To: Tejun Heo <tj@...nel.org> CC: Fengguang Wu <fengguang.wu@...el.com>, Vivek Goyal <vgoyal@...hat.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH block/for-3.4/core] cfq: fix cfqg ref handling when BLK_CGROUP && !CFQ_GROUP_IOSCHED On 03/15/2012 05:35 PM, Tejun Heo wrote: > When BLK_CGROUP is enabled but CFQ_GROUP_IOSCHED is, cfq ends up > calling blkg_get/put() on dummy cfqg leading to the following crash. > > BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 > IP: [<ffffffff813d44d8>] cfq_init_queue+0x258/0x430 > PGD 0 > Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC > CPU 0 > Modules linked in: > > Pid: 1, comm: swapper/0 Not tainted 3.3.0-rc6-work+ #125 Bochs Bochs > RIP: 0010:[<ffffffff813d44d8>] [<ffffffff813d44d8>] cfq_init_queue+0x258/0x430 > RSP: 0018:ffff88001f9dfd80 EFLAGS: 00010046 > RAX: ffff88001aefbbf0 RBX: ffff88001aeedbf0 RCX: 0000000000000100 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff820ffd40 > RBP: ffff88001f9dfdd0 R08: 0000000000000000 R09: 0000000000000001 > R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 > R13: 0000000000000009 R14: ffff88001aefbc30 R15: 0000000000000003 > FS: 0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > CR2: 00000000000000b0 CR3: 000000000206f000 CR4: 00000000000006f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Process swapper/0 (pid: 1, threadinfo ffff88001f9de000, task ffff88001f9dc040) > Stack: > ffff88001aeedbf0 ffff88001aefbdb0 ffff88001aef1548 ffff88001aefbbf0 > ffff88001f9dfdd0 ffff88001aef1548 ffffffff820d6320 ffffffff8165ce30 > ffffffff82c555e0 ffff88001aeebbf0 ffff88001f9dfe00 ffffffff813b0507 > Call Trace: > [<ffffffff813b0507>] elevator_init+0xd7/0x140 > [<ffffffff813b83d5>] blk_init_allocated_queue+0x125/0x150 > [<ffffffff813b94d3>] blk_init_queue_node+0x43/0x80 > [<ffffffff813b9523>] blk_init_queue+0x13/0x20 > [<ffffffff821aec00>] floppy_init+0x82/0xec7 > [<ffffffff810001d2>] do_one_initcall+0x42/0x170 > [<ffffffff821835fc>] kernel_init+0xcb/0x14f > [<ffffffff81b40b24>] kernel_thread_helper+0x4/0x10 > Code: 00 e8 1d 9e 76 00 48 8b 43 48 48 85 c0 48 89 83 28 03 00 00 74 07 4c 8b a0 10 ff ff ff 8b 15 b0 2e d0 00 85 d2 0f 85 49 01 00 00 <41> 8b 84 24 b0 00 00 00 85 c0 0f 8e 8c 01 00 00 83 e8 01 85 c0 > RIP [<ffffffff813d44d8>] cfq_init_queue+0x258/0x430 > > Because cfq's blkcg support has a on/off switch, CFQ_GROUP_IOSCHED, > separate from BLK_CGROUP, blkg access through cfqg needs to be > conditioned on it. > > * Make blkg_to_cfqg() and cfqg_to_blkg() conditioned on > CFQ_GROUP_IOSCHED. If disabled, they always return %NULL. > > * Introduce cfqg_get() and cfqg_put() conditioned on > CFQ_GROUP_IOSCHED. If disabled, they are noops. > > Reported-by: Fengguang Wu <fengguang.wu@...el.com> > Signed-off-by: Tejun Heo <tj@...nel.org> > --- > Yeap, forgot to test that config combination. Fengguang, can you > please test this patch? Jens, once Fengguang confirms the fix, can > you please apply this on top of for-3.4/core along with the pending > stats updates? Added to for-3.5/core, thanks. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists