| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8b714da7-97b2-f8d2-4be7-c192130c33af@kernel.dk>
Date: Mon, 7 Sep 2020 10:41:16 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Yang Yang <yang.yang@...o.com>, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: onlyfever@...oud.com, Omar Sandoval <osandov@...ndov.com>
Subject: Re: [PATCH] kyber: Fix crash in kyber_finish_request()
CC Omar
On 9/7/20 1:43 AM, Yang Yang wrote:
> Kernel crash when requeue flush request.
> It can be reproduced as below:
>
> [ 2.517297] Unable to handle kernel paging request at virtual address ffffffd8071c0b00
> ...
> [ 2.517468] pc : clear_bit+0x18/0x2c
> [ 2.517502] lr : sbitmap_queue_clear+0x40/0x228
> [ 2.517503] sp : ffffff800832bc60 pstate : 00c00145
> ...
> [ 2.517599] Process ksoftirqd/5 (pid: 51, stack limit = 0xffffff8008328000)
> [ 2.517602] Call trace:
> [ 2.517606] clear_bit+0x18/0x2c
> [ 2.517619] kyber_finish_request+0x74/0x80
> [ 2.517627] blk_mq_requeue_request+0x3c/0xc0
> [ 2.517637] __scsi_queue_insert+0x11c/0x148
> [ 2.517640] scsi_softirq_done+0x114/0x130
> [ 2.517643] blk_done_softirq+0x7c/0xb0
> [ 2.517651] __do_softirq+0x208/0x3bc
> [ 2.517657] run_ksoftirqd+0x34/0x60
> [ 2.517663] smpboot_thread_fn+0x1c4/0x2c0
> [ 2.517667] kthread+0x110/0x120
> [ 2.517669] ret_from_fork+0x10/0x18
>
> Signed-off-by: Yang Yang <yang.yang@...o.com>
> ---
> block/kyber-iosched.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/block/kyber-iosched.c b/block/kyber-iosched.c
> index a38c5ab103d1..af73afe7a05c 100644
> --- a/block/kyber-iosched.c
> +++ b/block/kyber-iosched.c
> @@ -611,6 +611,9 @@ static void kyber_finish_request(struct request *rq)
> {
> struct kyber_queue_data *kqd = rq->q->elevator->elevator_data;
>
> + if (unlikely(!(rq->rq_flags & RQF_ELVPRIV)))
> + return;
> +
> rq_clear_domain_token(kqd, rq);
> }
>
>
--
Jens Axboe
Powered by blists - more mailing lists