Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752112AbbEDFtE (ORCPT ); Mon, 4 May 2015 01:49:04 -0400 Received: from mga02.intel.com ([134.134.136.20]:34053 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750919AbbEDFs4 (ORCPT ); Mon, 4 May 2015 01:48:56 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.13,364,1427785200"; d="scan'208";a="689414538" From: Yuanhan Liu To: neilb@suse.de Cc: linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, Yuanhan Liu , Shaohua Li Subject: [PATCH] md/raid5: init batch_xxx for new sh at resize_stripes Date: Mon, 4 May 2015 13:50:24 +0800 Message-Id: <1430718624-8988-1-git-send-email-yuanhan.liu@linux.intel.com> X-Mailer: git-send-email 1.9.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5512 Lines: 104 This is to fix a kernel NULL dereference oops introduced by commit 59fc630b("RAID5: batch adjacent full stripe write"), which introduced several batch_xxx fields, and did initiation for them at grow_one_stripes(), but forgot to do same at resize_stripes(). This oops can be easily triggered by following steps: __create RAID5 /dev/md0 __grow /dev/md0 mdadm --wait /dev/md0 dd if=/dev/zero of=/dev/md0 Here is the detailed oops log: [ 32.384499] BUG: unable to handle kernel NULL pointer dereference at (null) [ 32.385366] IP: [] add_stripe_bio+0x48d/0x544 [ 32.385955] PGD 373f3067 PUD 36e34067 PMD 0 [ 32.386404] Oops: 0002 [#1] SMP [ 32.386740] Modules linked in: [ 32.387040] CPU: 0 PID: 1059 Comm: kworker/u2:2 Not tainted 4.0.0-next-20150427+ #107 [ 32.387762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 [ 32.388044] Workqueue: writeback bdi_writeback_workfn (flush-9:0) [ 32.388044] task: ffff88003d038000 ti: ffff88003d40c000 task.ti: ffff88003d40c000 [ 32.388044] RIP: 0010:[] [] add_stripe_bio+0x48d/0x544 [ 32.388044] RSP: 0000:ffff88003d40f6f8 EFLAGS: 00010046 [ 32.388044] RAX: 0000000000000000 RBX: ffff880037168cd0 RCX: ffff880037179a28 [ 32.388044] RDX: ffff880037168d58 RSI: 0000000000000000 RDI: ffff880037179a20 [ 32.388044] RBP: ffff88003d40f738 R08: 0000000000000410 R09: 0000000000000410 [ 32.388044] R10: 0000000000000410 R11: 0000000000000002 R12: ffff8800371799a0 [ 32.388044] R13: ffff88003c3d0800 R14: 0000000000000001 R15: ffff880037179a08 [ 32.388044] FS: 0000000000000000(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 [ 32.388044] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 32.388044] CR2: 0000000000000000 CR3: 0000000036e33000 CR4: 00000000000006f0 [ 32.388044] Stack: [ 32.388044] 0000000200000000 ffff880037168d38 ffff88003d40f738 ffff88003c3abd00 [ 32.388044] ffff88003c2df800 ffff88003c3d0800 0000000000000408 ffff88003c3d0b54 [ 32.388044] ffff88003d40f828 ffffffff8184b9ea ffffffff3d40f7e8 0000000000000292 [ 32.388044] Call Trace: [ 32.388044] [] make_request+0x7a8/0xaee [ 32.388044] [] ? wait_woken+0x79/0x79 [ 32.388044] [] ? kmem_cache_alloc+0x95/0x1b6 [ 32.388044] [] md_make_request+0xeb/0x1c3 [ 32.388044] [] ? mempool_alloc+0x64/0x127 [ 32.388044] [] generic_make_request+0x9c/0xdb [ 32.388044] [] submit_bio+0xf6/0x134 [ 32.388044] [] _submit_bh+0x119/0x141 [ 32.388044] [] submit_bh+0x10/0x12 [ 32.388044] [] __block_write_full_page.constprop.30+0x1a3/0x2a4 [ 32.388044] [] ? I_BDEV+0xd/0xd [ 32.388044] [] block_write_full_page+0xab/0xaf [ 32.388044] [] blkdev_writepage+0x18/0x1a [ 32.388044] [] __writepage+0x14/0x2d [ 32.388044] [] write_cache_pages+0x29a/0x3a7 [ 32.388044] [] ? mapping_tagged+0x14/0x14 [ 32.388044] [] generic_writepages+0x3e/0x56 [ 32.388044] [] do_writepages+0x1e/0x2c [ 32.388044] [] __writeback_single_inode+0x5b/0x27e [ 32.388044] [] writeback_sb_inodes+0x1dc/0x358 [ 32.388044] [] __writeback_inodes_wb+0x7f/0xb8 [ 32.388044] [] wb_writeback+0x11a/0x271 [ 32.388044] [] ? global_dirty_limits+0x1b/0xfd [ 32.388044] [] bdi_writeback_workfn+0x1ae/0x360 [ 32.388044] [] process_one_work+0x1c2/0x340 [ 32.388044] [] worker_thread+0x28b/0x389 [ 32.388044] [] ? cancel_delayed_work_sync+0x15/0x15 [ 32.388044] [] kthread+0xd2/0xda [ 32.388044] [] ? kthread_create_on_node+0x17c/0x17c [ 32.388044] [] ret_from_fork+0x42/0x70 [ 32.388044] [] ? kthread_create_on_node+0x17c/0x17c [ 32.388044] Code: 84 24 90 00 00 00 48 8d 93 88 00 00 00 49 8d 8c 24 88 00 00 00 49 89 94 24 90 00 00 00 48 89 8b 88 00 00 00 48 89 83 90 00 00 00 <48> 89 10 66 41 83 84 24 80 00 00 00 01 3e 0f ba 73 48 06 72 02 [ 32.388044] RIP [] add_stripe_bio+0x48d/0x544 [ 32.388044] RSP [ 32.388044] CR2: 0000000000000000 [ 32.388044] ---[ end trace 2b255d3f55be9eb3 ]--- Cc: Shaohua Li Signed-off-by: Yuanhan Liu --- drivers/md/raid5.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index 697d77a..7b074f7 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -2217,6 +2217,10 @@ static int resize_stripes(struct r5conf *conf, int newsize) if (!p) err = -ENOMEM; } + + spin_lock_init(&nsh->batch_lock); + INIT_LIST_HEAD(&nsh->batch_list); + nsh->batch_head = NULL; release_stripe(nsh); } /* critical section pass, GFP_NOIO no longer needed */ -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/