Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752570AbcJJNOD (ORCPT <rfc822;w@1wt.eu>);
        Mon, 10 Oct 2016 09:14:03 -0400
Received: from mail-qk0-f178.google.com ([209.85.220.178]:36469 "EHLO
        mail-qk0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752354AbcJJNNU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Oct 2016 09:13:20 -0400
Subject: Re: [PATCHv2] ceph: Fix error handling in ceph_read_iter
To: "Yan, Zheng" <zyan@redhat.com>
References: <1476103098-2925-1-git-send-email-kernel@kyup.com>
 <1476104199-3259-1-git-send-email-kernel@kyup.com>
 <530F1E79-6653-45F5-BBC6-B1D9F9005D14@redhat.com>
Cc: Ilya Dryomov <idryomov@gmail.com>,
        ceph-devel <ceph-devel@vger.kernel.org>, linux-kernel@vger.kernel.org
From: Nikolay Borisov <kernel@kyup.com>
Message-ID: <57FB93ED.5030602@kyup.com>
Date: Mon, 10 Oct 2016 16:13:17 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <530F1E79-6653-45F5-BBC6-B1D9F9005D14@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1407
Lines: 49



On 10/10/2016 04:11 PM, Yan, Zheng wrote:
> 
>> On 10 Oct 2016, at 20:56, Nikolay Borisov <kernel@kyup.com> wrote:
>>
>> In case __ceph_do_getattr returns an error and the retry_op in
>> ceph_read_iter is not READ_INLINE, then it's possible to invoke
>> __free_page on a page which is NULL, this naturally leads to a crash.
>> This can happen when, for example, a process waiting on a MDS reply
>> receives sigterm.
>>
>> Fix this by explicitly checking whether the page is set or not.
>>
>> Signed-off-by: Nikolay Borisov <kernel@kyup.com>
>> Link: http://www.spinics.net/lists/ceph-users/msg31592.html
>> ---
>>
>> Inverted the condition, so resending with correct condition
>> this time. 
>>
>> fs/ceph/file.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
>> index 3c68e6aee2f0..7413313ae6c8 100644
>> --- a/fs/ceph/file.c
>> +++ b/fs/ceph/file.c
>> @@ -929,7 +929,8 @@ again:
>> 		statret = __ceph_do_getattr(inode, page,
>> 					    CEPH_STAT_CAP_INLINE_DATA, !!page);
>> 		if (statret < 0) {
>> -			 __free_page(page);
>> +			if (page)
>> +				__free_page(page);
>> 			if (statret == -ENODATA) {
>> 				BUG_ON(retry_op != READ_INLINE);
>> 				goto again;
>> — 
> Reviewed-by: Yan, Zheng <zyan@redhat.com>

I believe this needs to also be tagged as stable. To whomever is going
to merge it: can you please do that?


> 
>> 2.5.0
>>
>