Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1158047imm; Wed, 1 Aug 2018 11:08:29 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdgCQQkZ8BQ2gM2tyHDnO5AruMfr1d1BS8+pxR78dE3BFPT/8uueUfxYcA6EdLLmNhgro4l X-Received: by 2002:a62:f909:: with SMTP id o9-v6mr28126972pfh.141.1533146909723; Wed, 01 Aug 2018 11:08:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533146909; cv=none; d=google.com; s=arc-20160816; b=XYyoDsOLGiUdc2qfHNB1pf8Q9TvHgxthYuLPAB11kAM+nCI+wDKp6O9iEaoCR74fnH fqvEL2GDonYa+O/OMqI4IMsodWc3l3HVCp+GvcjEFeYEAO9LMlhd79cK6VfHVI+WHNzR rUnvvEsTuze9m0YZxqpRpASL6eENO/Y3Ka/4U9BIOjzEXkpVpaP4LN+4o8ZP8d9rOCTu 4prZvEMw7kvZc4bSq2zLd5aiupUiKnEo5zwAS7VkJzrFGDTT9CZN1sy8/ytLE3fZ2luL tqokavko0vnJJQyyaSkvwCYBswn9EAcFUHOURw9iUsok1AG0ajmtNGtPhPHIwbbAmFHB ATtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=H0FG2cSTW2y8PiRnLhdMO8jEM3ohk/pvDE6CMRTSIJw=; b=NQu9+bXP3/IB7Xanuj/7rlU9wGVjC1ElkYcN/nZYnE4fKc3wkoxmQg986ccIBCu5wV 69abwZXcSFFajHSMEsL7FB7lyvqPEgjyn4mO78IwN3lH+vymmNvC7qpMYwj8I2ntP8Ky xXGeuKLad2C+vcgqe1o4bzmntttP5n0CEn4Gf2/DDQUzz1l+N2QtKrDDaE+u3b3V0jZe pIg0K7KwYPCijTU+bBGaxTtFvBJgExBFfr1eUFVPtZEDQZzLFwUUkAXDSdWUg58BftcP FwTHzKdnPAX130Hvodgsh2sO7m6adS3xnYAemqSaIFjY8iDTSYh+LK+autXPlYfpx0k7 RJcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u190-v6si11754337pgu.305.2018.08.01.11.08.15; Wed, 01 Aug 2018 11:08:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732803AbeHATxI (ORCPT + 99 others); Wed, 1 Aug 2018 15:53:08 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:49806 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405815AbeHATIh (ORCPT ); Wed, 1 Aug 2018 15:08:37 -0400 Received: from localhost (D57E6652.static.ziggozakelijk.nl [213.126.102.82]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 580A6132C; Wed, 1 Aug 2018 17:11:58 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tejun Heo , Dave Jones , Andrew Morton , Josh Snyder , Linus Torvalds Subject: [PATCH 4.14 012/246] delayacct: fix crash in delayacct_blkio_end() after delayacct init failure Date: Wed, 1 Aug 2018 18:48:42 +0200 Message-Id: <20180801165012.280528692@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180801165011.700991984@linuxfoundation.org> References: <20180801165011.700991984@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Tejun Heo commit b512719f771a82180211c9a315b8a7f628832b3d upstream. While forking, if delayacct init fails due to memory shortage, it continues expecting all delayacct users to check task->delays pointer against NULL before dereferencing it, which all of them used to do. Commit c96f5471ce7d ("delayacct: Account blkio completion on the correct task"), while updating delayacct_blkio_end() to take the target task instead of always using %current, made the function test NULL on %current->delays and then continue to operated on @p->delays. If %current succeeded init while @p didn't, it leads to the following crash. BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: __delayacct_blkio_end+0xc/0x40 PGD 8000001fd07e1067 P4D 8000001fd07e1067 PUD 1fcffbb067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 4 PID: 25774 Comm: QIOThread0 Not tainted 4.16.0-9_fbk1_rc2_1180_g6b593215b4d7 #9 RIP: 0010:__delayacct_blkio_end+0xc/0x40 Call Trace: try_to_wake_up+0x2c0/0x600 autoremove_wake_function+0xe/0x30 __wake_up_common+0x74/0x120 wake_up_page_bit+0x9c/0xe0 mpage_end_io+0x27/0x70 blk_update_request+0x78/0x2c0 scsi_end_request+0x2c/0x1e0 scsi_io_completion+0x20b/0x5f0 blk_mq_complete_request+0xa2/0x100 ata_scsi_qc_complete+0x79/0x400 ata_qc_complete_multiple+0x86/0xd0 ahci_handle_port_interrupt+0xc9/0x5c0 ahci_handle_port_intr+0x54/0xb0 ahci_single_level_irq_intr+0x3b/0x60 __handle_irq_event_percpu+0x43/0x190 handle_irq_event_percpu+0x20/0x50 handle_irq_event+0x2a/0x50 handle_edge_irq+0x80/0x1c0 handle_irq+0xaf/0x120 do_IRQ+0x41/0xc0 common_interrupt+0xf/0xf Fix it by updating delayacct_blkio_end() check @p->delays instead. Link: http://lkml.kernel.org/r/20180724175542.GP1934745@devbig577.frc2.facebook.com Fixes: c96f5471ce7d ("delayacct: Account blkio completion on the correct task") Signed-off-by: Tejun Heo Reported-by: Dave Jones Debugged-by: Dave Jones Reviewed-by: Andrew Morton Cc: Josh Snyder Cc: [4.15+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- include/linux/delayacct.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/delayacct.h +++ b/include/linux/delayacct.h @@ -124,7 +124,7 @@ static inline void delayacct_blkio_start static inline void delayacct_blkio_end(struct task_struct *p) { - if (current->delays) + if (p->delays) __delayacct_blkio_end(p); delayacct_clear_flag(DELAYACCT_PF_BLKIO); }