Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp6015883ybc; Wed, 27 Nov 2019 13:27:01 -0800 (PST) X-Google-Smtp-Source: APXvYqwJyQCvMbvc75pyLz28dPii4BmoVLIEmsU0rM3YB0Pp4tO3Y+7Et+IqsoN/NsxIL9u5564r X-Received: by 2002:aa7:d342:: with SMTP id m2mr34434912edr.215.1574890021246; Wed, 27 Nov 2019 13:27:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574890021; cv=none; d=google.com; s=arc-20160816; b=uOIJyxc/owKWrJVtIfALUf1eCAQKgzNBvb7+f3dxIQF2M1hIV7/Ke8SImLZexAx8MM 8dBVcA4sWCSOXw+DHw+Bom29p0jQwvOssi/hffLmNFgCyPwr4dvcy6rOSi0otzg7xv77 af4/jVVGdHLZqFoWH8r0IwpRk6QzGPKpbMvt70jdBV6xLv+CVWcJMVVucMHdhmO7E74B 79hJwK2/nABWhM6DkynMRSS/QD2SFuRUng0VmbY1CwV2iojTvL97lsIav6F0TUYcKCtC VQ6/D+sKft1qyd1Dn3hkTbea78Kpq+UyMTxGTxm2LxQrogcW5xja3c1Mobm9YWX6PGsW a+Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Aiaq5hyAID4+h0aS3eixLK5s7YIkVUMOV8dDATRGzZE=; b=YDXkc4PisYOnhnETguEVZY/SECHnFltfywKPzvFG4wABxiiJbGgYo4kTNO/mNSrEZc n/6SXg0N4Gs6IqMC7bPgKxHJb9oLRkfrI1Vmepxy/QJELGHmSvjRqh99tKl/2z3qoh/W iVvfS4RVnHghlZuk1cg1AV7AuxxObNQ2pzZ2QxjQPfBeg/+N/3ZlCyc5uxhr6H61IEUc PTYt6i8Hy58/rwHafH29ED5DPxn8uLJbC++NrP3eTclwFhuid2SiWt9KNFu7LPAqdb7I HRZxrsvIy9rrmpNDI1rENUo05UoilLfeOlSY7ZXERGHniBq9H5+frS44oVuJD9BwKC2e MVyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WreGH7Ul; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t20si4099118ejr.110.2019.11.27.13.26.37; Wed, 27 Nov 2019 13:27:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WreGH7Ul; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731566AbfK0VDX (ORCPT + 99 others); Wed, 27 Nov 2019 16:03:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:56508 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732004AbfK0VDS (ORCPT ); Wed, 27 Nov 2019 16:03:18 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DC8B02086A; Wed, 27 Nov 2019 21:03:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574888598; bh=mKp2s/blIgMGrwn5l+GuCYtectkjp5AVSv8RFFXlJYI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WreGH7UllX2H0fPMs9WPzY5DDYT7cxnVguo91OljobDH3QP06iNJk8xs++tj2apzH 2aZ/0THM68L6ifFi+ZXNOc8d86X5hxV3ZbWuHz/R4ueKsDigud3gA0xTgF5wT5RURT W9JmDx4PziQ3MeTrm3LizRIh6jntgD5KlwYTyHTg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Changwei Ge , Andrew Morton , Mark Fasheh , Joel Becker , Junxiao Bi , Joseph Qi , Linus Torvalds , Sasha Levin Subject: [PATCH 4.19 197/306] ocfs2: dont use iocb when EIOCBQUEUED returns Date: Wed, 27 Nov 2019 21:30:47 +0100 Message-Id: <20191127203129.589297656@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203114.766709977@linuxfoundation.org> References: <20191127203114.766709977@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Changwei Ge [ Upstream commit 9e985787750db8aae87f02b67e908f28ac4d6b83 ] When -EIOCBQUEUED returns, it means that aio_complete() will be called from dio_complete(), which is an asynchronous progress against write_iter. Generally, IO is a very slow progress than executing instruction, but we still can't take the risk to access a freed iocb. And we do face a BUG crash issue. Using the crash tool, iocb is obviously freed already. crash> struct -x kiocb ffff881a350f5900 struct kiocb { ki_filp = 0xffff881a350f5a80, ki_pos = 0x0, ki_complete = 0x0, private = 0x0, ki_flags = 0x0 } And the backtrace shows: ocfs2_file_write_iter+0xcaa/0xd00 [ocfs2] aio_run_iocb+0x229/0x2f0 do_io_submit+0x291/0x540 SyS_io_submit+0x10/0x20 system_call_fastpath+0x16/0x75 Link: http://lkml.kernel.org/r/1523361653-14439-1-git-send-email-ge.changwei@h3c.com Signed-off-by: Changwei Ge Reviewed-by: Andrew Morton Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- fs/ocfs2/file.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index a847fe52c56ee..a3e077fcfeb9b 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -2389,7 +2389,7 @@ static ssize_t ocfs2_file_write_iter(struct kiocb *iocb, written = __generic_file_write_iter(iocb, from); /* buffered aio wouldn't have proper lock coverage today */ - BUG_ON(written == -EIOCBQUEUED && !(iocb->ki_flags & IOCB_DIRECT)); + BUG_ON(written == -EIOCBQUEUED && !direct_io); /* * deep in g_f_a_w_n()->ocfs2_direct_IO we pass in a ocfs2_dio_end_io @@ -2509,7 +2509,7 @@ static ssize_t ocfs2_file_read_iter(struct kiocb *iocb, trace_generic_file_read_iter_ret(ret); /* buffered aio wouldn't have proper lock coverage today */ - BUG_ON(ret == -EIOCBQUEUED && !(iocb->ki_flags & IOCB_DIRECT)); + BUG_ON(ret == -EIOCBQUEUED && !direct_io); /* see ocfs2_file_write_iter */ if (ret == -EIOCBQUEUED || !ocfs2_iocb_is_rw_locked(iocb)) { -- 2.20.1