Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3202159pxj; Mon, 10 May 2021 22:08:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3TKTnRqs5KqpPuW5p0+pHizSuV2OERaj8w8aMHZ++RJGbq8MWTU3lAqZYANz2hJmybuJF X-Received: by 2002:a17:906:33d8:: with SMTP id w24mr28986780eja.28.1620709722147; Mon, 10 May 2021 22:08:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620709722; cv=none; d=google.com; s=arc-20160816; b=AXT24ywF13AR2btDuP4zHuomGfnontQY3fBseTUlv/zIbTi0fBnKBHcRXl7GnTNdYu O27OJsCs7NaLvbvWxc/CHaJglfMkjmoyOTMnhPNanBHGV5fvtaKfZVYN66lmwoJgAg0o iRmEmyZqa7Ns/mDyL3SI0IhWYpYFRfKqwypl54534bszW5pNyfJu5nPly0Awrxi+ED7C hQHj2sYYHEkoljmLVAkXavh6myCKC01Itt4H9w1Xw2E5ydP6HBviE2aSO8Bs7FTSMQKG KDjl3c/dKzHiL34gI6T3DnBkQqFKGPCX0cW3esa1ktPIJVkVgMpzfVuQrbz/3An9rI+W iByg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=XXgY7+tMohqI6o+/N9qtYRhSX5FQdd1w5e5eqyW75xo=; b=GtUtQndbHT47hcNVZeGAW4bbWidsbVwce+FKwjFtPTDQO1cqyqIDhbAm75lkZPpgYe MbmI+lC0XC4+khCNU3o99f0zR1OPY/onjO+Kiq2bwIFgF6w2TXe3+qUAzsKuiIwSn2H1 t2lKshGkuOcoBKa1nLF3hoHioWJQ95UKE0tJL0RfkkRJBLqhYh1Vwlh1eCs8FYUe/awo m0OyxqHcP09U+egvNEwaT9VO6w6qlX5f4sl/exylgmc6c0Nf9SmbL1QVtVg6/Rp8Cvwn CN10XmkqlxTOJ3lzdUUo8NrbmMcbMEcTujixikfRJQLdoXMPGcN721B7uOJnw4L1f12i 6LJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CinG+sAr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qp24si8251136ejb.718.2021.05.10.22.08.18; Mon, 10 May 2021 22:08:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CinG+sAr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230005AbhEKFIa (ORCPT + 99 others); Tue, 11 May 2021 01:08:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:56936 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229885AbhEKFIa (ORCPT ); Tue, 11 May 2021 01:08:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9CA3D6187E; Tue, 11 May 2021 05:07:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620709644; bh=4c0rBQ+cD5bPSkpsXMcoo5k4pBv7+UXNxE9GGH+21ng=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CinG+sArvseTBVOprnEIloPi/Nj2J4HiKbUh4f0a10srYbeAV9NuZ8XZFOU/nfJyk HAbgwecj8i9iao7lHbwE7WctBk16geRajB37wLCoMxYbbfWugSdzU9AIrgm2wqLTtZ wi0jjVWEhi36fxepX5c1C8KTzXzri3UjWPlwGDyvgkAutCR6WG9KWAO8MkCjaubRDr kFNItNLuh74GVno1cNRar5FKJAGkm0wiiZ9np74UpMO+LxMQ7kJgQ3SIh2qp7fR9KO cK7W5qOWFgcmgSOovTb2Nwv5zS7DhrlloCxyjDUlfS7pNc5R6STZ4XW19lZ68YHgel ut9RoDtAm11BA== Date: Mon, 10 May 2021 22:07:23 -0700 From: Jaegeuk Kim To: Chao Yu Cc: linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Subject: Re: [f2fs-dev] [PATCH] f2fs: avoid null pointer access when handling IPU error Message-ID: References: <20210510142804.511265-1-jaegeuk@kernel.org> <9df7d088-3580-122b-60a3-799ea665cfeb@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9df7d088-3580-122b-60a3-799ea665cfeb@huawei.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/11, Chao Yu wrote: > On 2021/5/10 22:28, Jaegeuk Kim wrote: > > Unable to handle kernel NULL pointer dereference at virtual address 000000000000001a > > pc : f2fs_inplace_write_data+0x144/0x208 > > lr : f2fs_inplace_write_data+0x134/0x208 > > Call trace: > > f2fs_inplace_write_data+0x144/0x208 > > f2fs_do_write_data_page+0x270/0x770 > > f2fs_write_single_data_page+0x47c/0x830 > > __f2fs_write_data_pages+0x444/0x98c > > f2fs_write_data_pages.llvm.16514453770497736882+0x2c/0x38 > > do_writepages+0x58/0x118 > > __writeback_single_inode+0x44/0x300 > > writeback_sb_inodes+0x4b8/0x9c8 > > wb_writeback+0x148/0x42c > > wb_do_writeback+0xc8/0x390 > > wb_workfn+0xb0/0x2f4 > > process_one_work+0x1fc/0x444 > > worker_thread+0x268/0x4b4 > > kthread+0x13c/0x158 > > ret_from_fork+0x10/0x18 > > > > Fixes: 955772787667 ("f2fs: drop inplace IO if fs status is abnormal") > > My bad, thanks for fixing this. > > > Signed-off-by: Jaegeuk Kim > > --- > > fs/f2fs/segment.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c > > index c605415840b5..ae875557d693 100644 > > --- a/fs/f2fs/segment.c > > +++ b/fs/f2fs/segment.c > > @@ -3577,9 +3577,11 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio) > > if (fio->bio) { > > struct bio *bio = *(fio->bio); > > - bio->bi_status = BLK_STS_IOERR; > > - bio_endio(bio); > > - fio->bio = NULL; > > + if (bio) { > > + bio->bi_status = BLK_STS_IOERR; > > + bio_endio(bio); > > + fio->bio = NULL; > > fio->bio points a bio assigned in writepages(), so it should reset > that bio to NULL by *(fio->bio) = NULL. Good timing. I hit other kernel panic, and it seems this is the root cause. Let me give it a try. :) --- v2 --- Unable to handle kernel NULL pointer dereference at virtual address 000000000000001a pc : f2fs_inplace_write_data+0x144/0x208 lr : f2fs_inplace_write_data+0x134/0x208 Call trace: f2fs_inplace_write_data+0x144/0x208 f2fs_do_write_data_page+0x270/0x770 f2fs_write_single_data_page+0x47c/0x830 __f2fs_write_data_pages+0x444/0x98c f2fs_write_data_pages.llvm.16514453770497736882+0x2c/0x38 do_writepages+0x58/0x118 __writeback_single_inode+0x44/0x300 writeback_sb_inodes+0x4b8/0x9c8 wb_writeback+0x148/0x42c wb_do_writeback+0xc8/0x390 wb_workfn+0xb0/0x2f4 process_one_work+0x1fc/0x444 worker_thread+0x268/0x4b4 kthread+0x13c/0x158 ret_from_fork+0x10/0x18 Fixes: 955772787667 ("f2fs: drop inplace IO if fs status is abnormal") Signed-off-by: Jaegeuk Kim --- fs/f2fs/segment.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index c605415840b5..51dc79fad4fe 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3574,12 +3574,12 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio) return err; drop_bio: - if (fio->bio) { + if (fio->bio && *(fio->bio)) { struct bio *bio = *(fio->bio); bio->bi_status = BLK_STS_IOERR; bio_endio(bio); - fio->bio = NULL; + *(fio->bio) = NULL; } return err; } -- 2.31.1.607.g51e8a6a459-goog