Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp1966740ioo; Mon, 23 May 2022 07:15:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxJLW47ikncwi9SmvQybUmzELN4XatkO4uTVvzrgHXm9lruZt1iX5ZTKg0/d59Jk6tWRSbO X-Received: by 2002:a17:90a:4cc2:b0:1dd:1010:d10d with SMTP id k60-20020a17090a4cc200b001dd1010d10dmr26730941pjh.205.1653315321779; Mon, 23 May 2022 07:15:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653315321; cv=none; d=google.com; s=arc-20160816; b=fCcOy3ysoinIwRSjKip945Oa6WafM1XzFA6h+CWRf7OUgudl8cP4yD6ekFVuygIC9+ J+GCE09jZRb2rJ9q2emd4+R53+SoZywrd5o84B8+7K0SpmCM0KK/TCnJCxdzuGFpE4pL 9opyUYMwdQG6IkNOFeVax1kGashMGTfiLkNZDLBsbRKVA3g90r1FZzxCgI05/+ct92p2 9C4v4pnlLUgyaJGJix1V79Y6ryA39P7cSf9Ga8xvkRAjmXkc3oadfoCw18Hgs3hP+H2I FQqmBzNqBPv0x8QuBuoRbhMTWuWFpsOA0C/HQiGixefLLHYXBROos6kAHoH85spJSiPx ILvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=gQqSOYtXKCovkcmnzORDeqKEFCpsqidTzONhfpIe2p8=; b=K9V7Fn5eOzUFGY9Vb/m1WQuhJaQCYhTLaiW69FgXQUZ3mhsuii4Hu6hEJs6nb0GbZH yifcyM1VxnpR0UdgaBRL8ByvgT3Gg3ItBh6ZIhluWilh+XqpVap4O8KYbS+klQSD8k2Q Wiv0b1a0rwzel3l6hXnM7QLFjBYXlHUpaO70QMHnxm5RzM4LgtViIL/dcO60zDBmlx4f E3IjVz2stNSraaD8LoS1J7k3XLIATKcu6P/ivmf38rnalK+tCZCJrufB1sSclv8jYV7Y F3LDQX8YGyJelw9rJ3V+i71UAJbQlFb5LUlW+nLFxuM+JRjzKYsrKZ8Mqv6hEKBsIKTS lFRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@toxicpanda-com.20210112.gappssmtp.com header.s=20210112 header.b=vKzkSS4b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id k13-20020a056a00134d00b00518947dda01si7631859pfu.183.2022.05.23.07.15.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 07:15:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@toxicpanda-com.20210112.gappssmtp.com header.s=20210112 header.b=vKzkSS4b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E8C1F583B2; Mon, 23 May 2022 07:15:19 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236970AbiEWOPJ (ORCPT + 99 others); Mon, 23 May 2022 10:15:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236963AbiEWOPI (ORCPT ); Mon, 23 May 2022 10:15:08 -0400 Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98A4956208 for ; Mon, 23 May 2022 07:15:01 -0700 (PDT) Received: by mail-qv1-xf2e.google.com with SMTP id dm17so12181155qvb.2 for ; Mon, 23 May 2022 07:15:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20210112.gappssmtp.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=gQqSOYtXKCovkcmnzORDeqKEFCpsqidTzONhfpIe2p8=; b=vKzkSS4bG/EMe1SPtyOi4LEBAkEGV2enoBPonfxF5+4AHmjNpTtXnkLCtnsq1Xvv4E GRj2+N6KpPbAADnV+7fmpgdvsnDrtiFG0VHZHXYc2wmTv1OuSsorJB5WEHpKzoWjwPDK k/2mK+W3ZAz/FFJH8JVyAWRpGymYz/1QpgK3gN37JahC01zUcT9mw6ih78Q7mJIjgk2b e0tuPxiCmo1HZalzLh1IKi7nXy/VvodzIaVloi9hV6P6z3MRtbx1R22n2ErtrQX02rrJ ynewHtDppmBXIgCvptEaLRNoiTYOfmguW5gh1HSDcIVTXzQV9sckJFu8Ss0fIISRK2nE iwgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=gQqSOYtXKCovkcmnzORDeqKEFCpsqidTzONhfpIe2p8=; b=PhII/F26UCH4GGHn+dVsCiQ5zSpZ9OlRbtlgDmntJzEPwz/v0gC0Yzl9kQdaK81Bix J37xQu6YllHNksbBqDuXzdelUbgNPwzDSnldBqZ6fyqcAUianzM5XwC0k+3QSdbbklbU Tqy4x/Iqlf1r6ELKNpB3E7qKXVy3/X9uzwOuMG2/959mXRgLKoaJI1awgtRUX5oX1S6g VrGo1WVGETJLKQiHu4Os6mjm3rqng8YAg9lzoVP/VjKV9LEr7+KynfnjdFWhrKwYrz+7 g/Zs4E9okqI7f8iNISDHz7V5zBrc4Wds2j9vcmzeofToCNxDSUPn4lzOEV4rDbqV5W9R wAAQ== X-Gm-Message-State: AOAM533h+wLIBXosGiiSf0mridOfSmh1DTg3lgZ9zhEtnXciSeLh+uiu siwxe0MNXnnYgEutI2fmvt/Pqfjh6g3sYg== X-Received: by 2002:a0c:e7c7:0:b0:461:e559:18d0 with SMTP id c7-20020a0ce7c7000000b00461e55918d0mr17285270qvo.2.1653315300574; Mon, 23 May 2022 07:15:00 -0700 (PDT) Received: from localhost (cpe-174-109-172-136.nc.res.rr.com. [174.109.172.136]) by smtp.gmail.com with ESMTPSA id k17-20020a05620a139100b006a367e8d954sm4096141qki.118.2022.05.23.07.15.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 07:15:00 -0700 (PDT) Date: Mon, 23 May 2022 10:14:59 -0400 From: Josef Bacik To: Yu Kuai Cc: axboe@kernel.dk, ming.lei@redhat.com, linux-block@vger.kernel.org, nbd@other.debian.org, linux-kernel@vger.kernel.org, yi.zhang@huawei.com Subject: Re: [PATCH -next v3 2/6] nbd: fix race between nbd_alloc_config() and module removal Message-ID: References: <20220521073749.3146892-1-yukuai3@huawei.com> <20220521073749.3146892-3-yukuai3@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220521073749.3146892-3-yukuai3@huawei.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 21, 2022 at 03:37:45PM +0800, Yu Kuai wrote: > When nbd module is being removing, nbd_alloc_config() may be > called concurrently by nbd_genl_connect(), although try_module_get() > will return false, but nbd_alloc_config() doesn't handle it. > > The race may lead to the leak of nbd_config and its related > resources (e.g, recv_workq) and oops in nbd_read_stat() due > to the unload of nbd module as shown below: > > BUG: kernel NULL pointer dereference, address: 0000000000000040 > Oops: 0000 [#1] SMP PTI > CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) > Workqueue: knbd16-recv recv_work [nbd] > RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd] > Call Trace: > recv_work+0x3b/0xb0 [nbd] > process_one_work+0x1ed/0x390 > worker_thread+0x4a/0x3d0 > kthread+0x12a/0x150 > ret_from_fork+0x22/0x30 > > Fixing it by checking the return value of try_module_get() > in nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV), > assign nbd->config only when nbd_alloc_config() succeeds to ensure > the value of nbd->config is binary (valid or NULL). > > Also adding a debug message to check the reference counter > of nbd_config during module removal. > > Signed-off-by: Hou Tao > Signed-off-by: Yu Kuai Reviewed-by: Josef Bacik Thanks, Josef