Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2862148rwb; Mon, 7 Nov 2022 19:49:35 -0800 (PST) X-Google-Smtp-Source: AMsMyM6bGhkW8F70L4QiJmWBN1qQ/HCXlFHz34rCZ1TPW6nT7z/nVILTl2TJZXu3tc/g81g2oAej X-Received: by 2002:a05:6a00:140a:b0:56c:b679:f812 with SMTP id l10-20020a056a00140a00b0056cb679f812mr54172794pfu.46.1667879375582; Mon, 07 Nov 2022 19:49:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667879375; cv=none; d=google.com; s=arc-20160816; b=0ZgHZqGS6op3aOhFvB3vIpOqYoxAfi32R3U//a/qxRoYdazCM6tOM94cbe1aMuFFUm RNeF66xGL1O6hMBoiKPeKQJngJhrgPbfR8EROFllso3AJCpLd6gb7H53kxp0ICCzrSck lcAn+FvKeDmzNejKRGZTC/ar4RYNayGHObHW7YCdkHU0gRXpnlUASpYtR0r+fe9SmU/Z Z0ITkNYayIO9xbgQKx3mPcXnWZezi3+KZl+Ln/vk7rUnoM6XN2e0lsG4+F1pQusvUHCa D52oIdpLN4Y6Y3FbaoGQdGpUBRLLOwIk3DY1b5EM4/vG5qqBoYAEZRX6P6i3YHEEOLK3 wmPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=0UWRZ2f/RdY7tJWCiS2PJZZmLvxhcM5LSBFSDJ/lXw4=; b=FCOCmKmxsvVchXfxDC1UZq7MU+h2aPOcHIQGAsbZi1qzNu2s6qv+brUbozggeovQmu jkZcQt99bK5zO308mK4x+//siTYTvtDCU7nq/dX2GZMTdh7i8OgaS1bsIPc8HL4qYAZf +5AlcTPHlAgb1EKW8H67paGLYeUie4e2XOcW6xeWz3iBtYqYl3U79xgG0pw2aDWsC9Rb aGUOSw/xHhKQQQBunZCZiAdwGuEocd0QJcmjr0g1o0VqqB5LlA2IZ7GW6da6oD1e29Jk 6j7/eaRTo4sQDmq4sqPZR3hcbJBv+sVwaU+xtQ0KAgFzAlc6ZeNFCUMFzJanbYuC0uD0 iEwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k68-20020a632447000000b0041cefab5b61si12063900pgk.719.2022.11.07.19.49.24; Mon, 07 Nov 2022 19:49:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232122AbiKHD2t (ORCPT + 90 others); Mon, 7 Nov 2022 22:28:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231659AbiKHD2r (ORCPT ); Mon, 7 Nov 2022 22:28:47 -0500 Received: from out199-12.us.a.mail.aliyun.com (out199-12.us.a.mail.aliyun.com [47.90.199.12]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8581913F3A; Mon, 7 Nov 2022 19:28:45 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R101e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046059;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0VUHTXsX_1667878119; Received: from 30.221.131.213(mailfrom:jefflexu@linux.alibaba.com fp:SMTPD_---0VUHTXsX_1667878119) by smtp.aliyun-inc.com; Tue, 08 Nov 2022 11:28:41 +0800 Message-ID: Date: Tue, 8 Nov 2022 11:28:39 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.4.0 Subject: Re: [Linux-cachefs] [PATCH v2 1/2] netfs: Fix missing xas_retry() calls in xarray iteration Content-Language: en-US To: David Howells , willy@infradead.org Cc: George Law , Jeff Layton , linux-kernel@vger.kernel.org, linux-cachefs@redhat.com, linux-fsdevel@vger.kernel.org References: <166757987929.950645.12595273010425381286.stgit@warthog.procyon.org.uk> From: JeffleXu In-Reply-To: <166757987929.950645.12595273010425381286.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/5/22 12:37 AM, David Howells wrote: > netfslib has a number of places in which it performs iteration of an xarray > whilst being under the RCU read lock. It *should* call xas_retry() as the > first thing inside of the loop and do "continue" if it returns true in case > the xarray walker passed out a special value indicating that the walk needs > to be redone from the root[*]. > > Fix this by adding the missing retry checks. > > [*] I wonder if this should be done inside xas_find(), xas_next_node() and > suchlike, but I'm told that's not an simple change to effect. > > This can cause an oops like that below. Note the faulting address - this > is an internal value (|0x2) returned from xarray. > > BUG: kernel NULL pointer dereference, address: 0000000000000402 > ... > RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] > ... > Call Trace: > netfs_rreq_assess+0xa6/0x240 [netfs] > netfs_readpage+0x173/0x3b0 [netfs] > ? init_wait_var_entry+0x50/0x50 > filemap_read_page+0x33/0xf0 > filemap_get_pages+0x2f2/0x3f0 > filemap_read+0xaa/0x320 > ? do_filp_open+0xb2/0x150 > ? rmqueue+0x3be/0xe10 > ceph_read_iter+0x1fe/0x680 [ceph] > ? new_sync_read+0x115/0x1a0 > new_sync_read+0x115/0x1a0 > vfs_read+0xf3/0x180 > ksys_read+0x5f/0xe0 > do_syscall_64+0x38/0x90 > entry_SYSCALL_64_after_hwframe+0x44/0xae > > Fixes: 3d3c95046742 ("netfs: Provide readahead and readpage netfs helpers") > Reported-by: George Law > Signed-off-by: David Howells > Reviewed-by: Jeff Layton > cc: Matthew Wilcox > cc: linux-cachefs@redhat.com > cc: linux-fsdevel@vger.kernel.org > --- Reviewed-by: Jingbo Xu -- Thanks, Jingbo