Received: by 2002:ab2:7903:0:b0:1fb:b500:807b with SMTP id a3csp705182lqj;
        Sun, 2 Jun 2024 19:20:19 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXHTAs6ub5nHStMkQRFWqz8I/9VUi4t8z1vPd+A0gyXibBRVhQQq4Uqk/BtGu51UtVViZV/OlIqhE+bvxfaPVb2uSA2xb7PjBina52JRw==
X-Google-Smtp-Source: AGHT+IEQw2S1mgSfx5m5jNuesY8mwDcOWFn6mk36tGPuSvJAWAsPOF1tnc9Ne+4JW1EHg7Nygthf
X-Received: by 2002:a81:fe07:0:b0:61b:92dc:c19c with SMTP id 00721157ae682-62c79825dd6mr69711417b3.52.1717381219433;
        Sun, 02 Jun 2024 19:20:19 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717381219; cv=pass;
        d=google.com; s=arc-20160816;
        b=JeUm4KUJhW7Kalwu4zoJmA6ixT/FgcpwJ6WVoi77M3y8xp6FlYmJ0DpwzVyiDlBugm
         B6NvAn1FNISR5T+K/Xs0J2ZhSiB8BUiwpRuQzsZF2QJPOPDIy6O2TpvwOVKzlJ+eNTOc
         lFTnvG/tjf9SdxyHVJbImRbgcXxuaDDucaf/c2kI9G1CIErq3d8ku3I2bYBFtSkYXoxR
         21EPEesSaUz/5mWQOalAcxSwAyPPWZJS4c7zbUr3rUtzwxkrA7F7G1efD4rYl4SRv/Wz
         4XuTjhWG2C/ul3JTwrkhcmIN2BhAUZ3/1tuhXLK/zvZUTourQqeva6YaFAi9VOTDrYD/
         fsLg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject
         :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id
         :precedence:date:message-id;
        bh=jXfKM5B6nSLfga6aCrAoSxBduAUtKFX3rC0nviiE9Ok=;
        fh=LxvrOfpwDp4sKt6SywzuTfM5BY3DV8hSFOwEDP4Ze2U=;
        b=BKaTh1ASfgpmUlP0XNU1BUAju4RzzixHRVgNhEYzjQkBC/yqNXn7BhfRPLdpqAwQ2t
         wsVVKoVSKIvqjG3yf0IkjuY2U+i4wNO5g8F3WRy1m8nkSrPeltNaITVrPesdbesLIlfY
         E5kCXDZfYMtpGZOPLCFdE1EGDxQZD+rq6slaT7AFcBtQUPIOvOLMTt9CKy0lCB1dbrJH
         jBI8jQPdPjqsv3Rrr8huzmLclJWLANV5Ljr7fbCea2rjcmzI8Nb+Ey9Xa4MhXIns91+t
         maYrD+7hIH+in1kOYeV/WKnOwHqevk8jkNNNejha0CLUv3cxmEWRJWDHFBGiTN8ShFXM
         qTMw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=huaweicloud.com);
       spf=pass (google.com: domain of linux-kernel+bounces-198543-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-198543-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-198543-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id 6a1803df08f44-6ae4b419219si77503326d6.425.2024.06.02.19.20.19
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 02 Jun 2024 19:20:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-198543-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=huaweicloud.com);
       spf=pass (google.com: domain of linux-kernel+bounces-198543-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-198543-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1E3AE1C20B8A
	for <linux.lists.archive@gmail.com>; Mon,  3 Jun 2024 02:20:19 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 178CE79D8;
	Mon,  3 Jun 2024 02:20:11 +0000 (UTC)
Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A86964F;
	Mon,  3 Jun 2024 02:20:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717381210; cv=none; b=HMgiJcxfviH6yFDn8OqsObEF5xDu9qkyjuOwcEQVyh4q6CBJNoFfjmOuKI6y9gnUNeExRcX7MhH+AJ9vklUbK6wIi6glEtz01A8jqi8+wyOo+83SLXL3dyXBwh7vnNoHzaWQFSuLTW7oe1iiJGY5pj8jUO+bXkBtNULjBGL0vkA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717381210; c=relaxed/simple;
	bh=mWSfs4wqgd3pgY2XnMo1sXFI0l9SAIXMQk+DIvDZn5Q=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=sihQkihVHpM4pXbHAyQSR+XCCXhh9lo3IVxFB2HLzYjoPTvf9mlYnSB9Kmj7GmZpi2J2rHgi0rnlz7OgqBXaxg/c7U0O+MMIIKTFVwZvDFM1b1bCSwWWtupUHFylLk7iyhE4scEO7t4z0s1JP3S9YKhW+c75oiAjPWLrL/hD4RY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com
Received: from mail.maildlp.com (unknown [172.19.163.216])
	by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Vsy9N3mNxz4f3kKh;
	Mon,  3 Jun 2024 10:19:52 +0800 (CST)
Received: from mail02.huawei.com (unknown [10.116.40.75])
	by mail.maildlp.com (Postfix) with ESMTP id BF58E1A0199;
	Mon,  3 Jun 2024 10:19:58 +0800 (CST)
Received: from [10.174.179.247] (unknown [10.174.179.247])
	by APP2 (Coremail) with SMTP id Syh0CgAnmAtGKF1m7AwgOw--.17601S3;
	Mon, 03 Jun 2024 10:19:58 +0800 (CST)
Message-ID: <225f4c8e-0e2c-8f4b-f87d-69f4677af572@huaweicloud.com>
Date: Mon, 3 Jun 2024 10:19:50 +0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.10.0
Subject: Re: [PATCH] ublk_drv: fix NULL pointer dereference in
 ublk_ctrl_start_recovery()
To: Ming Lei <ming.lei@redhat.com>
Cc: axboe@kernel.dk, ZiyangZhang@linux.alibaba.com, czhong@redhat.com,
 linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
 yukuai3@huawei.com, yi.zhang@huawei.com, houtao1@huawei.com,
 yangerkun@huawei.com
References: <20240529095313.2568595-1-linan666@huaweicloud.com>
 <Zl0QpCbYVHIkKa/H@fedora>
From: Li Nan <linan666@huaweicloud.com>
In-Reply-To: <Zl0QpCbYVHIkKa/H@fedora>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-CM-TRANSID:Syh0CgAnmAtGKF1m7AwgOw--.17601S3
X-Coremail-Antispam: 1UD129KBjvdXoW7JF1kWFWDGFWkZFy3Ar47Jwb_yoWDKrX_uw
	1vvrZ7Xw4DCF4Fk3ZrKFy5Zr97tF4kXw1kKFWYvrZav34UA3ZrZFyxZrn3Ga18ZrWrCFnx
	uw13tw40qF18AjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
	9fnUUIcSsGvfJTRUUUba8YFVCjjxCrM7AC8VAFwI0_Gr0_Xr1l1xkIjI8I6I8E6xAIw20E
	Y4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwV
	A0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x02
	67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267
	AKxVW0oVCq3wAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082IY62kv0487Mc02
	F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUAVWUtwAv7VC2z280aVAFwI
	0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcVAKI48JM4IIrI8v6xkF7I0E8cxa
	n2IY04v7Mxk0xIA0c2IEe2xFo4CEbIxvr21l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x
	0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2
	zVAF1VAY17CE14v26r1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF
	4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r4UMIIF0xvE42xK8VAvwI8IcIk0rVWrZr1j
	6s0DMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_GrUvcS
	sGvfC2KfnxnUUI43ZEXa7IU17DG7UUUUU==
X-CM-SenderInfo: polqt0awwwqx5xdzvxpfor3voofrz/



在 2024/6/3 8:39, Ming Lei 写道:

[...]

>> diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
>> index 4e159948c912..99b621b2d40f 100644
>> --- a/drivers/block/ublk_drv.c
>> +++ b/drivers/block/ublk_drv.c
>> @@ -2630,7 +2630,8 @@ static void ublk_queue_reinit(struct ublk_device *ub, struct ublk_queue *ubq)
>>   {
>>   	int i;
>>   
>> -	WARN_ON_ONCE(!(ubq->ubq_daemon && ubq_daemon_is_dying(ubq)));
>> +	if (WARN_ON_ONCE(!(ubq->ubq_daemon && ubq_daemon_is_dying(ubq))))
>> +		return;
> 
> Yeah, it is one bug. However, it could be addressed by adding the check in
> ublk_ctrl_start_recovery() and return immediately in case of NULL ubq->ubq_daemon,
> what do you think about this way?
> 

Check ub->nr_queues_ready seems better. How about:

@@ -2662,6 +2662,8 @@ static int ublk_ctrl_start_recovery(struct 
ublk_device *ub,
         mutex_lock(&ub->mutex);
         if (!ublk_can_use_recovery(ub))
                 goto out_unlock;
+       if (!ub->nr_queues_ready)
+               goto out_unlock;
         /*
          * START_RECOVERY is only allowd after:
          *

> 
> Thanks,
> Ming

-- 
Thanks,
Nan