Received: by 2002:ab2:6309:0:b0:1fb:d597:ff75 with SMTP id s9csp446853lqt; Thu, 6 Jun 2024 08:10:57 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWc72vCelVAu8apxlA3r1PrEB66vry3mB4sw6Vb83p4tOSvgW++GonN7J/+8FsR7e4zMFLU5rIgrLWi4mLXaOqTxKe+qRyPYlXeiZgLng== X-Google-Smtp-Source: AGHT+IGC9NphEtE4DfenYQGzort7OBWlT/WkHY1r/amXpDJn4ShmA+2KRBVQT0+DPvhVQQfZB3Nm X-Received: by 2002:a17:902:f20b:b0:1f6:8014:5e29 with SMTP id d9443c01a7336-1f6a5a26ea4mr59595905ad.40.1717686656849; Thu, 06 Jun 2024 08:10:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717686656; cv=pass; d=google.com; s=arc-20160816; b=iuwM5hViGK4nnPhAbCPkd0u0j0LeyhY27GY9kefZFPnJp2EYOpVzfcuuDNVQ3BriLU /otCZ9nrilseD+Jew1zTomfhD3xY4KAg4et/X9YaRrHGjqtn/jK6zR1W3f2icyFkN6d9 bvK3Ty7IKJ/uWy3KCMlzFVIS9WBY3lvh5oJ9GnAKOIMW0Om9VqiL+eMCDLH73bnYPpWL B7D4tQjaE+mmA4LGALyFbd1maVu3HHsIiEcyAa4M5lJ5MvUN3LUYuykREKfXjRE3DSMo 4dSLHUMd3NXiw1k6QOdbkCeaZutxFmOzz1kBkp6QMjYVrzAGghDUyc93Zs2+osZqjspe HNnQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=iqw3ulTgT3WOYmTar3ZvencBj9bvK1e+eNQvYeGna2o=; fh=b9aklLKiyyzP/RQXZfTtLyNtnIXdYN6jOfeA3JId8iU=; b=GHjyeiagO7+gpS8tvtlnRR9OtbEPm//pwXjMlGklAEPuIoKfTC9BcwbeBh+tWXLSbk 5VmJrJaM7S3jRRhHY3ZkFQ3mpAsO/3aXjq5d757p+xP6Ud9BXpoYQ2fZz/Sn1KB2+tlz Dfb87D451DR/SxbuqyTkpOBNcBV+kI0QA5b6Pvv7n++3Gv///v1RKH1uexikTbDOFzRu 993JB5smlLCdYn6QtJvFkLyPIQczm68elDRc3++gwGI1+Xy4elbJqaKxg9GyzO4okxvC ShwX/fmTRuCqBImABtSCnsWFUOVXTiUABC3Ly/uh4GoloigOCQqW28WjKV3/mTlAy9CK kdlg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Dw/iUL5g"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-204476-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-204476-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 41be03b00d2f7-6de25eecf7asi1277604a12.422.2024.06.06.08.10.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jun 2024 08:10:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-204476-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Dw/iUL5g"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-204476-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-204476-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5134828AF53 for ; Thu, 6 Jun 2024 14:57:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CB2C5160865; Thu, 6 Jun 2024 14:30:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Dw/iUL5g" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66EB51E507 for ; Thu, 6 Jun 2024 14:30:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717684228; cv=none; b=agfCojQFGeTeCBGhRBWSh6sMUTb8hLF1vXUEbl3hihaMmLHrOlr6oIi4mRx+Vf4q+6IwvtxfEWiYPkcZqM/+6FCLZgaEA8SL79LYgLZoeKzfw3Z5HaydaGGlmXKM/SOkCdYzcEfX1TuPjay47nomJqkUO+xg/1CeelcBoSnh0cA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717684228; c=relaxed/simple; bh=pZ1CKh3rD/Cz84c1OVJeXYmbaArg0035BD5hKW/0e0k=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Xx+3bdHsEW9AKz8FyGtLU6iXRHldelBb/dmJBexC5EvKs/fjjVD4d3bgLbMdxLGRs4mwwDbXRe6AW9F4ais/sf8MmbdGYTl8R/KT5hDMpBB7pJCRFoBjkS+Y9buc4lGIOiXNpTcgp06pI3dZy48NYhb6AHA0LhI+7oIpLBMywRI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Dw/iUL5g; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717684225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=iqw3ulTgT3WOYmTar3ZvencBj9bvK1e+eNQvYeGna2o=; b=Dw/iUL5gzTTaFLaiq4HLZs0jEcGVf+lIpplZX6hLPl0p5QT2DFn6UyfKuslj132suca5S3 xQUvYR9Ym97hy+iNXgQxbBCfIAPopb9gqa5335M2rwVomKmJfja6pETv2h4tmoxVCNFcqg hrd9xQvOvrFqiWViESKv282JZrY5xoM= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-303-bNueIWOhOgeP9J9aaoLCfA-1; Thu, 06 Jun 2024 10:30:22 -0400 X-MC-Unique: bNueIWOhOgeP9J9aaoLCfA-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5062F196DFDF; Thu, 6 Jun 2024 14:30:20 +0000 (UTC) Received: from fedora (unknown [10.72.113.78]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 6B9301959178; Thu, 6 Jun 2024 14:30:11 +0000 (UTC) Date: Thu, 6 Jun 2024 22:30:06 +0800 From: Ming Lei To: yebin Cc: Christoph Hellwig , axboe@kernel.dk, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Ye Bin , Zhang Yi , "Ewan D. Milne" , linux-nvme@lists.infradead.org Subject: Re: [PATCH] block: bio-integrity: fix potential null-ptr-deref in bio_integrity_free Message-ID: References: <20240606062655.2185006-1-yebin@huaweicloud.com> <66619EB6.4040002@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <66619EB6.4040002@huaweicloud.com> X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 On Thu, Jun 06, 2024 at 07:34:14PM +0800, yebin wrote: > > > On 2024/6/6 14:44, Christoph Hellwig wrote: > > What kernel is this on? As of Linux 6.9 we are now always freezing > v4.18 > > the queue while updating the logical_block_size in the nvme driver, > > so there should be no inflight I/O while it is changing. > > > The root cause of the problem is that there is no concurrency protection > between > issuing DIO checks in __ blkdev direct IO simple() and updating logical > block sizes , > resulting in the block layer being able to see DIOs that are not aligned > with logical > blocks. Yeah, that is one area queue freezing can't cover logical block size change, but I'd suggest to put the logical bs check into submit_bio() or slow path of __bio_queue_enter() at least. BTW, Yi has one reproducer, and slab is corrupted just like this report when running 'nvme format' & IO on partitions. I am not sure if this kind of change can avoid the issue completely, anyway Yi and I can test it and see if the kind of change works. My concern is that nvme format is started without draining IO, and IO can be submitted to hardware when nvme FW is handling formatting. I am not sure if nvme FW can deal with this situation correctly. Ewan suggested to run 'nvme format' with exclusive nvme disk open, which needs nvme-cli change. Thanks, Ming