From patchwork Thu Mar 9 23:46:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tahsin Erdogan X-Patchwork-Id: 9614353 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B17B760417 for ; Thu, 9 Mar 2017 23:46:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A4CFA286E7 for ; Thu, 9 Mar 2017 23:46:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 99C3B286EF; Thu, 9 Mar 2017 23:46:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48E06286E7 for ; Thu, 9 Mar 2017 23:46:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754272AbdCIXqr (ORCPT ); Thu, 9 Mar 2017 18:46:47 -0500 Received: from mail-pg0-f54.google.com ([74.125.83.54]:34979 "EHLO mail-pg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753252AbdCIXqp (ORCPT ); Thu, 9 Mar 2017 18:46:45 -0500 Received: by mail-pg0-f54.google.com with SMTP id b129so31861183pgc.2 for ; Thu, 09 Mar 2017 15:46:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QNpMlWSeUzEBMH/RUhmkfB16WjenI8i2z+1wS/GxBfE=; b=l/4sEb27LMy18psyHC1qsnxN6/pvQnIxGPt7CC8pS40yrzw1A5pHj/QY0vhm7YDQUf jnzeYzUFXAIDTqhOkzvfLLXWjJy/n9MoVp699+nFJvq+zKHT45l4qIzLosrkAuigjlqw V+tVG65Kf3MXmgsNQXb0+v7JOL25S4YvW6mYmY+5Tg0A1DSFplXUB2rp3j7npVekWaAw QgGXfCxG9ojw4IiIDZPZyFiwrbcPy16ckp+s7/qmkrh51gSDhpZ4xgAhbumKY26Pb86P wfpl3fE8Ejldg+UWqp+SULWcbIDzUCEgyJLnmYtobCV9tyxfplMrT94sZCIcqyTvkkfC d6jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QNpMlWSeUzEBMH/RUhmkfB16WjenI8i2z+1wS/GxBfE=; b=o6cgJ3bnar5mPKadvGg+DzgLQ5WTDawSu8STaezmkJag4U3I1Fuh7iAPkkxuVP9v+z EHofSkLcPyo7IFZAsFruCdwDhLfExYKYiZXbNAIOj+jLfTvd8WUUoZYxTb2fTEPSJn02 eMrabMshICKqV37Kfh7KsIlvmtkzPpnekxeFdLs35HpicS1Ch7GGyyd89nnYicPfuqKy ab4X92nLJpAUor9dDY7Hoc+YXJqbhJwxEQwNvHmcPlzc+IMib2K5LlAu+1yvFCvKMfVj V6643U0+973183ABqN3I7D6vPXNH90q4G3/aFnldVrCa1QGSU5izoic5DBhfORIFmHKQ Wyzw== X-Gm-Message-State: AMke39lqzsdM6u9cSACjfauXFfNizmbTVhP/YTisIqb3x+v1EPAelMRO8MLyz1rkQnVWw/Mb X-Received: by 10.98.57.23 with SMTP id g23mr17332890pfa.32.1489103193853; Thu, 09 Mar 2017 15:46:33 -0800 (PST) Received: from tahsin1.mtv.corp.google.com ([100.99.140.90]) by smtp.gmail.com with ESMTPSA id 73sm14527929pfj.31.2017.03.09.15.46.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 09 Mar 2017 15:46:33 -0800 (PST) From: Tahsin Erdogan To: Alexander Viro , Ilya Dryomov , Jens Axboe , Raghavendra K T , Tejun Heo , Jan Kara Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Tahsin Erdogan Subject: [PATCH v2] block, writeback: wait for writeback to finish before detaching wb Date: Thu, 9 Mar 2017 15:46:08 -0800 Message-Id: <20170309234608.12738-1-tahsin@google.com> X-Mailer: git-send-email 2.12.0.246.ga2ecc84866-goog In-Reply-To: <20170309182645.GD28982@htj.duckdns.org> References: <20170309182645.GD28982@htj.duckdns.org> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP __blkdev_put() could surprise writeback thread by detaching the wb object from an inode that hasn't cleared the I_SYNC flag yet. This causes a NULL pointer dereference as seen below: BUG: unable to handle kernel NULL pointer dereference at (null) IP: locked_inode_to_wb_and_lock_list+0x38/0x440 PGD 0 Oops: 0000 [#1] SMP CPU: 0 PID: 34 Comm: kworker/u8:1 Not tainted 4.11.0-rc1+ #202 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: writeback wb_workfn (flush-8:16) task: ffff88013aa780c0 task.stack: ffffc9000012c000 RIP: 0010:locked_inode_to_wb_and_lock_list+0x38/0x440 RSP: 0018:ffffc9000012fb70 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000018 RDX: ffff88013aa780c0 RSI: ffff880139a478f8 RDI: ffff88013aa788b8 RBP: ffffc9000012fba0 R08: 0000000000000001 R09: 0000000000000000 R10: 00000000969da8e2 R11: 0000000000000000 R12: ffff880139a47858 R13: ffff880139a478e0 R14: ffff880139a478f8 R15: ffff8801371f4058 FS: 0000000000000000(0000) GS:ffff88013ae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000001012000 CR4: 00000000000006f0 Call Trace: writeback_sb_inodes+0x3e1/0x7a0 __writeback_inodes_wb+0x87/0xc0 wb_writeback+0x2e7/0x5c0 wb_workfn+0x2d1/0x9c0 process_one_work+0x1d3/0x620 worker_thread+0x126/0x4a0 kthread+0x10a/0x140 ret_from_fork+0x2e/0x40 RIP: locked_inode_to_wb_and_lock_list+0x38/0x440 RSP: ffffc9000012fb70 CR2: 0000000000000000 ---[ end trace e0ea8a2695f4c86c ]--- Make __blkdev_put() wait for the I_SYNC flag to clear before detaching wb. Fixes: 43d1c0eb7e11 ("block: detach bdev inode from its wb in __blkdev_put()") Signed-off-by: Tahsin Erdogan --- v2: Removed white space clean up changes fs/block_dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/block_dev.c b/fs/block_dev.c index 2eca00ec4370..fdc71f9f8003 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -1880,7 +1880,10 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part) * Detaching bdev inode from its wb in __destroy_inode() * is too late: the queue which embeds its bdi (along with * root wb) can be gone as soon as we put_disk() below. + * Before detaching wb, wait for any writeback activity for + * inode to settle. */ + inode_wait_for_writeback(bdev->bd_inode); inode_detach_wb(bdev->bd_inode); } if (bdev->bd_contains == bdev) {