system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

- Fix a race in DM core's dm_start_io_acct that could result in double

Browse source 
accounting for abnormal IO (e.g. discards, write zeroes, etc).
 
 - Fix a use-after-free in DM core's dm_put_live_table_bio.
 
 - Fix a race for REQ_NOWAIT bios being issued despite no support from
   underlying DM targets (due to DM table reload at an "unlucky" time)
 
 - Fix access beyond allocated bitmap in DM mirror's log.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEJfWUX4UqZ4x1O2wixSPxCi2dA1oFAmKsqKQACgkQxSPxCi2d
 A1rSXwf+PvYtiZmtwiDEkHpJeRbSBfxZQDvY5oZs9OhHHvm/5+/NUk9SPSfhc4Uj
 6oeCcQYkh1Si+8MkOcCuMij9uiUrXG6SSD97UQ9v9DJg+scpbTDJHDkHtfryuc/Z
 y4kTQH1usHAKQhbsBlh9QR+iepf58EJ0i1aWXB8hmePkBdWM1qkrdzx66GZWh7Qe
 YaOQ4N1QMWdKYiECkDR/nB7k1yetd6WYix6oGEojj0v2UfqcKEvkxE5jmcdeoZk6
 g/i1j78D/gKrBJFsAvfN/mcnx8Fl2349p6ZpO9lPT4jv6CuhO2ewsoZmYdZEnM0/
 XEIvSZN6G5Dl7wsvaptZUmCVJCaBrg==
 =T2jQ
 -----END PGP SIGNATURE-----

Merge tag 'for-5.19/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - Fix a race in DM core's dm_start_io_acct that could result in double
   accounting for abnormal IO (e.g. discards, write zeroes, etc).

 - Fix a use-after-free in DM core's dm_put_live_table_bio.

 - Fix a race for REQ_NOWAIT bios being issued despite no support from
   underlying DM targets (due to DM table reload at an "unlucky" time)

 - Fix access beyond allocated bitmap in DM mirror's log.

* tag 'for-5.19/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm mirror log: round up region bitmap size to BITS_PER_LONG
  dm: fix narrow race for REQ_NOWAIT bios being issued despite no support
  dm: fix use-after-free in dm_put_live_table_bio
  dm: fix race in dm_start_io_acct
This commit is contained in:
Linus Torvalds 2022-06-17 10:03:53 -07:00
commit 274295c6e5
2 changed files with 18 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
drivers/md/dm-log.c
View file

@ -415,8 +415,7 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
/*
* Work out how many "unsigned long"s we need to hold the bitset.
*/
bitset_size = dm_round_up(region_count,
sizeof(*lc->clean_bits) << BYTE_SHIFT);
bitset_size = dm_round_up(region_count, BITS_PER_LONG);
bitset_size >>= BYTE_SHIFT;
lc->bitset_uint32_count = bitset_size / sizeof(*lc->clean_bits);

24
drivers/md/dm.c
View file

@ -555,6 +555,10 @@ static void dm_start_io_acct(struct dm_io *io, struct bio *clone)
unsigned long flags;
/* Can afford locking given DM_TIO_IS_DUPLICATE_BIO */
spin_lock_irqsave(&io->lock, flags);
if (dm_io_flagged(io, DM_IO_ACCOUNTED)) {
spin_unlock_irqrestore(&io->lock, flags);
return;
}
dm_io_set_flag(io, DM_IO_ACCOUNTED);
spin_unlock_irqrestore(&io->lock, flags);
}
@ -711,18 +715,18 @@ static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU)
}
static inline struct dm_table *dm_get_live_table_bio(struct mapped_device *md,
int *srcu_idx, struct bio *bio)
int *srcu_idx, unsigned bio_opf)
{
if (bio->bi_opf & REQ_NOWAIT)
if (bio_opf & REQ_NOWAIT)
return dm_get_live_table_fast(md);
else
return dm_get_live_table(md, srcu_idx);
}
static inline void dm_put_live_table_bio(struct mapped_device *md, int srcu_idx,
struct bio *bio)
unsigned bio_opf)
{
if (bio->bi_opf & REQ_NOWAIT)
if (bio_opf & REQ_NOWAIT)
dm_put_live_table_fast(md);
else
dm_put_live_table(md, srcu_idx);
@ -1609,7 +1613,12 @@ static blk_status_t __split_and_process_bio(struct clone_info *ci)
ti = dm_table_find_target(ci->map, ci->sector);
if (unlikely(!ti))
return BLK_STS_IOERR;
else if (unlikely(ci->is_abnormal_io))
if (unlikely((ci->bio->bi_opf & REQ_NOWAIT) != 0) &&
unlikely(!dm_target_supports_nowait(ti->type)))
return BLK_STS_NOTSUPP;
if (unlikely(ci->is_abnormal_io))
return __process_abnormal_io(ci, ti);
/*
@ -1711,8 +1720,9 @@ static void dm_submit_bio(struct bio *bio)
struct mapped_device *md = bio->bi_bdev->bd_disk->private_data;
int srcu_idx;
struct dm_table *map;
unsigned bio_opf = bio->bi_opf;
map = dm_get_live_table_bio(md, &srcu_idx, bio);
map = dm_get_live_table_bio(md, &srcu_idx, bio_opf);
/* If suspended, or map not yet available, queue this IO for later */
if (unlikely(test_bit(DMF_BLOCK_IO_FOR_SUSPEND, &md->flags)) ||
@ -1728,7 +1738,7 @@ static void dm_submit_bio(struct bio *bio)
dm_split_and_process_bio(md, map, bio);
out:
dm_put_live_table_bio(md, srcu_idx, bio);
dm_put_live_table_bio(md, srcu_idx, bio_opf);
}
static bool dm_poll_dm_io(struct dm_io *io, struct io_comp_batch *iob,