Re: [PATCH 18/20] block: refator submit_bio_noacct

rename ->make_request_fn and move it to the block_device_operations · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 01/20] nfblock: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
Re: [PATCH 01/20] nfblock: stop using ->queuedata · Geert Uytterhoeven <geert@linux-m68k.org> · 2020-06-29
[PATCH 02/20] simdisk: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 03/20] drbd: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 06/20] rsxx: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 20/20] block: remove direct_make_request · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 19/20] block: shortcut __submit_bio_noacct for blk-mq drivers · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 18/20] block: refator submit_bio_noacct · Christoph Hellwig <hch@lst.de> · 2020-06-29
Re: [PATCH 18/20] block: refator submit_bio_noacct · Qian Cai <hidden> · 2020-07-02
Re: [PATCH 18/20] block: refator submit_bio_noacct · Christoph Hellwig <hch@lst.de> · 2020-07-02
Re: [PATCH 18/20] block: refator submit_bio_noacct · Naresh Kamboju <hidden> · 2020-07-02
Re: [PATCH 18/20] block: refator submit_bio_noacct · Naresh Kamboju <hidden> · 2020-07-02
[PATCH 16/20] block: move ->make_request_fn to struct block_device_operations · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 17/20] block: rename generic_make_request to submit_bio_noacct · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 15/20] block: remove the nr_sectors variable in generic_make_request_checks · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 13/20] block: tidy up a warning in bio_check_ro · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 14/20] block: remove the NULL queue check in generic_make_request_checks · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 12/20] block: remove the request_queue argument from blk_queue_split · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 11/20] fs: remove a weird comment in submit_bh_wbc · Christoph Hellwig <hch@lst.de> · 2020-06-29
Re: [PATCH 11/20] fs: remove a weird comment in submit_bh_wbc · Jens Axboe <axboe@kernel.dk> · 2020-06-30
[PATCH 10/20] dm: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 09/20] bcache: stop setting ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 07/20] umem: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 08/20] zram: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 05/20] ps3vram: stop using ->queuedata · Christoph Hellwig <hch@lst.de> · 2020-06-29
[PATCH 04/20] null_blk: stop using ->queuedata for bio mode · Christoph Hellwig <hch@lst.de> · 2020-06-29
Re: rename ->make_request_fn and move it to the block_device_operations · Jens Axboe <axboe@kernel.dk> · 2020-06-30
Re: rename ->make_request_fn and move it to the block_device_operations · Jens Axboe <axboe@kernel.dk> · 2020-06-30
Re: rename ->make_request_fn and move it to the block_device_operations · Christoph Hellwig <hch@lst.de> · 2020-06-30
Re: rename ->make_request_fn and move it to the block_device_operations · Jens Axboe <axboe@kernel.dk> · 2020-06-30
Re: rename ->make_request_fn and move it to the block_device_operations · Jens Axboe <axboe@kernel.dk> · 2020-06-30

From: Naresh Kamboju <hidden>
Date: 2020-07-02 15:53:03
Also in: dm-devel, linux-bcache, linux-m68k, linux-nvme, linux-raid, linux-s390, lkml, nvdimm

On Thu, 2 Jul 2020 at 20:45, Christoph Hellwig [off-list ref] wrote:

On Thu, Jul 02, 2020 at 10:10:10AM -0400, Qian Cai wrote:

quoted

On Mon, Jun 29, 2020 at 09:39:45PM +0200, Christoph Hellwig wrote:

quoted

Split out a __submit_bio_noacct helper for the actual de-recursion
algorithm, and simplify the loop by using a continue when we can't
enter the queue for a bio.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Reverting this commit and its dependencies,

5a6c35f9af41 block: remove direct_make_request
ff93ea0ce763 block: shortcut __submit_bio_noacct for blk-mq drivers

fixed the stack-out-of-bounds during boot,

https://lore.kernel.org/linux-block/000000000000bcdeaa05a97280e4@google.com/ (local)

Yikes.  bio_alloc_bioset pokes into bio_list[1] in a totally
undocumented way.  But even with that the problem should only show
up with "block: shortcut __submit_bio_noacct for blk-mq drivers".

Can you try this patch?

Applied your patch on top of linux-next 20200702 and tested on
arm64 and x86_64 devices and the reported BUG fixed.

Reported-by: Naresh Kamboju <redacted>
Tested-by: Naresh Kamboju <redacted>

quoted hunk ↗ jump to hunk

diff --git a/block/blk-core.c b/block/blk-core.c
index bf882b8d84450c..9f1bf8658b611a 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c

@@ -1155,11 +1155,10 @@ static blk_qc_t __submit_bio_noacct(struct bio *bio)
 static blk_qc_t __submit_bio_noacct_mq(struct bio *bio)
 {
        struct gendisk *disk = bio->bi_disk;
-       struct bio_list bio_list;
+       struct bio_list bio_list[2] = { };
        blk_qc_t ret = BLK_QC_T_NONE;

-       bio_list_init(&bio_list);
-       current->bio_list = &bio_list;
+       current->bio_list = bio_list;

        do {
                WARN_ON_ONCE(bio->bi_disk != disk);

@@ -1174,7 +1173,7 @@ static blk_qc_t __submit_bio_noacct_mq(struct bio *bio)
                }

                ret = blk_mq_submit_bio(bio);
-       } while ((bio = bio_list_pop(&bio_list)));
+       } while ((bio = bio_list_pop(&bio_list[0])));

        current->bio_list = NULL;
        return ret;

ref:
https://lkft.validation.linaro.org/scheduler/job/1538359#L288
https://lkft.validation.linaro.org/scheduler/job/1538360#L572


- Naresh

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help