On Tue, Feb 27, 2018 at 08:28:55PM +0800, tang.junhui@xxxxxxxxxx wrote:
> From: Tang Junhui <tang.junhui@xxxxxxxxxx>
>
> Hello, Marc
>
> When duplicate cache device retistered, bdev has already been freed
> in register_cache(), so bdevname(bdev, name) cause kernel crash.
> Please apply this patch add test again to see if this issue still
> exist.
Thanks for the quick patch.
Testing again is going to be difficult though given that I've already wiped
the device that was causing my crashes, but I'm assuming it should be easy
for you to reproduce this by simply dd'ing a bcache partition onto another
on, and bringing this device up on the same machine?
Ideally it can even be added to the standard test suite to verify that the
patch not only fixes the problem, but also that the bug does not come back
in the future?
Thanks,
Marc
> Signed-off-by: Tang Junhui <tang.junhui@xxxxxxxxxx>
> ---
> drivers/md/bcache/super.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
> index b4d2892..6285d31 100644
> --- a/drivers/md/bcache/super.c
> +++ b/drivers/md/bcache/super.c
> @@ -1859,6 +1859,8 @@ static int register_cache(struct cache_sb *sb, struct page *sb_page,
> const char *err = NULL; /* must be set for any error case */
> int ret = 0;
>
> + bdevname(bdev, name);
> +
> memcpy(&ca->sb, sb, sizeof(struct cache_sb));
> ca->bdev = bdev;
> ca->bdev->bd_holder = ca;
> @@ -1867,11 +1869,12 @@ static int register_cache(struct cache_sb *sb, struct page *sb_page,
> ca->sb_bio.bi_io_vec[0].bv_page = sb_page;
> get_page(sb_page);
>
> - if (blk_queue_discard(bdev_get_queue(ca->bdev)))
> + if (blk_queue_discard(bdev_get_queue(bdev)))
> ca->discard = CACHE_DISCARD(&ca->sb);
>
> ret = cache_alloc(ca);
> if (ret != 0) {
> + blkdev_put(bdev, FMODE_READ|FMODE_WRITE|FMODE_EXCL);
> if (ret == -ENOMEM)
> err = "cache_alloc(): -ENOMEM";
> else
> @@ -1894,14 +1897,14 @@ static int register_cache(struct cache_sb *sb, struct page *sb_page,
> goto out;
> }
>
> - pr_info("registered cache device %s", bdevname(bdev, name));
> + pr_info("registered cache device %s", name);
>
> out:
> kobject_put(&ca->kobj);
>
> err:
> if (err)
> - pr_notice("error opening %s: %s", bdevname(bdev, name), err);
> + pr_notice("error opening %s: %s", name, err);
>
> return ret;
> }
> @@ -2004,7 +2007,7 @@ static ssize_t register_bcache(struct kobject *k, struct kobj_attribute *attr,
> goto err_close;
>
> if (register_cache(sb, sb_page, bdev, ca) != 0)
> - goto err_close;
> + goto err;
> }
> out:
> if (sb_page)
> --
> 1.8.3.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bcache" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
--
To unsubscribe from this list: send the line "unsubscribe linux-bcache" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
