Re: [PATCH blktests v1 0/2] extend nvme/045 to reconnect with invalid key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mar 04, 2024 / 17:13, Daniel Wagner wrote:
> The is the test case for
> 
> https://lore.kernel.org/linux-nvme/20240304161006.19328-1-dwagner@xxxxxxx/
>
> 
> Daniel Wagner (2):
>   nvme/rc: add reconnect-delay argument only for fabrics transports
>   nvme/048: add reconnect after ctrl key change

I apply the kernel patches in the link above to v6.8-rc7, then ran nvme/045
with the blktests patches in the series. And I observed failure of the test
case with various transports [1]. Is this failure expected?

Also, I observed KASAN double-free [2]. Do you observe it in your environment?
I created a quick fix [3], and it looks resolving the double-free.

[1]

sudo ./check nvme/045
nvme/045 (Test re-authentication)                            [failed]
    runtime  8.069s  ...  7.639s
    --- tests/nvme/045.out      2024-03-05 18:09:07.267668493 +0900
    +++ /home/shin/Blktests/blktests/results/nodev/nvme/045.out.bad     2024-03-05 18:10:07.735494384 +0900
    @@ -9,5 +9,6 @@
     Change hash to hmac(sha512)
     Re-authenticate with changed hash
     Renew host key on the controller and force reconnect
    -disconnected 0 controller(s)
    +controller "nvme1" not deleted within 5 seconds
    +disconnected 1 controller(s)
     Test complete

[2]

[  938.253184] ==================================================================
[  938.254995] BUG: KASAN: double-free in nuse_show+0x307/0x3c0 [nvme_core]
[  938.256400] Free of addr ffff88812d318000 by task nvme/1564

[  938.258777] CPU: 2 PID: 1564 Comm: nvme Not tainted 6.8.0-rc7+ #155
[  938.260188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014
[  938.261695] Call Trace:
[  938.262780]  <TASK>
[  938.263950]  dump_stack_lvl+0x57/0x90
[  938.265157]  print_report+0xcf/0x670
[  938.266372]  ? __virt_addr_valid+0x211/0x400
[  938.267554]  ? nuse_show+0x307/0x3c0 [nvme_core]
[  938.268790]  kasan_report_invalid_free+0x72/0xa0
[  938.270025]  ? nuse_show+0x307/0x3c0 [nvme_core]
[  938.271242]  ? nuse_show+0x307/0x3c0 [nvme_core]
[  938.272447]  poison_slab_object+0x141/0x170
[  938.273574]  ? nuse_show+0x307/0x3c0 [nvme_core]
[  938.274826]  __kasan_slab_free+0x2e/0x50
[  938.276029]  kfree+0x116/0x350
[  938.277133]  nuse_show+0x307/0x3c0 [nvme_core]
[  938.278326]  ? __pfx_lock_acquire+0x10/0x10
[  938.279433]  ? __pfx_nuse_show+0x10/0x10 [nvme_core]
[  938.280669]  dev_attr_show+0x42/0xc0
[  938.281668]  ? sysfs_file_ops+0x11b/0x170
[  938.282733]  sysfs_kf_seq_show+0x1f0/0x3b0
[  938.283818]  seq_read_iter+0x40c/0x11c0
[  938.284888]  ? rw_verify_area+0x179/0x470
[  938.286016]  vfs_read+0x606/0xc70
[  938.287106]  ? __pfx_vfs_read+0x10/0x10
[  938.288153]  ? kasan_quarantine_put+0xd6/0x1e0
[  938.289234]  ? lockdep_hardirqs_on+0x7d/0x100
[  938.290313]  ? __fget_light+0x53/0x1e0
[  938.291267]  ksys_read+0xf7/0x1d0
[  938.292233]  ? __pfx_ksys_read+0x10/0x10
[  938.293301]  ? kasan_quarantine_put+0xd6/0x1e0
[  938.294300]  do_syscall_64+0x9a/0x190
[  938.295253]  ? __x64_sys_openat+0x11f/0x1d0
[  938.296292]  ? lockdep_hardirqs_on+0x7d/0x100
[  938.297277]  ? __pfx___x64_sys_openat+0x10/0x10
[  938.298328]  ? ksys_read+0xf7/0x1d0
[  938.299245]  ? lockdep_hardirqs_on_prepare+0x17b/0x410
[  938.300301]  ? do_syscall_64+0xa7/0x190
[  938.301191]  ? lockdep_hardirqs_on+0x7d/0x100
[  938.302148]  ? do_syscall_64+0xa7/0x190
[  938.303107]  ? do_syscall_64+0xa7/0x190
[  938.304009]  ? do_syscall_64+0xa7/0x190
[  938.304936]  ? lockdep_hardirqs_on_prepare+0x17b/0x410
[  938.306017]  entry_SYSCALL_64_after_hwframe+0x6e/0x76
[  938.307103] RIP: 0033:0x7f57658da121
[  938.308065] Code: 00 48 8b 15 11 fd 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 40 ce 01 00 f3 0f 1e fa 80 3d 45 82 0d 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec
[  938.310749] RSP: 002b:00007ffe0fd8ef98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  938.312023] RAX: ffffffffffffffda RBX: 00007ffe0fd908a8 RCX: 00007f57658da121
[  938.313215] RDX: 0000000000000fff RSI: 00007ffe0fd8efb0 RDI: 0000000000000003
[  938.314464] RBP: 00007ffe0fd90820 R08: 0000000000000073 R09: 0000000000000001
[  938.315668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  938.316871] R13: 0000000000000000 R14: 00007f5765a4b000 R15: 000000000053bdc0
[  938.318077]  </TASK>

[  938.319688] Allocated by task 1564:
[  938.320623]  kasan_save_stack+0x2f/0x50
[  938.321579]  kasan_save_track+0x10/0x30
[  938.322532]  __kasan_kmalloc+0xa6/0xb0
[  938.323477]  nvme_identify_ns+0xae/0x230 [nvme_core]
[  938.324529]  nuse_show+0x27a/0x3c0 [nvme_core]
[  938.325546]  dev_attr_show+0x42/0xc0
[  938.326485]  sysfs_kf_seq_show+0x1f0/0x3b0
[  938.327429]  seq_read_iter+0x40c/0x11c0
[  938.328483]  vfs_read+0x606/0xc70
[  938.329401]  ksys_read+0xf7/0x1d0
[  938.330441]  do_syscall_64+0x9a/0x190
[  938.331348]  entry_SYSCALL_64_after_hwframe+0x6e/0x76

[  938.333140] Freed by task 1564:
[  938.334143]  kasan_save_stack+0x2f/0x50
[  938.335067]  kasan_save_track+0x10/0x30
[  938.336078]  kasan_save_free_info+0x37/0x60
[  938.337101]  poison_slab_object+0x102/0x170
[  938.338124]  __kasan_slab_free+0x2e/0x50
[  938.339082]  kfree+0x116/0x350
[  938.339965]  nvme_identify_ns+0x1c5/0x230 [nvme_core]
[  938.341006]  nuse_show+0x27a/0x3c0 [nvme_core]
[  938.342003]  dev_attr_show+0x42/0xc0
[  938.342931]  sysfs_kf_seq_show+0x1f0/0x3b0
[  938.343882]  seq_read_iter+0x40c/0x11c0
[  938.344804]  vfs_read+0x606/0xc70
[  938.345708]  ksys_read+0xf7/0x1d0
[  938.346611]  do_syscall_64+0x9a/0x190
[  938.347538]  entry_SYSCALL_64_after_hwframe+0x6e/0x76

[  938.349308] The buggy address belongs to the object at ffff88812d318000
                which belongs to the cache kmalloc-4k of size 4096
[  938.350299] nvmet: creating nvm controller 1 for subsystem blktests-subsystem-1 for NQN nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349 with DH-HMAC-CHAP.
[  938.350311] The buggy address is located 0 bytes inside of
                4096-byte region [ffff88812d318000, ffff88812d319000)

[  938.350314] The buggy address belongs to the physical page:
[  938.358511] page:00000000389f3330 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d318
[  938.360009] head:00000000389f3330 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  938.361388] flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[  938.362644] page_type: 0xffffffff()
[  938.363627] raw: 0017ffffc0000840 ffff888100043040 dead000000000122 0000000000000000
[  938.364958] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[  938.366278] page dumped because: kasan: bad access detected

[  938.368303] Memory state around the buggy address:
[  938.369384]  ffff88812d317f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  938.370661]  ffff88812d317f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  938.371983] >ffff88812d318000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  938.373295]                    ^
[  938.374311]  ffff88812d318080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  938.375618]  ffff88812d318100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  938.376954] ==================================================================
[  938.378356] Disabling lock debugging due to kernel taint


[3]

diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
index f2832f70e7e0..4e161d3cd840 100644
--- a/drivers/nvme/host/sysfs.c
+++ b/drivers/nvme/host/sysfs.c
@@ -221,14 +221,10 @@ static int ns_update_nuse(struct nvme_ns *ns)
 
 	ret = nvme_identify_ns(ns->ctrl, ns->head->ns_id, &id);
 	if (ret)
-		goto out_free_id;
+		return ret;
 
 	ns->head->nuse = le64_to_cpu(id->nuse);
-
-out_free_id:
-	kfree(id);
-
-	return ret;
+	return 0;
 }
 
 static ssize_t nuse_show(struct device *dev, struct device_attribute *attr,




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux