On 3/21/22 23:56, Hannes Reinecke wrote: > Hi all, > > here's my second attempt the align the libata object naming with sysfs. > Key point is to introduce an 'ata' bus, which serves to collect all > libata object (ata_port, ata_link, and ata_device). > > To facilitate that the name of the 'ata_port' object changes from 'ata' > to 'port'. To provide backwards compability I've added an additional > class object for the ata_port with the name of 'ata'. > This additional object can be disabled with the config option > ATA_SYSFS_COMPAT. > > As usual, comments and reviews are welcome. > > Hannes Reinecke (3): > libata: sysfs naming option > libata: CONFIG_ATA_SYSFS_COMPAT > libata: sanitize PMP link naming > > drivers/ata/Kconfig | 10 +++++++ > drivers/ata/libata-transport.c | 55 ++++++++++++++++++++++++++++++---- > include/linux/libata.h | 54 ++++++++++----------------------- > 3 files changed, 76 insertions(+), 43 deletions(-) > Kasan is not happy at all when I do "rmmod ahci"... [ 1657.438508] BUG: KASAN: double-free or invalid-free in attribute_container_release+0x37/0x50 [ 1657.447070] [ 1657.448597] CPU: 8 PID: 1597 Comm: rmmod Not tainted 5.17.0-libata+ #25 [ 1657.455314] Hardware name: Supermicro Super Server/X11DPL-i, BIOS 3.3 02/21/2020 [ 1657.462809] Call Trace: [ 1657.465304] <TASK> [ 1657.467447] dump_stack_lvl+0x45/0x59 [ 1657.471180] print_address_description.constprop.0+0x1f/0x120 [ 1657.477021] ? attribute_container_release+0x37/0x50 [ 1657.482060] ? attribute_container_release+0x37/0x50 [ 1657.487108] kasan_report_invalid_free+0x51/0x80 [ 1657.491802] __kasan_slab_free+0xf4/0x110 [ 1657.495885] ? attribute_container_release+0x37/0x50 [ 1657.500930] kfree+0xca/0x210 [ 1657.503956] attribute_container_release+0x37/0x50 [ 1657.508826] device_release+0x98/0x200 [ 1657.512642] kobject_put+0x139/0x410 [ 1657.516283] ata_tport_delete+0x4a/0x60 [libata] [ 1657.521015] ata_host_detach+0x336/0x660 [libata] [ 1657.525820] ? kernfs_remove_by_name_ns+0x9a/0xe0 [ 1657.530615] pci_device_remove+0x65/0x110 [ 1657.534696] __device_release_driver+0x316/0x680 [ 1657.539398] driver_detach+0x1ec/0x2d0 [ 1657.543217] bus_remove_driver+0xe7/0x2d0 [ 1657.547293] ? lock_is_held_type+0x98/0x110 [ 1657.551546] pci_unregister_driver+0x26/0x250 [ 1657.555982] __x64_sys_delete_module+0x2fd/0x510 [ 1657.560673] ? free_module+0xaa0/0xaa0 [ 1657.564487] ? __cond_resched+0x1c/0x90 [ 1657.568392] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 1657.573611] ? syscall_enter_from_user_mode+0x21/0x70 [ 1657.578740] ? trace_hardirqs_on+0x1c/0x110 [ 1657.583000] do_syscall_64+0x35/0x80 [ 1657.586635] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1657.591765] RIP: 0033:0x7f4eb289d84b [ 1657.595403] Code: 73 01 c3 48 8b 0d dd 75 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ad 75 0e 00 f7 d8 64 89 01 48 [ 1657.618085] RSP: 002b:00007fffa28f9158 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 1657.627664] RAX: ffffffffffffffda RBX: 000055e1a7f54760 RCX: 00007f4eb289d84b [ 1657.636822] RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055e1a7f547c8 [ 1657.645965] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1657.655065] R10: 00007f4eb292eac0 R11: 0000000000000206 R12: 00007fffa28f93d0 [ 1657.664115] R13: 00007fffa28fa780 R14: 000055e1a7f542a0 R15: 000055e1a7f54760 [ 1657.673133] </TASK> [ 1657.677130] [ 1657.680403] Allocated by task 183: [ 1657.685577] kasan_save_stack+0x1e/0x40 [ 1657.691152] __kasan_kmalloc+0x7f/0xa0 [ 1657.696603] kmem_cache_alloc_trace+0x1f9/0x470 [ 1657.702809] ata_port_alloc+0x40/0x5a0 [libata] [ 1657.709031] ata_host_alloc+0x1ca/0x260 [libata] [ 1657.715301] ata_host_alloc_pinfo+0x1d/0x540 [libata] [ 1657.721978] ahci_init_one+0xc5b/0x1d40 [ahci] [ 1657.728037] local_pci_probe+0xc6/0x150 [ 1657.733487] work_for_cpu_fn+0x4e/0xa0 [ 1657.738833] process_one_work+0x7f0/0x1310 [ 1657.744509] worker_thread+0x6e0/0xf70 [ 1657.749855] kthread+0x28f/0x330 [ 1657.754665] ret_from_fork+0x1f/0x30 [ 1657.759818] [ 1657.762850] The buggy address belongs to the object at ffff8885e2ce0000 [ 1657.762850] which belongs to the cache kmalloc-32k of size 32768 [ 1657.778757] The buggy address is located 15088 bytes inside of [ 1657.778757] 32768-byte region [ffff8885e2ce0000, ffff8885e2ce8000) [ 1657.794105] The buggy address belongs to the page: [ 1657.800540] page:00000000ddc44957 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e2ce0 [ 1657.811675] head:00000000ddc44957 order:4 compound_mapcount:0 compound_pincount:0 [ 1657.820907] flags: 0x20000000010200(slab|head|node=0|zone=2) [ 1657.828316] raw: 0020000000010200 ffffea0018392808 ffffea00178b3c08 ffff888100040200 [ 1657.837857] raw: 0000000000000000 ffff8885e2ce0000 0000000100000001 0000000000000000 [ 1657.847408] page dumped because: kasan: bad access detected [ 1657.854796] [ 1657.858067] Memory state around the buggy address: [ 1657.864684] ffff8885e2ce3980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1657.873803] ffff8885e2ce3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1657.882884] >ffff8885e2ce3a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1657.891942] ^ [ 1657.900670] ffff8885e2ce3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1657.909774] ffff8885e2ce3b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 And after that, doing "rmmod libata; modprobe libata", Things get really bad... [ 1820.226215] sysfs: cannot create duplicate filename '/bus/ata' And then NULL pointer dereference oops. My PMP setup also does not show the devices named devX.Y. I suspect this is because my eSATA box supports FIS based switching. Even with that, the eSATA box has 4 drives all connected behind one port/one link, but I still see each device with its own port and link. Weird. Since I am not 100% up to speed on how the PMP code works, I need to dig into it. -- Damien Le Moal Western Digital Research
