[PATCH] nvmet: use new ana_log_size instead the old one
Hannes Reinecke
hare at suse.de
Thu May 27 04:24:33 PDT 2021
On 5/13/21 3:04 PM, Hou Pu wrote:
> The new ana_log_size should be used instead of the old one.
> Or kernel NULL pointer dereference will happen like below:
>
> [ 38.957849][ T69] BUG: kernel NULL pointer dereference, address: 000000000000003c
> [ 38.975550][ T69] #PF: supervisor write access in kernel mode
> [ 38.975955][ T69] #PF: error_code(0x0002) - not-present page
> [ 38.976905][ T69] PGD 0 P4D 0
> [ 38.979388][ T69] Oops: 0002 [#1] SMP NOPTI
> [ 38.980488][ T69] CPU: 0 PID: 69 Comm: kworker/0:2 Not tainted 5.12.0+ #54
> [ 38.981254][ T69] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> [ 38.982502][ T69] Workqueue: events nvme_loop_execute_work
> [ 38.985219][ T69] RIP: 0010:memcpy_orig+0x68/0x10f
> [ 38.986203][ T69] Code: 83 c2 20 eb 44 48 01 d6 48 01 d7 48 83 ea 20 0f 1f 00 48 83 ea 20 4c 8b 46 f8 4c 8b 4e f0 4c 8b 56 e8 4c 8b 5e e0 48 8d 76 e0 <4c> 89 47 f8 4c 89 4f f0 4c 89 57 e8 4c 89 5f e0 48 8d 7f e0 73 d2
> [ 38.987677][ T69] RSP: 0018:ffffc900001b7d48 EFLAGS: 00000287
> [ 38.987996][ T69] RAX: 0000000000000020 RBX: 0000000000000024 RCX: 0000000000000010
> [ 38.988327][ T69] RDX: ffffffffffffffe4 RSI: ffff8881084bc004 RDI: 0000000000000044
> [ 38.988620][ T69] RBP: 0000000000000024 R08: 0000000100000000 R09: 0000000000000000
> [ 38.988991][ T69] R10: 0000000100000000 R11: 0000000000000001 R12: 0000000000000024
> [ 38.989289][ T69] R13: ffff8881084bc000 R14: 0000000000000000 R15: 0000000000000024
> [ 38.989845][ T69] FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
> [ 38.990234][ T69] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 38.990490][ T69] CR2: 000000000000003c CR3: 00000001085b2000 CR4: 00000000000006f0
> [ 38.991105][ T69] Call Trace:
> [ 38.994157][ T69] sg_copy_buffer+0xb8/0xf0
> [ 38.995357][ T69] nvmet_copy_to_sgl+0x48/0x6d
> [ 38.995565][ T69] nvmet_execute_get_log_page_ana+0xd4/0x1cb
> [ 38.995792][ T69] nvmet_execute_get_log_page+0xc9/0x146
> [ 38.995992][ T69] nvme_loop_execute_work+0x3e/0x44
> [ 38.996181][ T69] process_one_work+0x1c3/0x3c0
> [ 38.996393][ T69] worker_thread+0x44/0x3d0
> [ 38.996600][ T69] ? cancel_delayed_work+0x90/0x90
> [ 38.996804][ T69] kthread+0xf7/0x130
> [ 38.996961][ T69] ? kthread_create_worker_on_cpu+0x70/0x70
> [ 38.997171][ T69] ret_from_fork+0x22/0x30
> [ 38.997705][ T69] Modules linked in:
> [ 38.998741][ T69] CR2: 000000000000003c
> [ 39.000104][ T69] ---[ end trace e719927b609d0fa0 ]---
>
> Fixes: 5e1f689913a4 ("nvme-multipath: fix double initialization of ANA state")
> Signed-off-by: Hou Pu <houpu.main at gmail.com>
> ---
> drivers/nvme/host/multipath.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
> index deb14562c96a..f81871c7128a 100644
> --- a/drivers/nvme/host/multipath.c
> +++ b/drivers/nvme/host/multipath.c
> @@ -817,7 +817,7 @@ int nvme_mpath_init_identify(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id)
> if (ana_log_size > ctrl->ana_log_size) {
> nvme_mpath_stop(ctrl);
> kfree(ctrl->ana_log_buf);
> - ctrl->ana_log_buf = kmalloc(ctrl->ana_log_size, GFP_KERNEL);
> + ctrl->ana_log_buf = kmalloc(ana_log_size, GFP_KERNEL);
> if (!ctrl->ana_log_buf)
> return -ENOMEM;
> }
>
Please fixup the subject line; this is _not_ for nvmet, but rather the
initiator side 'nvme'.
Otherwise:
Reviewed-by: Hannes Reinecke <hare at suse.de>
Christoph, please pull this in; it reliably kills my testbed ...
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, 90409 Nürnberg
GF: F. Imendörffer, HRB 36809 (AG Nürnberg)
More information about the Linux-nvme
mailing list