[PATCH] block: bio-integrity: fix potential null-ptr-deref in bio_integrity_free

Ming Lei ming.lei at redhat.com
Thu Jun 6 07:30:06 PDT 2024


On Thu, Jun 06, 2024 at 07:34:14PM +0800, yebin wrote:
> 
> 
> On 2024/6/6 14:44, Christoph Hellwig wrote:
> > What kernel is this on?  As of Linux 6.9 we are now always freezing
> v4.18
> > the queue while updating the logical_block_size in the nvme driver,
> > so there should be no inflight I/O while it is changing.
> > 
> The root cause of the problem is that there is no concurrency protection
> between
> issuing DIO checks in __ blkdev direct IO simple() and updating logical
> block sizes ,
> resulting in the block layer being able to see DIOs that are not aligned
> with logical
> blocks.

Yeah, that is one area queue freezing can't cover logical block size
change, but I'd suggest to put the logical bs check into submit_bio() or
slow path of __bio_queue_enter() at least.

BTW, Yi has one reproducer, and slab is corrupted just like this report
when running 'nvme format' & IO on partitions.

I am not sure if this kind of change can avoid the issue completely, anyway
Yi and I can test it and see if the kind of change works.

My concern is that nvme format is started without draining IO, and
IO can be submitted to hardware when nvme FW is handling formatting.
I am not sure if nvme FW can deal with this situation correctly.
Ewan suggested to run 'nvme format' with exclusive nvme disk open, which
needs nvme-cli change.



Thanks,
Ming




More information about the Linux-nvme mailing list