[PATCH] fix WARNING in submit_bio_checks

12 views
Skip to first unread message

bkkarthik

unread,
Jul 19, 2020, 8:51:44 AM7/19/20
to sk...@linuxfoundation.org, gre...@linuxfoundation.org, syzkall...@googlegroups.com
fix warning in submit_bio_check trying to write
to a read only block device by looking for
(mode & FMODE_WRITE) in blkdev_get_by_dev() and
changing REQ_OP_WRITE to 1 where 1 is the least
significant bit. Delaying an unnecessary sync until
the write operation completes

Reported-by: syzbot+4c50ac...@syzkaller.appspotmail.com
Signed-off-by: bkkarthik <bkka...@pesu.pes.edu>
---
fs/block_dev.c | 17 +++++++----------
fs/buffer.c | 2 +-
2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 5b07f2665e41..34042e231fca 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1718,6 +1718,11 @@ struct block_device *blkdev_get_by_dev(dev_t dev, fmode_t mode, void *holder)
if (err)
return ERR_PTR(err);

+ if ((mode & FMODE_WRITE) && bdev_read_only(bdev)) {
+ blkdev_put(bdev, mode);
+ return ERR_PTR(-EACCES);
+ }
+
return bdev;
}
EXPORT_SYMBOL(blkdev_get_by_dev);
@@ -1758,16 +1763,6 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part)
struct gendisk *disk = bdev->bd_disk;
struct block_device *victim = NULL;

- /*
- * Sync early if it looks like we're the last one. If someone else
- * opens the block device between now and the decrement of bd_openers
- * then we did a sync that we didn't need to, but that's not the end
- * of the world and we want to avoid long (could be several minute)
- * syncs while holding the mutex.
- */
- if (bdev->bd_openers == 1)
- sync_blockdev(bdev);
-
mutex_lock_nested(&bdev->bd_mutex, for_part);
if (for_part)
bdev->bd_part_count--;
@@ -1795,6 +1790,8 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part)
}
mutex_unlock(&bdev->bd_mutex);
bdput(bdev);
+ sync_blockdev(bdev);
+
if (victim)
__blkdev_put(victim, mode, 1);
}
diff --git a/fs/buffer.c b/fs/buffer.c
index ac0310d24657..e16ac96585c4 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -1844,7 +1844,7 @@ int __block_write_full_page(struct inode *inode, struct page *page,
do {
struct buffer_head *next = bh->b_this_page;
if (buffer_async_write(bh)) {
- submit_bh_wbc(REQ_OP_WRITE, write_flags, bh,
+ submit_bh_wbc(1, write_flags, bh,
inode->i_write_hint, wbc);
nr_underway++;
}
--
2.20.1

signature.asc

bkkarthik

unread,
Jul 19, 2020, 10:28:10 AM7/19/20
to sk...@linuxfoundation.org, gre...@linuxfoundation.org, syzkall...@googlegroups.com, syzbot+4c50ac...@syzkaller.appspotmail.com
signature.asc

syzbot

unread,
Jul 19, 2020, 1:22:08 PM7/19/20
to bkka...@pesu.pes.edu, gre...@linuxfoundation.org, sk...@linuxfoundation.org, syzkall...@googlegroups.com
Hello,

syzbot tried to test the proposed patch but the build/boot failed:

drivers/mfd/mfd-core.c:147:17: error: implicit declaration of function 'of_read_number' [-Werror=implicit-function-declaration]


Tested on:

commit: aab7ee9f Add linux-next specific files for 20200717
git tree: linux-next
dashboard link: https://syzkaller.appspot.com/bug?extid=4c50ac32e5b10e4133e1
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=1589425f100000

bkkarthik

unread,
Jul 19, 2020, 1:40:11 PM7/19/20
to syzbot+4c50ac...@syzkaller.appspotmail.com, gre...@linuxfoundation.org, sk...@linuxfoundation.org, syzkall...@googlegroups.com
signature.asc

bkkarthik

unread,
Jul 19, 2020, 1:43:38 PM7/19/20
to syzbot+4c50ac...@syzkaller.appspotmail.com, gre...@linuxfoundation.org, sk...@linuxfoundation.org, syzkall...@googlegroups.com
signature.asc

syzbot

unread,
Jul 19, 2020, 8:15:08 PM7/19/20
to bkka...@pesu.pes.edu, gre...@linuxfoundation.org, sk...@linuxfoundation.org, syzkall...@googlegroups.com
Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in generic_make_request_checks

------------[ cut here ]------------
generic_make_request: Trying to write to read-only block-device nullb0 (partno 0)
WARNING: CPU: 0 PID: 8195 at block/blk-core.c:852 bio_check_ro block/blk-core.c:852 [inline]
WARNING: CPU: 0 PID: 8195 at block/blk-core.c:852 generic_make_request_checks+0x1cb0/0x21c0 block/blk-core.c:988
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8195 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:231
__warn.cold+0x20/0x45 kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:235
exc_invalid_op+0x13/0x40 arch/x86/kernel/traps.c:255
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:542
RIP: 0010:bio_check_ro block/blk-core.c:852 [inline]
RIP: 0010:generic_make_request_checks+0x1cb0/0x21c0 block/blk-core.c:988
Code: 1a 05 00 00 44 8b ab ac 05 00 00 48 8d 74 24 70 48 89 ef e8 92 0f fe ff 48 c7 c7 60 9a 91 88 48 89 c6 44 89 ea e8 c2 87 c2 fd <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02
RSP: 0018:ffffc90004927478 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8880a12aa000 RCX: 0000000000000000
RDX: ffff8880932ea400 RSI: ffffffff815d4f87 RDI: fffff52000924e81
RBP: ffff8880a1d3fc00 R08: 0000000000000001 R09: ffff8880ae6318e7
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a1d3fc08
R13: 0000000000000000 R14: 0000000000000001 R15: ffff8880a12a5080
generic_make_request+0x89/0xc00 block/blk-core.c:1112
submit_bio+0x263/0x5b0 block/blk-core.c:1275
submit_bh_wbc+0x68d/0x8e0 fs/buffer.c:3073
__block_write_full_page+0x837/0x12e0 fs/buffer.c:1811
block_write_full_page+0x214/0x270 fs/buffer.c:2997
__writepage+0x60/0x170 mm/page-writeback.c:2313
write_cache_pages+0x736/0x11b0 mm/page-writeback.c:2248
generic_writepages mm/page-writeback.c:2339 [inline]
generic_writepages+0xe2/0x150 mm/page-writeback.c:2328
do_writepages+0xec/0x290 mm/page-writeback.c:2354
__filemap_fdatawrite_range+0x2a1/0x380 mm/filemap.c:421
filemap_write_and_wait_range mm/filemap.c:654 [inline]
filemap_write_and_wait_range+0xe1/0x1c0 mm/filemap.c:648
filemap_write_and_wait include/linux/fs.h:2765 [inline]
__sync_blockdev fs/block_dev.c:490 [inline]
sync_blockdev fs/block_dev.c:499 [inline]
__blkdev_put+0x60b/0x8c0 fs/block_dev.c:1910
blkdev_close+0x8c/0xb0 fs/block_dev.c:1967
__fput+0x33c/0x880 fs/file_table.c:281
task_work_run+0xdd/0x190 kernel/task_work.c:135
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:239 [inline]
__prepare_exit_to_usermode+0x1e9/0x1f0 arch/x86/entry/common.c:269
do_syscall_64+0x6c/0xe0 arch/x86/entry/common.c:393
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cba9
Code: Bad RIP value.
RSP: 002b:00007f67cfe7fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: 0000000020000000 RBX: 00000000004f6ea0 RCX: 000000000045cba9
RDX: 000000000200000e RSI: 0000000000e7e000 RDI: 0000000020000000
RBP: 000000000078bf00 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000013 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000075e R14: 00000000004ca61f R15: 00007f67cfe806d4
Kernel Offset: disabled
Rebooting in 86400 seconds..


Tested on:

commit: 11ba4688 Linux 5.8-rc5
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1375a968900000
kernel config: https://syzkaller.appspot.com/x/.config?x=5b77dd4385c2d488
dashboard link: https://syzkaller.appspot.com/bug?extid=4c50ac32e5b10e4133e1
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=17a85817100000

syzbot

unread,
Jul 19, 2020, 8:28:05 PM7/19/20
to bkka...@pesu.pes.edu, gre...@linuxfoundation.org, sk...@linuxfoundation.org, syzkall...@googlegroups.com
Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in generic_make_request_checks

WARNING: CPU: 1 PID: 8207 at block/blk-core.c:852 bio_check_ro block/blk-core.c:852 [inline]
WARNING: CPU: 1 PID: 8207 at block/blk-core.c:852 generic_make_request_checks+0x1cb0/0x21c0 block/blk-core.c:988
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8207 Comm: syz-executor.2 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:231
__warn.cold+0x20/0x45 kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:235
exc_invalid_op+0x13/0x40 arch/x86/kernel/traps.c:255
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:540
RIP: 0010:bio_check_ro block/blk-core.c:852 [inline]
RIP: 0010:generic_make_request_checks+0x1cb0/0x21c0 block/blk-core.c:988
Code: 1a 05 00 00 44 8b ab ac 05 00 00 48 8d 74 24 70 48 89 ef e8 92 0f fe ff 48 c7 c7 60 9b 91 88 48 89 c6 44 89 ea e8 d2 7e c2 fd <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02
RSP: 0018:ffffc90004c57478 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8880a126e000 RCX: 0000000000000000
RDX: ffff888093b04200 RSI: ffffffff815d4eb7 RDI: fffff5200098ae81
RBP: ffff88809ee13840 R08: 0000000000000001 R09: ffff8880ae7318e7
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809ee13848
R13: 0000000000000000 R14: 0000000000000001 R15: ffff8880a1268080
RSP: 002b:00007f965a294c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: 0000000020000000 RBX: 00000000004f6ea0 RCX: 000000000045cba9
RDX: 000000000200000e RSI: 0000000000e7e000 RDI: 0000000020000000
RBP: 000000000078bf00 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000013 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000075e R14: 00000000004ca61f R15: 00007f965a2956d4
Kernel Offset: disabled
Rebooting in 86400 seconds..


Tested on:

commit: ba47d845 Linux 5.8-rc6
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=10d9517d100000
kernel config: https://syzkaller.appspot.com/x/.config?x=f857c9ac37492d89
dashboard link: https://syzkaller.appspot.com/bug?extid=4c50ac32e5b10e4133e1
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=1469ff48900000

Reply all
Reply to author
Forward
0 new messages