On 23.09.2021 15:49, Konstantin Khorenko wrote: > ms commit b7d6c3033323 ("block: fix use-after-free on cached > last_lookup partition") has changed the semantic of > disk_map_sector_rcu() function: previously it only returned appropriate > partition but after the patch it additionally gets a refcounter on that > partition. > > RedHat has backported that patch in RHEL7 as > https://access.redhat.com/labs/rhcb/RHEL-7.9/kernel-3.10.0-1160.31.1.el7/patches/blob/1050-block-fix-use-after-free-on-cached-last_lookup-parti.patch > > We use disk_map_sector_rcu() in ploop_make_request() for getting proper > partition for correct i/o accounting and thus during the rebase of > 3.10.0-1160.25.1.vz7.180.12 onto 3.10.0-1160.31.1.el7 > (3.10.0-1160.31.1.vz7.181.1) we've got refcounters leak which led to: > > * leaking hd_struct-s for ploop devices partitions on Containers > start/stop, suspend/resume, mount/umount, etc. > * as a side effect we've got broken statistics for ploop partitions in > 50% cases (always zeroes are shown) > > Fix the leak by adding pair hd_struct_put() into ploop code. > > Fixes: 03edeead80d9 ("ploop: fix gendisk disk_stats to be seen on > partition") > > https://jira.sw.ru/browse/PSBM-131919 > > Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
Reviewed-by: Kirill Tkhai <ktk...@virtuozzo.com> > --- > block/partition-generic.c | 1 + > drivers/block/ploop/dev.c | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/block/partition-generic.c b/block/partition-generic.c > index 164d364fb793..dd3a185f8683 100644 > --- a/block/partition-generic.c > +++ b/block/partition-generic.c > @@ -253,6 +253,7 @@ void __delete_partition(struct hd_struct *part) > > call_rcu(&part->rcu_head, delete_partition_rcu_cb); > } > +EXPORT_SYMBOL(__delete_partition); > > void delete_partition(struct gendisk *disk, int partno) > { > diff --git a/drivers/block/ploop/dev.c b/drivers/block/ploop/dev.c > index 9abce6afa976..06b72542633b 100644 > --- a/drivers/block/ploop/dev.c > +++ b/drivers/block/ploop/dev.c > @@ -982,6 +982,7 @@ static void ploop_make_request(struct request_queue *q, > struct bio *bio) > part = disk_map_sector_rcu(plo->disk, bio->bi_sector); > part_stat_inc(cpu, part, ios[rw]); > part_stat_add(cpu, part, sectors[rw], bio_sectors(bio)); > + hd_struct_put(part); > part_stat_unlock(); > > if (blk_queue_standby(plo->queue)) { > _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel