BUG: KASAN: use-after-free in bt_for_each+0x1ea/0x29f

Hi, The following warning is observed once when running dbench on NVMe with the linus tree(top commit is 642e7fd23353). [ 1446.882043] == [ 1446.886884] BUG: KASAN: use-after-free in bt_for_each+0x1ea/0x29f [ 1446.888045] Read of

Re: 4.15.14 crash with iscsi target and dvd

Bart Van Assche wrote: > On Sun, 2018-04-01 at 14:27 -0400, Wakko Warner wrote: > > Wakko Warner wrote: > > > Wakko Warner wrote: > > > > I tested 4.14.32 last night with the same oops. 4.9.91 works fine. > > > > From the initiator, if I do cat /dev/sr1 > /dev/null it works. If I > > > > mount

Re: BUG: KASAN: use-after-free in bt_for_each+0x1ea/0x29f

On 4/4/18 5:28 PM, Ming Lei wrote: > Hi, > > The following warning is observed once when running dbench on NVMe with > the linus tree(top commit is 642e7fd23353). > > [ 1446.882043] > == > [ 1446.886884] BUG: KASAN: use-after-free

Re: [PATCH] rbd: add missing return statements

On Wed, Apr 4, 2018 at 11:49 AM, Arnd Bergmann wrote: > A new set of warnings appeared in next-20180403 in some configurations > when gcc cannot see that rbd_assert(0) leads to an unreachable code > path: > > drivers/block/rbd.c: In function 'rbd_img_is_write': >

[PATCH] rbd: add missing return statements

A new set of warnings appeared in next-20180403 in some configurations when gcc cannot see that rbd_assert(0) leads to an unreachable code path: drivers/block/rbd.c: In function 'rbd_img_is_write': drivers/block/rbd.c:1397:1: error: control reaches end of non-void function [-Werror=return-type]

Re: BUG at IP: blk_mq_get_request+0x23e/0x390 on 4.16.0-rc7

On 03/30/2018 12:32 PM, Yi Zhang wrote: Hello I got this kernel BUG on 4.16.0-rc7, here is the reproducer and log, let me know if you need more info, thanks. Reproducer: 1. setup target #nvmetcli restore /etc/rdma.json 2. connect target on host #nvme connect-all -t rdma -a $IP -s 4420during

Re: [PATCH V3 4/4] genirq/affinity: irq vector spread among online CPUs as far as possible

On Wed, 4 Apr 2018, Thomas Gleixner wrote: > I'm aware how that hw-queue stuff works. But that only works if the > spreading algorithm makes the interrupts affine to offline/not-present CPUs > when the block device is initialized. > > In the example above: > > > > > irq 39, cpu list 0,4

Re: [PATCH] rbd: add missing return statements

On Wed, Apr 4, 2018 at 1:04 PM, Ilya Dryomov wrote: > On Wed, Apr 4, 2018 at 11:49 AM, Arnd Bergmann wrote: >> A new set of warnings appeared in next-20180403 in some configurations >> when gcc cannot see that rbd_assert(0) leads to an unreachable code >> path:

[PATCH] [v2] rbd: avoid Wreturn-type warnings

A new set of warnings appeared in next-20180403 in some configurations when gcc cannot see that rbd_assert(0) leads to an unreachable code path: drivers/block/rbd.c: In function 'rbd_img_is_write': drivers/block/rbd.c:1397:1: error: control reaches end of non-void function [-Werror=return-type]

Re: [PATCH] [v2] rbd: avoid Wreturn-type warnings

On Wed, Apr 4, 2018 at 2:53 PM, Arnd Bergmann wrote: > A new set of warnings appeared in next-20180403 in some configurations > when gcc cannot see that rbd_assert(0) leads to an unreachable code > path: > > drivers/block/rbd.c: In function 'rbd_img_is_write': >

Re: [PATCH V3 4/4] genirq/affinity: irq vector spread among online CPUs as far as possible

On Wed, Apr 04, 2018 at 10:25:16AM +0200, Thomas Gleixner wrote: > On Wed, 4 Apr 2018, Ming Lei wrote: > > On Tue, Apr 03, 2018 at 03:32:21PM +0200, Thomas Gleixner wrote: > > > On Thu, 8 Mar 2018, Ming Lei wrote: > > > > 1) before 84676c1f21 ("genirq/affinity: assign vectors to all possible > >

Re: [PATCH V3 4/4] genirq/affinity: irq vector spread among online CPUs as far as possible

On Wed, Apr 04, 2018 at 02:45:18PM +0200, Thomas Gleixner wrote: > On Wed, 4 Apr 2018, Thomas Gleixner wrote: > > I'm aware how that hw-queue stuff works. But that only works if the > > spreading algorithm makes the interrupts affine to offline/not-present CPUs > > when the block device is

[PATCH] blk-mq: order getting budget and driver tag

This patch orders getting budget and driver tag by making sure to acquire driver tag after budget is got, this way can help to avoid the following race: 1) before dispatch request from scheduler queue, get one budget first, then dequeue a request, call it request A. 2) in another IO path for

[RFC PATCH 70/79] mm: add struct address_space to mark_buffer_dirty()

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct address_space to mark_buffer_dirty() arguments. <- @@ identifier I1; type T1; @@ void -mark_buffer_dirty(T1

[RFC PATCH 71/79] mm: add struct address_space to set_page_dirty()

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct address_space to set_page_dirty() arguments. <- @@ identifier I1; type T1; @@ int -set_page_dirty(T1 I1)

[RFC PATCH 72/79] mm: add struct address_space to set_page_dirty_lock()

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct address_space to set_page_dirty_lock() arguments. <- @@ identifier I1; type T1; @@ int

[RFC PATCH 68/79] mm/vma_address: convert page's index lookup to be against specific mapping

From: Jérôme Glisse Pass down the mapping ... Signed-off-by: Jérôme Glisse Cc: Andrew Morton Cc: Mel Gorman Cc: linux...@kvack.org Cc: Alexander Viro Cc:

[RFC PATCH 51/79] fs: stop relying on mapping field of struct page, get it from context

From: Jérôme Glisse Holy grail, remove all usage of mapping field of struct page inside common fs code. This is the manual conversion patch (so much can be done with coccinelle). Signed-off-by: Jérôme Glisse Cc: Alexander Viro

[RFC PATCH 28/79] fs: introduce page_is_truncated() helper

From: Jérôme Glisse Simple helper to unify all truncation test to one logic. This also unify logic that was bit different in various places. Convertion done using following coccinelle spatch on fs and mm dir:

[RFC PATCH 30/79] fs/block: add struct address_space to __block_write_begin() arguments

From: Jérôme Glisse Add struct address_space to __block_write_begin() arguments. One step toward dropping reliance on page->mapping. -- identifier M; expression E1, E2, E3, E4; @@ struct address_space *M;

[RFC PATCH 26/79] fs: add struct address_space to mpage_readpage() arguments

From: Jérôme Glisse Add struct address_space to mpage_readpage(). Note this patch only add arguments and modify call site conservatily using page->mapping and thus the end result is as before this patch. One step toward dropping reliance on page->mapping. Signed-off-by:

[RFC PATCH 33/79] fs/journal: add struct super_block to jbd2_journal_forget() arguments.

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct super_block to jbd2_journal_forget() arguments. spatch --sp-file zemantic-010a.spatch --in-place --dir fs/ --

[RFC PATCH 31/79] fs/block: add struct address_space to __block_write_begin_int() args

From: Jérôme Glisse Add struct address_space to __block_write_begin_int() arguments. One step toward dropping reliance on page->mapping. -- @exists@ identifier M; expression E1, E2, E3, E4, E5; @@ struct

[RFC PATCH 32/79] fs/block: do not rely on page->mapping get it from the context

From: Jérôme Glisse This patch remove most dereference of page->mapping and get the mapping from the call context (either already available in the function or by adding it to function arguments). Signed-off-by: Jérôme Glisse Cc: Jens Axboe

[RFC PATCH 78/79] mm/ksm: rename PAGE_MAPPING_KSM to PAGE_MAPPING_RONLY

From: Jérôme Glisse This just rename all KSM specific helper to generic page read only name. No functional change. Signed-off-by: Jérôme Glisse Cc: Andrea Arcangeli --- fs/proc/page.c | 2 +- include/linux/page-flags.h

[RFC PATCH 73/79] mm: pass down struct address_space to set_page_dirty()

From: Jérôme Glisse Pass down struct address_space to set_page_dirty() everywhere it is already available. <- @exists@ expression E; identifier F, M; @@ F(..., struct address_space * M, ...) { ...

[RFC PATCH 74/79] mm/page_ronly: add config option for generic read only page framework.

From: Jérôme Glisse It's really just a config option patch. Signed-off-by: Jérôme Glisse Cc: Andrea Arcangeli --- mm/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/Kconfig b/mm/Kconfig index

[RFC PATCH 77/79] mm/ksm: hide set_page_stable_node() and page_stable_node()

From: Jérôme Glisse Hiding this 2 functions as preparatory step for generalizing ksm write protection to other users. Moreover those two helpers can not be use meaningfully outside ksm.c as the struct they deal with is defined inside ksm.c. Signed-off-by: Jérôme Glisse

[RFC PATCH 52/79] fs/buffer: use _page_has_buffers() instead of page_has_buffers()

From: Jérôme Glisse The former need the address_space for which the buffer_head is being lookup. -- @exists@ identifier M; expression E; @@ struct address_space *M; ... -page_buffers(E) +_page_buffers(E, M)

[RFC PATCH 64/79] mm/buffer: use _page_has_buffers() instead of page_has_buffers()

From: Jérôme Glisse The former need the address_space for which the buffer_head is being lookup. -- @exists@ identifier M; expression E; @@ struct address_space *M; ... -page_buffers(E) +_page_buffers(E, M)

[RFC PATCH 69/79] fs/journal: add struct address_space to jbd2_journal_try_to_free_buffers() arguments

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct address_space to jbd2_journal_try_to_free_buffers() arguments. <- @@ type T1, T2, T3; @@ int

[RFC PATCH 65/79] mm/swap: add struct swap_info_struct swap_readpage() arguments

From: Jérôme Glisse Add struct swap_info_struct swap_readpage() arguments. One step toward dropping reliance on page->private during swap read back. Signed-off-by: Jérôme Glisse CC: Andrew Morton Cc: Alexander Viro

[RFC PATCH 50/79] fs: stop relying on mapping field of struct page, get it from context

From: Jérôme Glisse Holy grail, remove all usage of mapping field of struct page inside common fs code. spatch --sp-file zemantic-015a.spatch --in-place fs/*.c -- @exists@ struct page * P; identifier I; @@

[RFC PATCH 24/79] fs: add struct inode to nobh_writepage() arguments

From: Jérôme Glisse Add struct inode to nobh_writepage(). Note this patch only add arguments and modify call site conservatily using page->mapping and thus the end result is as before this patch. One step toward dropping reliance on page->mapping. Signed-off-by: Jérôme

[RFC PATCH 22/79] fs: add struct inode to block_read_full_page() arguments

From: Jérôme Glisse Add struct inode to block_read_full_page(). Note this patch only add arguments and modify call site conservatily using page->mapping and thus the end result is as before this patch. One step toward dropping reliance on page->mapping. Signed-off-by:

[RFC PATCH 20/79] fs: add struct address_space to write_cache_pages() callback argument

From: Jérôme Glisse Add struct address_space to callback arguments of write_cache_pages() Note this patch only add arguments and modify all callback functions signature, it does not make use of the new argument and thus it should be regression free. One step toward dropping

[RFC PATCH 27/79] fs: add struct address_space to fscache_read*() callback arguments

From: Jérôme Glisse Add struct address_space to fscache_read*() callback argument. Note this patch only add arguments and modify call site conservatily using page->mapping and thus the end result is as before this patch. One step toward dropping reliance on page->mapping.

[RFC PATCH 00/79] Generic page write protection and a solution to page waitqueue

From: Jérôme Glisse https://cgit.freedesktop.org/~glisse/linux/log/?h=generic-write-protection-rfc This is an RFC for LSF/MM discussions. It impacts the file subsystem, the block subsystem and the mm subsystem. Hence it would benefit from a cross sub-system discussion.

[RFC PATCH 07/79] mm/page: add helpers to find mapping give a page and buffer head

From: Jérôme Glisse For now this simply use exist page_mapping() inline. Latter it will use buffer head pointer as a key to lookup mapping for write protected page. Signed-off-by: Jérôme Glisse Cc: linux...@kvack.org CC: Andrew Morton

[RFC PATCH 06/79] mm/page: add helpers to dereference struct page index field

From: Jérôme Glisse Regroup all helpers that dereference struct page.index field into one place and require a the address_space (mapping) against which caller is looking the index (offset, pgoff, ...) Signed-off-by: Jérôme Glisse Cc: linux...@kvack.org

[RFC PATCH 05/79] mm/swap: add an helper to get address_space from swap_entry_t

From: Jérôme Glisse Each swap entry is associated to a file and thus an address_space. That address_space is use for reading/writing to swap storage. This patch add an helper to get the address_space from swap_entry_t. Signed-off-by: Jérôme Glisse Cc:

[RFC PATCH 04/79] pipe: add inode field to struct pipe_inode_info

From: Jérôme Glisse Pipes are associated with a file and thus an inode, store a pointer back to the inode in struct pipe_inode_info, this will be use when testing pages haven't been truncated. Signed-off-by: Jérôme Glisse Cc: Eric Biggers

[RFC PATCH 75/79] mm/page_ronly: add page read only core structure and helpers.

From: Jérôme Glisse Page read only is a generic framework for page write protection. It reuses the same mechanism as KSM by using the lower bit of the page->mapping fields, and KSM is converted to use this generic framework. Signed-off-by: Jérôme Glisse

[RFC PATCH 76/79] mm/ksm: have ksm select PAGE_RONLY config.

From: Jérôme Glisse Signed-off-by: Jérôme Glisse Cc: Andrea Arcangeli --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/Kconfig b/mm/Kconfig index aeffb6e8dd21..6994a1fdf847 100644 --- a/mm/Kconfig +++

[RFC PATCH 79/79] mm/ksm: set page->mapping to page_ronly struct instead of stable_node.

From: Jérôme Glisse Set page->mapping to the page_ronly struct instead of stable_node struct. There is no functional change as page_ronly is just a field of stable_node. Signed-off-by: Jérôme Glisse Cc: Andrea Arcangeli ---

[RFC PATCH 63/79] mm/page: convert page's index lookup to be against specific mapping

From: Jérôme Glisse This patch switch mm to lookup the page index or offset value to be against specific mapping. The page index value only have a meaning against a mapping. Using coccinelle: - @@ struct

[RFC PATCH 39/79] fs/buffer: add struct address_space to clean_page_buffers() arguments

From: Jérôme Glisse Add struct address_space to clean_page_buffers() arguments. One step toward dropping reliance on page->mapping. Signed-off-by: Jérôme Glisse Cc: Jens Axboe CC: Andrew Morton Cc: Alexander

[RFC PATCH 35/79] fs/buffer: add struct address_space and struct page to end_io callback

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct address_space and struct page to the end_io callback of buffer head. Caller of this callback have more context information to find the match page and mapping. Signed-off-by:

[RFC PATCH 36/79] fs/buffer: add struct super_block to bforget() arguments

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct super_block to bforget() arguments. spatch --sp-file zemantic-012a.spatch --in-place --dir fs/ -- @exists@

[RFC PATCH 37/79] fs/buffer: add struct super_block to __bforget() arguments

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct super_block to __bforget() arguments. spatch --sp-file zemantic-013a.spatch --in-place --dir fs/ spatch --sp-file zemantic-013a.spatch --in-place --dir include/

[RFC PATCH 38/79] fs/buffer: add first buffer flag for first buffer_head in a page

From: Jérôme Glisse A common pattern in code is that we have a buffer_head and we want to get the first buffer_head in buffer_head list for a page. Before this patch it was simply done with page_buffers(bh->b_page). This patch introduce an helper bh_first_for_page(struct

[RFC PATCH 29/79] fs/block: add struct address_space to bdev_write_page() arguments

From: Jérôme Glisse Add struct address_space to bdev_write_page() arguments. One step toward dropping reliance on page->mapping. Signed-off-by: Jérôme Glisse Cc: Jens Axboe CC: Andrew Morton Cc: Alexander

[RFC PATCH 34/79] fs/journal: add struct inode to jbd2_journal_revoke() arguments.

From: Jérôme Glisse For the holy crusade to stop relying on struct page mapping field, add struct super_block to jbd2_journal_revoke() arguments. spatch --sp-file zemantic-011a.spatch --in-place --dir fs/ --

[RFC PATCH 09/79] fs: add struct address_space to read_cache_page() callback argument

From: Jérôme Glisse Add struct address_space to callback arguments of read_cache_page() and read_cache_pages(). Note this patch only add arguments and modify callback function signature, it does not make use of the new argument and thus it should be regression free. One step

[RFC PATCH 08/79] mm/page: add helpers to find page mapping and private given a bio

From: Jérôme Glisse When page undergo io it is associated with a unique bio and thus we can use it to lookup other page fields which are relevant only for the bio under consideration. Note this only apply when page is special ie page->mapping is pointing to some special

Re: [PATCH V3 4/4] genirq/affinity: irq vector spread among online CPUs as far as possible

On Wed, 4 Apr 2018, Ming Lei wrote: > On Wed, Apr 04, 2018 at 10:25:16AM +0200, Thomas Gleixner wrote: > > In the example above: > > > > > > > irq 39, cpu list 0,4 > > > > > irq 40, cpu list 1,6 > > > > > irq 41, cpu list 2,5 > > > > > irq 42, cpu list 3,7 > > > > and

Re: [PATCH] blk-mq: order getting budget and driver tag

On 4/4/18 10:35 AM, Ming Lei wrote: > This patch orders getting budget and driver tag by making sure to acquire > driver tag after budget is got, this way can help to avoid the following > race: > > 1) before dispatch request from scheduler queue, get one budget first, then > dequeue a request,

Re: [PATCH V3 4/4] genirq/affinity: irq vector spread among online CPUs as far as possible

On Wed, 4 Apr 2018, Ming Lei wrote: > On Tue, Apr 03, 2018 at 03:32:21PM +0200, Thomas Gleixner wrote: > > On Thu, 8 Mar 2018, Ming Lei wrote: > > > 1) before 84676c1f21 ("genirq/affinity: assign vectors to all possible > > > CPUs") > > > irq 39, cpu list 0 > > > irq 40, cpu list 1 > > >

Re: [PATCH] blk-mq: only run mapped hw queues in blk_mq_run_hw_queues()

On 03/30/2018 04:53 AM, Ming Lei wrote: > On Thu, Mar 29, 2018 at 01:49:29PM +0200, Christian Borntraeger wrote: >> >> >> On 03/29/2018 01:43 PM, Ming Lei wrote: >>> On Thu, Mar 29, 2018 at 12:49:55PM +0200, Christian Borntraeger wrote: On 03/29/2018 12:48 PM, Ming Lei wrote: