release/5.2.35/xen-blkback-Avoid-unmapping-unmapped-grant-pages.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From 876c3840cba197dcbf411d8a5a38a45cbc62a028 Mon Sep 17 00:00:00 2001
 From: SeongJae Park <sjpark@amazon.de>
 Date: Tue, 26 Nov 2019 16:36:05 +0100
 Subject: [PATCH] xen/blkback: Avoid unmapping unmapped grant pages
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 commit f9bd84a8a845d82f9b5a081a7ae68c98a11d2e84 upstream.

 For each I/O request, blkback first maps the foreign pages for the
 request to its local pages.  If an allocation of a local page for the
 mapping fails, it should unmap every mapping already made for the
 request.

 However, blkback's handling mechanism for the allocation failure does
 not mark the remaining foreign pages as unmapped.  Therefore, the unmap
 function merely tries to unmap every valid grant page for the request,
 including the pages not mapped due to the allocation failure.  On a
 system that fails the allocation frequently, this problem leads to
 following kernel crash.

   [  372.012538] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
   [  372.012546] IP: [<ffffffff814071ac>] gnttab_unmap_refs.part.7+0x1c/0x40
   [  372.012557] PGD 16f3e9067 PUD 16426e067 PMD 0
   [  372.012562] Oops: 0002 [#1] SMP
   [  372.012566] Modules linked in: act_police sch_ingress cls_u32
   ...
   [  372.012746] Call Trace:
   [  372.012752]  [<ffffffff81407204>] gnttab_unmap_refs+0x34/0x40
   [  372.012759]  [<ffffffffa0335ae3>] xen_blkbk_unmap+0x83/0x150 [xen_blkback]
   ...
   [  372.012802]  [<ffffffffa0336c50>] dispatch_rw_block_io+0x970/0x980 [xen_blkback]
   ...
   Decompressing Linux... Parsing ELF... done.
   Booting the kernel.
   [    0.000000] Initializing cgroup subsys cpuset

 This commit fixes this problem by marking the grant pages of the given
 request that didn't mapped due to the allocation failure as invalid.

 Fixes: c6cc142dac52 ("xen-blkback: use balloon pages for all mappings")

 Reviewed-by: David Woodhouse <dwmw@amazon.de>
 Reviewed-by: Maximilian Heyne <mheyne@amazon.de>
 Reviewed-by: Paul Durrant <pdurrant@amazon.co.uk>
 Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
 Signed-off-by: SeongJae Park <sjpark@amazon.de>
 Signed-off-by: Jens Axboe <axboe@kernel.dk>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
 index fd1e19f1a49f..3666afa639d1 100644
 --- a/drivers/block/xen-blkback/blkback.c
 +++ b/drivers/block/xen-blkback/blkback.c
 @@ -936,6 +936,8 @@ static int xen_blkbk_map(struct xen_blkif_ring *ring,
  out_of_memory:
  	pr_alert("%s: out of memory\n", __func__);
  	put_free_pages(ring, pages_to_gnt, segs_to_map);
 +	for (i = last_map; i < num; i++)
 +		pages[i]->handle = BLKBACK_INVALID_HANDLE;
  	return -ENOMEM;
  }

 --
 2.7.4
	From 876c3840cba197dcbf411d8a5a38a45cbc62a028 Mon Sep 17 00:00:00 2001
	From: SeongJae Park <sjpark@amazon.de>
	Date: Tue, 26 Nov 2019 16:36:05 +0100
	Subject: [PATCH] xen/blkback: Avoid unmapping unmapped grant pages
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	commit f9bd84a8a845d82f9b5a081a7ae68c98a11d2e84 upstream.

	For each I/O request, blkback first maps the foreign pages for the
	request to its local pages. If an allocation of a local page for the
	mapping fails, it should unmap every mapping already made for the
	request.

	However, blkback's handling mechanism for the allocation failure does
	not mark the remaining foreign pages as unmapped. Therefore, the unmap
	function merely tries to unmap every valid grant page for the request,
	including the pages not mapped due to the allocation failure. On a
	system that fails the allocation frequently, this problem leads to
	following kernel crash.

	[ 372.012538] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
	[ 372.012546] IP: [<ffffffff814071ac>] gnttab_unmap_refs.part.7+0x1c/0x40
	[ 372.012557] PGD 16f3e9067 PUD 16426e067 PMD 0
	[ 372.012562] Oops: 0002 [#1] SMP
	[ 372.012566] Modules linked in: act_police sch_ingress cls_u32
	...
	[ 372.012746] Call Trace:
	[ 372.012752] [<ffffffff81407204>] gnttab_unmap_refs+0x34/0x40
	[ 372.012759] [<ffffffffa0335ae3>] xen_blkbk_unmap+0x83/0x150 [xen_blkback]
	...
	[ 372.012802] [<ffffffffa0336c50>] dispatch_rw_block_io+0x970/0x980 [xen_blkback]
	...
	Decompressing Linux... Parsing ELF... done.
	Booting the kernel.
	[ 0.000000] Initializing cgroup subsys cpuset

	This commit fixes this problem by marking the grant pages of the given
	request that didn't mapped due to the allocation failure as invalid.

	Fixes: c6cc142dac52 ("xen-blkback: use balloon pages for all mappings")

	Reviewed-by: David Woodhouse <dwmw@amazon.de>
	Reviewed-by: Maximilian Heyne <mheyne@amazon.de>
	Reviewed-by: Paul Durrant <pdurrant@amazon.co.uk>
	Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
	Signed-off-by: SeongJae Park <sjpark@amazon.de>
	Signed-off-by: Jens Axboe <axboe@kernel.dk>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
	index fd1e19f1a49f..3666afa639d1 100644
	--- a/drivers/block/xen-blkback/blkback.c
	+++ b/drivers/block/xen-blkback/blkback.c
	@@ -936,6 +936,8 @@ static int xen_blkbk_map(struct xen_blkif_ring *ring,
	out_of_memory:
	pr_alert("%s: out of memory\n", __func__);
	put_free_pages(ring, pages_to_gnt, segs_to_map);
	+ for (i = last_map; i < num; i++)
	+ pages[i]->handle = BLKBACK_INVALID_HANDLE;
	return -ENOMEM;
	}

	--
	2.7.4