Message ID | 20240301120816.22581-2-shikemeng@huaweicloud.com |
---|---|
State | Superseded |
Headers | show |
Series | Fix crashes in ext4 unit test | expand |
On Fri, Mar 01, 2024 at 08:08:15PM +0800, Kemeng Shi wrote: > This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns > as following: > <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318) > <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415) > <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174) > <4>[ 14.346696] alloc_inode (fs/inode.c:268) > <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007) > <4>[ 14.348016] new_inode (fs/inode.c:1033) > <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719) > <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57 > fs/ext4/mballoc-test.c:314) > <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443) > <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30) > <4>[ 14.351530] kthread (kernel/kthread.c:388) > <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861) > <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1) > > Alloc test super block from sget to properly initialize test super block > to fix the issue. > > Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> > Reported-by: Guenter Roeck <linux@roeck-us.net> > --- > fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++-------------- > 1 file changed, 31 insertions(+), 15 deletions(-) > > diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c > index 12d0b22cabe1..1da52bbf4599 100644 > --- a/fs/ext4/mballoc-test.c > +++ b/fs/ext4/mballoc-test.c > @@ -21,16 +21,27 @@ struct mbt_ctx { > }; > > struct mbt_ext4_super_block { > - struct super_block sb; > + struct ext4_super_block es; > + struct ext4_sb_info sbi; > struct mbt_ctx mbt_ctx; > }; > > -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx)) > +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi)) > +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx) > #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group]) > > static const struct super_operations mbt_sops = { > }; > > +static void mbt_kill_sb(struct super_block *sb) > +{ > +} > + > +static struct file_system_type mbt_fs_type = { > + .name = "mballoc test", > + .kill_sb = mbt_kill_sb, > +}; > + > static int mbt_mb_init(struct super_block *sb) > { > int ret; > @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb) > kfree(sb->s_bdev); > } > > +static int mbt_set(struct super_block *sb, void *data) > +{ > + return 0; > +} > + > static struct super_block *mbt_ext4_alloc_super_block(void) > { > - struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL); > - struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); > struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL); > + struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL); > + struct ext4_sb_info *sbi; > > - if (fsb == NULL || sbi == NULL || es == NULL) > + if (fsb == NULL || sb == NULL) sget() returns error pointer on failure. So you should check for IS_ERR(sb).
On Fri, Mar 01, 2024 at 09:25:59AM +0100, Christian Brauner wrote: > On Fri, Mar 01, 2024 at 08:08:15PM +0800, Kemeng Shi wrote: > > This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns > > as following: > > <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318) > > <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415) > > <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174) > > <4>[ 14.346696] alloc_inode (fs/inode.c:268) > > <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007) > > <4>[ 14.348016] new_inode (fs/inode.c:1033) > > <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719) > > <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57 > > fs/ext4/mballoc-test.c:314) > > <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443) > > <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30) > > <4>[ 14.351530] kthread (kernel/kthread.c:388) > > <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861) > > <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1) > > > > Alloc test super block from sget to properly initialize test super block > > to fix the issue. > > > > Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> > > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> > > Reported-by: Guenter Roeck <linux@roeck-us.net> > > --- > > fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++-------------- > > 1 file changed, 31 insertions(+), 15 deletions(-) > > > > diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c > > index 12d0b22cabe1..1da52bbf4599 100644 > > --- a/fs/ext4/mballoc-test.c > > +++ b/fs/ext4/mballoc-test.c > > @@ -21,16 +21,27 @@ struct mbt_ctx { > > }; > > > > struct mbt_ext4_super_block { > > - struct super_block sb; > > + struct ext4_super_block es; > > + struct ext4_sb_info sbi; > > struct mbt_ctx mbt_ctx; > > }; > > > > -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx)) > > +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi)) > > +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx) > > #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group]) > > > > static const struct super_operations mbt_sops = { > > }; > > > > +static void mbt_kill_sb(struct super_block *sb) > > +{ > > +} > > + > > +static struct file_system_type mbt_fs_type = { > > + .name = "mballoc test", > > + .kill_sb = mbt_kill_sb, > > +}; > > + > > static int mbt_mb_init(struct super_block *sb) > > { > > int ret; > > @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb) > > kfree(sb->s_bdev); > > } > > > > +static int mbt_set(struct super_block *sb, void *data) > > +{ > > + return 0; > > +} > > + > > static struct super_block *mbt_ext4_alloc_super_block(void) > > { > > - struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL); > > - struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); > > struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL); > > + struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL); > > + struct ext4_sb_info *sbi; > > > > - if (fsb == NULL || sbi == NULL || es == NULL) > > + if (fsb == NULL || sb == NULL) > > sget() returns error pointer on failure. So you should check for IS_ERR(sb). You also want to unlock that superblock up_write(sb->s_umount) if it succeeded and then call deactivate_super() when you are done with it in mbt_kunit_exit().
on 3/1/2024 4:25 PM, Christian Brauner wrote: > On Fri, Mar 01, 2024 at 08:08:15PM +0800, Kemeng Shi wrote: >> This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns >> as following: >> <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318) >> <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415) >> <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174) >> <4>[ 14.346696] alloc_inode (fs/inode.c:268) >> <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007) >> <4>[ 14.348016] new_inode (fs/inode.c:1033) >> <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719) >> <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57 >> fs/ext4/mballoc-test.c:314) >> <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443) >> <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30) >> <4>[ 14.351530] kthread (kernel/kthread.c:388) >> <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861) >> <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1) >> >> Alloc test super block from sget to properly initialize test super block >> to fix the issue. >> >> Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> >> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> >> Reported-by: Guenter Roeck <linux@roeck-us.net> >> --- >> fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++-------------- >> 1 file changed, 31 insertions(+), 15 deletions(-) >> >> diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c >> index 12d0b22cabe1..1da52bbf4599 100644 >> --- a/fs/ext4/mballoc-test.c >> +++ b/fs/ext4/mballoc-test.c >> @@ -21,16 +21,27 @@ struct mbt_ctx { >> }; >> >> struct mbt_ext4_super_block { >> - struct super_block sb; >> + struct ext4_super_block es; >> + struct ext4_sb_info sbi; >> struct mbt_ctx mbt_ctx; >> }; >> >> -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx)) >> +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi)) >> +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx) >> #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group]) >> >> static const struct super_operations mbt_sops = { >> }; >> >> +static void mbt_kill_sb(struct super_block *sb) >> +{ >> +} >> + >> +static struct file_system_type mbt_fs_type = { >> + .name = "mballoc test", >> + .kill_sb = mbt_kill_sb, >> +}; >> + >> static int mbt_mb_init(struct super_block *sb) >> { >> int ret; >> @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb) >> kfree(sb->s_bdev); >> } >> >> +static int mbt_set(struct super_block *sb, void *data) >> +{ >> + return 0; >> +} >> + >> static struct super_block *mbt_ext4_alloc_super_block(void) >> { >> - struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL); >> - struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); >> struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL); >> + struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL); >> + struct ext4_sb_info *sbi; >> >> - if (fsb == NULL || sbi == NULL || es == NULL) >> + if (fsb == NULL || sb == NULL) > > sget() returns error pointer on failure. So you should check for IS_ERR(sb). > Thanks a lot for review. I will fix it in next version.
diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c index 12d0b22cabe1..1da52bbf4599 100644 --- a/fs/ext4/mballoc-test.c +++ b/fs/ext4/mballoc-test.c @@ -21,16 +21,27 @@ struct mbt_ctx { }; struct mbt_ext4_super_block { - struct super_block sb; + struct ext4_super_block es; + struct ext4_sb_info sbi; struct mbt_ctx mbt_ctx; }; -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx)) +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi)) +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx) #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group]) static const struct super_operations mbt_sops = { }; +static void mbt_kill_sb(struct super_block *sb) +{ +} + +static struct file_system_type mbt_fs_type = { + .name = "mballoc test", + .kill_sb = mbt_kill_sb, +}; + static int mbt_mb_init(struct super_block *sb) { int ret; @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb) kfree(sb->s_bdev); } +static int mbt_set(struct super_block *sb, void *data) +{ + return 0; +} + static struct super_block *mbt_ext4_alloc_super_block(void) { - struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL); - struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL); + struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL); + struct ext4_sb_info *sbi; - if (fsb == NULL || sbi == NULL || es == NULL) + if (fsb == NULL || sb == NULL) goto out; + sbi = &fsb->sbi; + sbi->s_blockgroup_lock = kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL); if (!sbi->s_blockgroup_lock) - goto out; + goto out_deactivate; bgl_lock_init(sbi->s_blockgroup_lock); - sbi->s_es = es; - fsb->sb.s_fs_info = sbi; + sbi->s_es = &fsb->es; + sb->s_fs_info = sbi; - return &fsb->sb; + return sb; +out_deactivate: + deactivate_locked_super(sb); out: kfree(fsb); - kfree(sbi); - kfree(es); return NULL; } static void mbt_ext4_free_super_block(struct super_block *sb) { - struct mbt_ext4_super_block *fsb = - container_of(sb, struct mbt_ext4_super_block, sb); + struct mbt_ext4_super_block *fsb = MBT_SB(sb); struct ext4_sb_info *sbi = EXT4_SB(sb); kfree(sbi->s_blockgroup_lock); - kfree(sbi->s_es); - kfree(sbi); + deactivate_locked_super(sb); kfree(fsb); }
This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns as following: <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318) <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415) <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174) <4>[ 14.346696] alloc_inode (fs/inode.c:268) <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007) <4>[ 14.348016] new_inode (fs/inode.c:1033) <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719) <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57 fs/ext4/mballoc-test.c:314) <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443) <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30) <4>[ 14.351530] kthread (kernel/kthread.c:388) <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861) <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1) Alloc test super block from sget to properly initialize test super block to fix the issue. Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> Reported-by: Guenter Roeck <linux@roeck-us.net> --- fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 15 deletions(-)