• David Howells's avatar
    FS-Cache: Retain the netfs context in the retrieval op earlier · 4a47132f
    David Howells authored
    Now that the retrieval operation may be disposed of by fscache_put_operation()
    before we actually set the context, the retrieval-specific cleanup operation
    can produce a NULL-pointer dereference when it tries to unconditionally clean
    up the netfs context.
    Given that it is expected that we'll get at least as far as the place where we
    currently set the context pointer and it is unlikely we'll go through the
    error handling paths prior to that point, retain the context right from the
    point that the retrieval op is allocated.
    Concomitant to this, we need to retain the cookie pointer in the retrieval op
    also so that we can call the netfs to release its context in the release
    In addition, we might now get into fscache_release_retrieval_op() with the op
    only initialised.  To this end, set the operation to DEAD only after the
    release method has been called and skip the n_pages test upon cleanup if the
    op is still in the INITIALISED state.
    Without these changes, the following oops might be seen:
    	BUG: unable to handle kernel NULL pointer dereference at 00000000000000b8
    	RIP: 0010:[<ffffffffa0089c98>] fscache_release_retrieval_op+0xae/0x100
    	Call Trace:
    	 [<ffffffffa0088560>] fscache_put_operation+0x117/0x2e0
    	 [<ffffffffa008b8f5>] __fscache_read_or_alloc_pages+0x351/0x3ac
    	 [<ffffffffa00b761f>] __nfs_readpages_from_fscache+0x59/0xbf [nfs]
    	 [<ffffffffa00b06c5>] nfs_readpages+0x10c/0x185 [nfs]
    	 [<ffffffff81124925>] ? alloc_pages_current+0x119/0x13e
    	 [<ffffffff810ee5fd>] ? __page_cache_alloc+0xfb/0x10a
    	 [<ffffffff810f87f8>] __do_page_cache_readahead+0x188/0x22c
    	 [<ffffffff810f8b3a>] ondemand_readahead+0x29e/0x2af
    	 [<ffffffff810f8c92>] page_cache_sync_readahead+0x38/0x3a
    	 [<ffffffff810ef337>] generic_file_read_iter+0x1a2/0x55a
    	 [<ffffffffa00a9dff>] ? nfs_revalidate_mapping+0xd6/0x288 [nfs]
    	 [<ffffffffa00a6a23>] nfs_file_read+0x49/0x70 [nfs]
    	 [<ffffffff811363be>] new_sync_read+0x78/0x9c
    	 [<ffffffff81137164>] __vfs_read+0x13/0x38
    	 [<ffffffff8113721e>] vfs_read+0x95/0x121
    	 [<ffffffff811372f6>] SyS_read+0x4c/0x8a
    	 [<ffffffff81557a52>] system_call_fastpath+0x12/0x17
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Reviewed-by: default avatarSteve Dickson <steved@redhat.com>
    Acked-by: default avatarJeff Layton <jeff.layton@primarydata.com>
fscache-cache.h 18.3 KB