Commit f8789bfd authored by Mike Snitzer's avatar Mike Snitzer Committed by Ben Hutchings

dm persistent data: handle space map checker creation failure

commit 62662303 upstream.

If CONFIG_DM_DEBUG_SPACE_MAPS is enabled and dm_sm_checker_create()
fails, dm_tm_create_internal() would still return success even though it
cleaned up all resources it was supposed to have created.  This will
lead to a kernel crash:

general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
...
RIP: 0010:[<ffffffff81593659>]  [<ffffffff81593659>] dm_bufio_get_block_size+0x9/0x20
Call Trace:
  [<ffffffff81599bae>] dm_bm_block_size+0xe/0x10
  [<ffffffff8159b8b8>] sm_ll_init+0x78/0xd0
  [<ffffffff8159c1a6>] sm_ll_new_disk+0x16/0xa0
  [<ffffffff8159c98e>] dm_sm_disk_create+0xfe/0x160
  [<ffffffff815abf6e>] dm_pool_metadata_open+0x16e/0x6a0
  [<ffffffff815aa010>] pool_ctr+0x3f0/0x900
  [<ffffffff8158d565>] dm_table_add_target+0x195/0x450
  [<ffffffff815904c4>] table_load+0xe4/0x330
  [<ffffffff815917ea>] ctl_ioctl+0x15a/0x2c0
  [<ffffffff81591963>] dm_ctl_ioctl+0x13/0x20
  [<ffffffff8116a4f8>] do_vfs_ioctl+0x98/0x560
  [<ffffffff8116aa51>] sys_ioctl+0x91/0xa0
  [<ffffffff81869f52>] system_call_fastpath+0x16/0x1b

Fix the space map checker code to return an appropriate ERR_PTR and have
dm_sm_disk_create() and dm_tm_create_internal() check for it with
IS_ERR.
Reported-by: default avatarVivek Goyal <vgoyal@redhat.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent ee294c70
...@@ -343,25 +343,25 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm) ...@@ -343,25 +343,25 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
int r; int r;
struct sm_checker *smc; struct sm_checker *smc;
if (!sm) if (IS_ERR_OR_NULL(sm))
return NULL; return ERR_PTR(-EINVAL);
smc = kmalloc(sizeof(*smc), GFP_KERNEL); smc = kmalloc(sizeof(*smc), GFP_KERNEL);
if (!smc) if (!smc)
return NULL; return ERR_PTR(-ENOMEM);
memcpy(&smc->sm, &ops_, sizeof(smc->sm)); memcpy(&smc->sm, &ops_, sizeof(smc->sm));
r = ca_create(&smc->old_counts, sm); r = ca_create(&smc->old_counts, sm);
if (r) { if (r) {
kfree(smc); kfree(smc);
return NULL; return ERR_PTR(r);
} }
r = ca_create(&smc->counts, sm); r = ca_create(&smc->counts, sm);
if (r) { if (r) {
ca_destroy(&smc->old_counts); ca_destroy(&smc->old_counts);
kfree(smc); kfree(smc);
return NULL; return ERR_PTR(r);
} }
smc->real_sm = sm; smc->real_sm = sm;
...@@ -371,7 +371,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm) ...@@ -371,7 +371,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
ca_destroy(&smc->counts); ca_destroy(&smc->counts);
ca_destroy(&smc->old_counts); ca_destroy(&smc->old_counts);
kfree(smc); kfree(smc);
return NULL; return ERR_PTR(r);
} }
r = ca_commit(&smc->old_counts, &smc->counts); r = ca_commit(&smc->old_counts, &smc->counts);
...@@ -379,7 +379,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm) ...@@ -379,7 +379,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
ca_destroy(&smc->counts); ca_destroy(&smc->counts);
ca_destroy(&smc->old_counts); ca_destroy(&smc->old_counts);
kfree(smc); kfree(smc);
return NULL; return ERR_PTR(r);
} }
return &smc->sm; return &smc->sm;
...@@ -391,25 +391,25 @@ struct dm_space_map *dm_sm_checker_create_fresh(struct dm_space_map *sm) ...@@ -391,25 +391,25 @@ struct dm_space_map *dm_sm_checker_create_fresh(struct dm_space_map *sm)
int r; int r;
struct sm_checker *smc; struct sm_checker *smc;
if (!sm) if (IS_ERR_OR_NULL(sm))
return NULL; return ERR_PTR(-EINVAL);
smc = kmalloc(sizeof(*smc), GFP_KERNEL); smc = kmalloc(sizeof(*smc), GFP_KERNEL);
if (!smc) if (!smc)
return NULL; return ERR_PTR(-ENOMEM);
memcpy(&smc->sm, &ops_, sizeof(smc->sm)); memcpy(&smc->sm, &ops_, sizeof(smc->sm));
r = ca_create(&smc->old_counts, sm); r = ca_create(&smc->old_counts, sm);
if (r) { if (r) {
kfree(smc); kfree(smc);
return NULL; return ERR_PTR(r);
} }
r = ca_create(&smc->counts, sm); r = ca_create(&smc->counts, sm);
if (r) { if (r) {
ca_destroy(&smc->old_counts); ca_destroy(&smc->old_counts);
kfree(smc); kfree(smc);
return NULL; return ERR_PTR(r);
} }
smc->real_sm = sm; smc->real_sm = sm;
......
...@@ -290,7 +290,16 @@ struct dm_space_map *dm_sm_disk_create(struct dm_transaction_manager *tm, ...@@ -290,7 +290,16 @@ struct dm_space_map *dm_sm_disk_create(struct dm_transaction_manager *tm,
dm_block_t nr_blocks) dm_block_t nr_blocks)
{ {
struct dm_space_map *sm = dm_sm_disk_create_real(tm, nr_blocks); struct dm_space_map *sm = dm_sm_disk_create_real(tm, nr_blocks);
return dm_sm_checker_create_fresh(sm); struct dm_space_map *smc;
if (IS_ERR_OR_NULL(sm))
return sm;
smc = dm_sm_checker_create_fresh(sm);
if (IS_ERR(smc))
dm_sm_destroy(sm);
return smc;
} }
EXPORT_SYMBOL_GPL(dm_sm_disk_create); EXPORT_SYMBOL_GPL(dm_sm_disk_create);
......
...@@ -345,8 +345,10 @@ static int dm_tm_create_internal(struct dm_block_manager *bm, ...@@ -345,8 +345,10 @@ static int dm_tm_create_internal(struct dm_block_manager *bm,
} }
*sm = dm_sm_checker_create(inner); *sm = dm_sm_checker_create(inner);
if (!*sm) if (IS_ERR(*sm)) {
r = PTR_ERR(*sm);
goto bad2; goto bad2;
}
} else { } else {
r = dm_bm_write_lock(dm_tm_get_bm(*tm), sb_location, r = dm_bm_write_lock(dm_tm_get_bm(*tm), sb_location,
...@@ -365,9 +367,11 @@ static int dm_tm_create_internal(struct dm_block_manager *bm, ...@@ -365,9 +367,11 @@ static int dm_tm_create_internal(struct dm_block_manager *bm,
} }
*sm = dm_sm_checker_create(inner); *sm = dm_sm_checker_create(inner);
if (!*sm) if (IS_ERR(*sm)) {
r = PTR_ERR(*sm);
goto bad2; goto bad2;
} }
}
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment