b512719f77
While forking, if delayacct init fails due to memory shortage, it continues expecting all delayacct users to check task->delays pointer against NULL before dereferencing it, which all of them used to do. Commitc96f5471ce
("delayacct: Account blkio completion on the correct task"), while updating delayacct_blkio_end() to take the target task instead of always using %current, made the function test NULL on %current->delays and then continue to operated on @p->delays. If %current succeeded init while @p didn't, it leads to the following crash. BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: __delayacct_blkio_end+0xc/0x40 PGD 8000001fd07e1067 P4D 8000001fd07e1067 PUD 1fcffbb067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 4 PID: 25774 Comm: QIOThread0 Not tainted 4.16.0-9_fbk1_rc2_1180_g6b593215b4d7 #9 RIP: 0010:__delayacct_blkio_end+0xc/0x40 Call Trace: try_to_wake_up+0x2c0/0x600 autoremove_wake_function+0xe/0x30 __wake_up_common+0x74/0x120 wake_up_page_bit+0x9c/0xe0 mpage_end_io+0x27/0x70 blk_update_request+0x78/0x2c0 scsi_end_request+0x2c/0x1e0 scsi_io_completion+0x20b/0x5f0 blk_mq_complete_request+0xa2/0x100 ata_scsi_qc_complete+0x79/0x400 ata_qc_complete_multiple+0x86/0xd0 ahci_handle_port_interrupt+0xc9/0x5c0 ahci_handle_port_intr+0x54/0xb0 ahci_single_level_irq_intr+0x3b/0x60 __handle_irq_event_percpu+0x43/0x190 handle_irq_event_percpu+0x20/0x50 handle_irq_event+0x2a/0x50 handle_edge_irq+0x80/0x1c0 handle_irq+0xaf/0x120 do_IRQ+0x41/0xc0 common_interrupt+0xf/0xf Fix it by updating delayacct_blkio_end() check @p->delays instead. Link: http://lkml.kernel.org/r/20180724175542.GP1934745@devbig577.frc2.facebook.com Fixes:c96f5471ce
("delayacct: Account blkio completion on the correct task") Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Dave Jones <dsj@fb.com> Debugged-by: Dave Jones <dsj@fb.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Josh Snyder <joshs@netflix.com> Cc: <stable@vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
188 lines
5.2 KiB
C
188 lines
5.2 KiB
C
/* delayacct.h - per-task delay accounting
|
|
*
|
|
* Copyright (C) Shailabh Nagar, IBM Corp. 2006
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
|
|
* the GNU General Public License for more details.
|
|
*
|
|
*/
|
|
|
|
#ifndef _LINUX_DELAYACCT_H
|
|
#define _LINUX_DELAYACCT_H
|
|
|
|
#include <uapi/linux/taskstats.h>
|
|
|
|
/*
|
|
* Per-task flags relevant to delay accounting
|
|
* maintained privately to avoid exhausting similar flags in sched.h:PF_*
|
|
* Used to set current->delays->flags
|
|
*/
|
|
#define DELAYACCT_PF_SWAPIN 0x00000001 /* I am doing a swapin */
|
|
#define DELAYACCT_PF_BLKIO 0x00000002 /* I am waiting on IO */
|
|
|
|
#ifdef CONFIG_TASK_DELAY_ACCT
|
|
struct task_delay_info {
|
|
raw_spinlock_t lock;
|
|
unsigned int flags; /* Private per-task flags */
|
|
|
|
/* For each stat XXX, add following, aligned appropriately
|
|
*
|
|
* struct timespec XXX_start, XXX_end;
|
|
* u64 XXX_delay;
|
|
* u32 XXX_count;
|
|
*
|
|
* Atomicity of updates to XXX_delay, XXX_count protected by
|
|
* single lock above (split into XXX_lock if contention is an issue).
|
|
*/
|
|
|
|
/*
|
|
* XXX_count is incremented on every XXX operation, the delay
|
|
* associated with the operation is added to XXX_delay.
|
|
* XXX_delay contains the accumulated delay time in nanoseconds.
|
|
*/
|
|
u64 blkio_start; /* Shared by blkio, swapin */
|
|
u64 blkio_delay; /* wait for sync block io completion */
|
|
u64 swapin_delay; /* wait for swapin block io completion */
|
|
u32 blkio_count; /* total count of the number of sync block */
|
|
/* io operations performed */
|
|
u32 swapin_count; /* total count of the number of swapin block */
|
|
/* io operations performed */
|
|
|
|
u64 freepages_start;
|
|
u64 freepages_delay; /* wait for memory reclaim */
|
|
u32 freepages_count; /* total count of memory reclaim */
|
|
};
|
|
#endif
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/slab.h>
|
|
|
|
#ifdef CONFIG_TASK_DELAY_ACCT
|
|
extern int delayacct_on; /* Delay accounting turned on/off */
|
|
extern struct kmem_cache *delayacct_cache;
|
|
extern void delayacct_init(void);
|
|
extern void __delayacct_tsk_init(struct task_struct *);
|
|
extern void __delayacct_tsk_exit(struct task_struct *);
|
|
extern void __delayacct_blkio_start(void);
|
|
extern void __delayacct_blkio_end(struct task_struct *);
|
|
extern int __delayacct_add_tsk(struct taskstats *, struct task_struct *);
|
|
extern __u64 __delayacct_blkio_ticks(struct task_struct *);
|
|
extern void __delayacct_freepages_start(void);
|
|
extern void __delayacct_freepages_end(void);
|
|
|
|
static inline int delayacct_is_task_waiting_on_io(struct task_struct *p)
|
|
{
|
|
if (p->delays)
|
|
return (p->delays->flags & DELAYACCT_PF_BLKIO);
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
static inline void delayacct_set_flag(int flag)
|
|
{
|
|
if (current->delays)
|
|
current->delays->flags |= flag;
|
|
}
|
|
|
|
static inline void delayacct_clear_flag(int flag)
|
|
{
|
|
if (current->delays)
|
|
current->delays->flags &= ~flag;
|
|
}
|
|
|
|
static inline void delayacct_tsk_init(struct task_struct *tsk)
|
|
{
|
|
/* reinitialize in case parent's non-null pointer was dup'ed*/
|
|
tsk->delays = NULL;
|
|
if (delayacct_on)
|
|
__delayacct_tsk_init(tsk);
|
|
}
|
|
|
|
/* Free tsk->delays. Called from bad fork and __put_task_struct
|
|
* where there's no risk of tsk->delays being accessed elsewhere
|
|
*/
|
|
static inline void delayacct_tsk_free(struct task_struct *tsk)
|
|
{
|
|
if (tsk->delays)
|
|
kmem_cache_free(delayacct_cache, tsk->delays);
|
|
tsk->delays = NULL;
|
|
}
|
|
|
|
static inline void delayacct_blkio_start(void)
|
|
{
|
|
delayacct_set_flag(DELAYACCT_PF_BLKIO);
|
|
if (current->delays)
|
|
__delayacct_blkio_start();
|
|
}
|
|
|
|
static inline void delayacct_blkio_end(struct task_struct *p)
|
|
{
|
|
if (p->delays)
|
|
__delayacct_blkio_end(p);
|
|
delayacct_clear_flag(DELAYACCT_PF_BLKIO);
|
|
}
|
|
|
|
static inline int delayacct_add_tsk(struct taskstats *d,
|
|
struct task_struct *tsk)
|
|
{
|
|
if (!delayacct_on || !tsk->delays)
|
|
return 0;
|
|
return __delayacct_add_tsk(d, tsk);
|
|
}
|
|
|
|
static inline __u64 delayacct_blkio_ticks(struct task_struct *tsk)
|
|
{
|
|
if (tsk->delays)
|
|
return __delayacct_blkio_ticks(tsk);
|
|
return 0;
|
|
}
|
|
|
|
static inline void delayacct_freepages_start(void)
|
|
{
|
|
if (current->delays)
|
|
__delayacct_freepages_start();
|
|
}
|
|
|
|
static inline void delayacct_freepages_end(void)
|
|
{
|
|
if (current->delays)
|
|
__delayacct_freepages_end();
|
|
}
|
|
|
|
#else
|
|
static inline void delayacct_set_flag(int flag)
|
|
{}
|
|
static inline void delayacct_clear_flag(int flag)
|
|
{}
|
|
static inline void delayacct_init(void)
|
|
{}
|
|
static inline void delayacct_tsk_init(struct task_struct *tsk)
|
|
{}
|
|
static inline void delayacct_tsk_free(struct task_struct *tsk)
|
|
{}
|
|
static inline void delayacct_blkio_start(void)
|
|
{}
|
|
static inline void delayacct_blkio_end(struct task_struct *p)
|
|
{}
|
|
static inline int delayacct_add_tsk(struct taskstats *d,
|
|
struct task_struct *tsk)
|
|
{ return 0; }
|
|
static inline __u64 delayacct_blkio_ticks(struct task_struct *tsk)
|
|
{ return 0; }
|
|
static inline int delayacct_is_task_waiting_on_io(struct task_struct *p)
|
|
{ return 0; }
|
|
static inline void delayacct_freepages_start(void)
|
|
{}
|
|
static inline void delayacct_freepages_end(void)
|
|
{}
|
|
|
|
#endif /* CONFIG_TASK_DELAY_ACCT */
|
|
|
|
#endif
|