dm persistent data: handle space map checker creation failure
If CONFIG_DM_DEBUG_SPACE_MAPS is enabled and dm_sm_checker_create() fails, dm_tm_create_internal() would still return success even though it cleaned up all resources it was supposed to have created. This will lead to a kernel crash: general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC ... RIP: 0010:[<ffffffff81593659>] [<ffffffff81593659>] dm_bufio_get_block_size+0x9/0x20 Call Trace: [<ffffffff81599bae>] dm_bm_block_size+0xe/0x10 [<ffffffff8159b8b8>] sm_ll_init+0x78/0xd0 [<ffffffff8159c1a6>] sm_ll_new_disk+0x16/0xa0 [<ffffffff8159c98e>] dm_sm_disk_create+0xfe/0x160 [<ffffffff815abf6e>] dm_pool_metadata_open+0x16e/0x6a0 [<ffffffff815aa010>] pool_ctr+0x3f0/0x900 [<ffffffff8158d565>] dm_table_add_target+0x195/0x450 [<ffffffff815904c4>] table_load+0xe4/0x330 [<ffffffff815917ea>] ctl_ioctl+0x15a/0x2c0 [<ffffffff81591963>] dm_ctl_ioctl+0x13/0x20 [<ffffffff8116a4f8>] do_vfs_ioctl+0x98/0x560 [<ffffffff8116aa51>] sys_ioctl+0x91/0xa0 [<ffffffff81869f52>] system_call_fastpath+0x16/0x1b Fix the space map checker code to return an appropriate ERR_PTR and have dm_sm_disk_create() and dm_tm_create_internal() check for it with IS_ERR. Reported-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Alasdair G Kergon <agk@redhat.com>
This commit is contained in:
Mike Snitzer
Alasdair G Kergon
parent
25d7cd6faa
commit
62662303e7
3 changed files with 28 additions and 15 deletions
|
|
@ -343,25 +343,25 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
|
|||
int r;
|
||||
struct sm_checker *smc;
|
||||
|
||||
if (!sm)
|
||||
return NULL;
|
||||
if (IS_ERR_OR_NULL(sm))
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
smc = kmalloc(sizeof(*smc), GFP_KERNEL);
|
||||
if (!smc)
|
||||
return NULL;
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
||||
memcpy(&smc->sm, &ops_, sizeof(smc->sm));
|
||||
r = ca_create(&smc->old_counts, sm);
|
||||
if (r) {
|
||||
kfree(smc);
|
||||
return NULL;
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
r = ca_create(&smc->counts, sm);
|
||||
if (r) {
|
||||
ca_destroy(&smc->old_counts);
|
||||
kfree(smc);
|
||||
return NULL;
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
smc->real_sm = sm;
|
||||
|
|
@ -371,7 +371,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
|
|||
ca_destroy(&smc->counts);
|
||||
ca_destroy(&smc->old_counts);
|
||||
kfree(smc);
|
||||
return NULL;
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
r = ca_commit(&smc->old_counts, &smc->counts);
|
||||
|
|
@ -379,7 +379,7 @@ struct dm_space_map *dm_sm_checker_create(struct dm_space_map *sm)
|
|||
ca_destroy(&smc->counts);
|
||||
ca_destroy(&smc->old_counts);
|
||||
kfree(smc);
|
||||
return NULL;
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
return &smc->sm;
|
||||
|
|
@ -391,25 +391,25 @@ struct dm_space_map *dm_sm_checker_create_fresh(struct dm_space_map *sm)
|
|||
int r;
|
||||
struct sm_checker *smc;
|
||||
|
||||
if (!sm)
|
||||
return NULL;
|
||||
if (IS_ERR_OR_NULL(sm))
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
smc = kmalloc(sizeof(*smc), GFP_KERNEL);
|
||||
if (!smc)
|
||||
return NULL;
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
||||
memcpy(&smc->sm, &ops_, sizeof(smc->sm));
|
||||
r = ca_create(&smc->old_counts, sm);
|
||||
if (r) {
|
||||
kfree(smc);
|
||||
return NULL;
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
r = ca_create(&smc->counts, sm);
|
||||
if (r) {
|
||||
ca_destroy(&smc->old_counts);
|
||||
kfree(smc);
|
||||
return NULL;
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
smc->real_sm = sm;
|
||||
|
|
|
|||
|
|
@ -290,7 +290,16 @@ struct dm_space_map *dm_sm_disk_create(struct dm_transaction_manager *tm,
|
|||
dm_block_t nr_blocks)
|
||||
{
|
||||
struct dm_space_map *sm = dm_sm_disk_create_real(tm, nr_blocks);
|
||||
return dm_sm_checker_create_fresh(sm);
|
||||
struct dm_space_map *smc;
|
||||
|
||||
if (IS_ERR_OR_NULL(sm))
|
||||
return sm;
|
||||
|
||||
smc = dm_sm_checker_create_fresh(sm);
|
||||
if (IS_ERR(smc))
|
||||
dm_sm_destroy(sm);
|
||||
|
||||
return smc;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(dm_sm_disk_create);
|
||||
|
||||
|
|
|
|||
|
|
@ -347,8 +347,10 @@ static int dm_tm_create_internal(struct dm_block_manager *bm,
|
|||
}
|
||||
|
||||
*sm = dm_sm_checker_create(inner);
|
||||
if (!*sm)
|
||||
if (IS_ERR(*sm)) {
|
||||
r = PTR_ERR(*sm);
|
||||
goto bad2;
|
||||
}
|
||||
|
||||
} else {
|
||||
r = dm_bm_write_lock(dm_tm_get_bm(*tm), sb_location,
|
||||
|
|
@ -367,8 +369,10 @@ static int dm_tm_create_internal(struct dm_block_manager *bm,
|
|||
}
|
||||
|
||||
*sm = dm_sm_checker_create(inner);
|
||||
if (!*sm)
|
||||
if (IS_ERR(*sm)) {
|
||||
r = PTR_ERR(*sm);
|
||||
goto bad2;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue