From 6417cda6e39a7f9d2149f841dcd4d680961b3818 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Tue, 9 Jan 2018 11:04:36 -0500 Subject: [PATCH] Fix: block instrumentation 4.14+ NULL pointer dereference Support for block layer instrumentation on Linux kernels 4.14+ introduces the following NULL pointer dereference: 181.6723 [ 3819.390121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 181.6724 [ 3819.394856] IP: __event_probe__block_get_rq+0x127/0x4a0 [lttng_probe_block] 181.6725 [ 3819.394856] PGD 7b924067 P4D 7b924067 PUD 733a7067 PMD 0 181.6726 [ 3819.394856] Oops: 0000 [#1] SMP 181.6727 [ 3819.394856] Modules linked in: lttng_test(OE) lttng_probe_x86_exceptions(OE) lttng_probe_x86_irq_vectors(OE) lttng_probe_writeback(OE) lttng_probe_workqueue(OE) lttng_probe_vmscan(OE) lttng_probe_udp(OE) lttng_probe_timer(OE) lttng_probe_sunrpc(OE) lttng_probe_statedump(OE) lttng_probe_sock(OE) lttng_probe_skb(OE) lttng_probe_signal(OE) lttng_probe_scsi(OE) lttng_probe_sched(OE) lttng_probe_regulator(OE) lttng_probe_regmap(OE) lttng_probe_rcu(OE) lttng_probe_random(OE) lttng_probe_printk(OE) lttng_probe_power(OE) lttng_probe_net(OE) lttng_probe_napi(OE) lttng_probe_module(OE) lttng_probe_kvm_x86_mmu(OE) lttng_probe_kvm_x86(OE) lttng_probe_kvm(OE) lttng_probe_kmem(OE) lttng_probe_jbd2(OE) lttng_probe_irq(OE) lttng_probe_i2c(OE) lttng_probe_gpio(OE) lttng_probe_ext4(OE) lttng_probe_compaction(OE) lttng_probe_btrfs(OE) 181.6728 [ 3819.394856] lttng_probe_block(OE) lttng_ring_buffer_metadata_mmap_client(OE) lttng_ring_buffer_client_mmap_overwrite(OE) lttng_ring_buffer_client_mmap_discard(OE) lttng_ring_buffer_metadata_client(OE) lttng_ring_buffer_client_overwrite(OE) lttng_ring_buffer_client_discard(OE) lttng_tracer(OE) lttng_statedump(OE) lttng_ftrace(OE) lttng_kprobes(OE) lttng_clock(OE) lttng_lib_ring_buffer(OE) lttng_kretprobes(OE) [last unloaded: lttng_statedump] 181.6729 [ 3819.394856] CPU: 1 PID: 17541 Comm: kworker/u4:2 Tainted: G OE 4.14.0 #1 181.6730 [ 3819.394856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 181.6731 [ 3819.394856] Workqueue: events_freezable_power_ disk_events_workfn 181.6732 [ 3819.394856] task: ffff9cd5b9bb1cc0 task.stack: ffffbf4100444000 181.6733 [ 3819.394856] RIP: 0010:__event_probe__block_get_rq+0x127/0x4a0 [lttng_probe_block] 181.6734 [ 3819.394856] RSP: 0018:ffffbf4100447b40 EFLAGS: 00010246 181.6735 [ 3819.394856] RAX: 0000000000000000 RBX: ffff9cd5b39757a8 RCX: ffff9cd5ae850000 181.6736 [ 3819.394856] RDX: 000000000000042a RSI: 0000000000000bd6 RDI: ffffdf40ffd04470 181.6737 [ 3819.394856] RBP: ffffbf4100447c50 R08: 0000000000800000 R09: 0000000000019bd6 181.6738 [ 3819.394856] R10: ffffdf40ffd04470 R11: 0000000000000000 R12: 0000000000000000 181.6739 [ 3819.394856] R13: 000000000001d060 R14: ffff9cd5bb9988a0 R15: ffff9cd5b992b480 181.6740 [ 3819.394856] FS: 0000000000000000(0000) GS:ffff9cd5bfd00000(0000) knlGS:0000000000000000 181.6741 [ 3819.394856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 181.6742 [ 3819.394856] CR2: 0000000000000008 CR3: 00000000736ab000 CR4: 00000000000006e0 181.6743 [ 3819.394856] Call Trace: 181.6744 [ 3819.394856] ? scsi_old_init_rq+0x84/0x100 181.6745 [ 3819.394856] ? mempool_alloc+0x5f/0x150 181.6746 [ 3819.394856] ? kvm_clock_read+0x1e/0x20 181.6747 [ 3819.394856] get_request+0x4db/0x7e0 181.6748 [ 3819.394856] ? wait_woken+0x80/0x80 181.6749 [ 3819.394856] blk_get_request+0x9c/0x110 181.6750 [ 3819.394856] scsi_execute+0x40/0x260 181.6751 [ 3819.394856] sr_check_events+0x7d/0x290 181.6752 [ 3819.394856] cdrom_check_events+0x18/0x30 181.6753 [ 3819.394856] sr_block_check_events+0x2a/0x30 181.6754 [ 3819.394856] disk_check_events+0x51/0x130 181.6755 [ 3819.394856] disk_events_workfn+0x16/0x20 181.6756 [ 3819.394856] process_one_work+0x156/0x3f0 181.6757 [ 3819.394856] worker_thread+0x4b/0x460 181.6758 [ 3819.394856] kthread+0x109/0x140 181.6759 [ 3819.394856] ? process_one_work+0x3f0/0x3f0 181.6760 [ 3819.394856] ? kthread_create_on_node+0x40/0x40 181.6761 [ 3819.394856] ret_from_fork+0x25/0x30 181.6762 [ 3819.394856] Code: 00 00 00 00 48 89 85 20 ff ff ff 48 8d 85 10 ff ff ff 8b 73 04 48 89 85 28 ff ff ff 49 8b 47 48 ff 50 28 85 c0 0f 88 78 01 00 00 <49> 8b 44 24 08 ba 04 00 00 00 48 8d b5 08 ff ff ff 48 8d bd 20 181.6763 [ 3819.394856] RIP: __event_probe__block_get_rq+0x127/0x4a0 [lttng_probe_block] RSP: ffffbf4100447b40 181.6764 [ 3819.394856] CR2: 0000000000000008 181.6765 [ 3819.394856] ---[ end trace b08f087751369a25 ]--- Signed-off-by: Mathieu Desnoyers --- instrumentation/events/lttng-module/block.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/instrumentation/events/lttng-module/block.h b/instrumentation/events/lttng-module/block.h index 6526d3db..7692ccb6 100644 --- a/instrumentation/events/lttng-module/block.h +++ b/instrumentation/events/lttng-module/block.h @@ -848,7 +848,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(block_get_rq, TP_FIELDS( #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,14,0)) - ctf_integer(dev_t, dev, bio_dev(bio)) + ctf_integer(dev_t, dev, bio ? bio_dev(bio) : 0) #else ctf_integer(dev_t, dev, bio ? bio->bi_bdev->bd_dev : 0) #endif @@ -877,7 +877,7 @@ LTTNG_TRACEPOINT_EVENT_CLASS(block_get_rq, /** * block_getrq - get a free request entry in queue for block IO operations * @q: queue for operations - * @bio: pending block IO operation + * @bio: pending block IO operation (can be %NULL) * @rw: low bit indicates a read (%0) or a write (%1) * * A request struct for queue @q has been allocated to handle the @@ -893,7 +893,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(block_get_rq, block_getrq, /** * block_sleeprq - waiting to get a free request entry in queue for block IO operation * @q: queue for operation - * @bio: pending block IO operation + * @bio: pending block IO operation (can be %NULL) * @rw: low bit indicates a read (%0) or a write (%1) * * In the case where a request struct cannot be provided for queue @q -- 2.34.1