cachefiles: Fix oops with cachefiles_cull() due to NULL object

When cachefiles_cull() calls cachefiles_bury_object(), it passes a NULL object. When this occurs, either trace_cachefiles_unlink() or trace_cachefiles_rename() may oops due to the NULL object. Check for NULL object in the tracepoint and if so, set debug_id to MAX_UINT as was done in 2908f5e101e3. The following oops was seen with xfstests generic/100. BUG: kernel NULL pointer dereference, address: 0000000000000010 ... RIP: 0010:trace_event_raw_event_cachefiles_unlink+0x4e/0xa0 [cachefiles] ... Call Trace: cachefiles_bury_object+0x242/0x430 [cachefiles] ? __vfs_removexattr_locked+0x10f/0x150 ? vfs_removexattr+0x51/0xd0 cachefiles_cull+0x84/0x120 [cachefiles] cachefiles_daemon_cull+0xd1/0x120 [cachefiles] cachefiles_daemon_write+0x158/0x190 [cachefiles] vfs_write+0xbc/0x260 ksys_write+0x4f/0xc0 do_syscall_64+0x3b/0x90 The following oops was seen with xfstests generic/290. BUG: kernel NULL pointer dereference, address: 0000000000000010 ... RIP: 0010:trace_event_raw_event_cachefiles_rename+0x54/0xa0 [cachefiles] ... Call Trace: cachefiles_bury_object+0x35c/0x430 [cachefiles] cachefiles_cull+0x84/0x120 [cachefiles] cachefiles_daemon_cull+0xd1/0x120 [cachefiles] cachefiles_daemon_write+0x158/0x190 [cachefiles] vfs_write+0xbc/0x260 ksys_write+0x4f/0xc0 do_syscall_64+0x3b/0x90 Fixes: 2908f5e101e3 ("fscache: Add a cookie debug ID and use that in traces") Signed-off-by: Dave Wysochanski <dwysocha@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Link: https://listman.redhat.com/archives/linux-cachefs/2021-October/msg00009.html
author: Dave Wysochanski <dwysocha@redhat.com> 2021-10-03 19:14:00 +0300
committer: David Howells <dhowells@redhat.com> 2021-10-05 13:22:06 +0300
commit: a0e25f0a0d39d66c048d5dbac1e7ebaa6ec885d7 (patch)
tree: 603b7db641c1aac17c21c1e0dfbf39854b4c2360 /include/trace
parent: 9e1ff307c779ce1f0f810c7ecce3d95bbae40896 (diff)
download: linux-a0e25f0a0d39d66c048d5dbac1e7ebaa6ec885d7.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/include/trace/events/cachefiles.h b/include/trace/events/cachefiles.h
index 695bfdbfdcad..920b6a303d60 100644
--- a/include/trace/events/cachefiles.h
+++ b/include/trace/events/cachefiles.h
@@ -178,7 +178,7 @@ TRACE_EVENT(cachefiles_unlink,
 			     ),
 
 	    TP_fast_assign(
-		    __entry->obj	= obj->fscache.debug_id;
+		    __entry->obj	= obj ? obj->fscache.debug_id : UINT_MAX;
 		    __entry->de		= de;
 		    __entry->why	= why;
 			   ),
@@ -205,7 +205,7 @@ TRACE_EVENT(cachefiles_rename,
 			     ),
 
 	    TP_fast_assign(
-		    __entry->obj	= obj->fscache.debug_id;
+		    __entry->obj	= obj ? obj->fscache.debug_id : UINT_MAX;
 		    __entry->de		= de;
 		    __entry->to		= to;
 		    __entry->why	= why;
author	Dave Wysochanski <dwysocha@redhat.com>	2021-10-03 19:14:00 +0300
committer	David Howells <dhowells@redhat.com>	2021-10-05 13:22:06 +0300
commit	a0e25f0a0d39d66c048d5dbac1e7ebaa6ec885d7 (patch)
tree	603b7db641c1aac17c21c1e0dfbf39854b4c2360 /include/trace
parent	9e1ff307c779ce1f0f810c7ecce3d95bbae40896 (diff)
download	linux-a0e25f0a0d39d66c048d5dbac1e7ebaa6ec885d7.tar.xz