Re: [RFC] block: fix access of uninitialized pointer address in bt_for_each()

From: Ming Lei
Date: Fri Apr 17 2020 - 22:12:31 EST


On Fri, Apr 17, 2020 at 08:51:34PM +0800, yu kuai wrote:
> I recently got a KASAN warning like this in our 4.19 kernel:
>
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in bt_for_each+0x1dc/0x2c0
> Read of size 8 at addr ffff8000c0865000 by task sh/2023305
>
> Call trace:
> dump_backtrace+0x0/0x310
> show_stack+0x28/0x38
> dump_stack+0xd8/0x108
> print_address_description+0x68/0x2d0
> kasan_report+0x124/0x2e0
> __asan_load8+0x88/0xb0
> bt_for_each+0x1dc/0x2c0
> blk_mq_queue_tag_busy_iter+0x1f0/0x3e8
> blk_mq_in_flight+0xb4/0xe0
> part_in_flight+0x124/0x178
> part_round_stats+0x128/0x3b0

This code path is killed since 5b18b5a73760 ("block: delete part_round_stats and
switch to less precise counting").

However, it still can be triggered via readding proc & sysfs iostat.

Jian Chao worked patches for this issue before, please refer to:

https://lore.kernel.org/linux-block/1553492318-1810-1-git-send-email-jianchao.w.wang@xxxxxxxxxx/

but didn't get chance to merge.

Thanks,
Ming