https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-4985 Lustre <p>Several places in the Lustre code store the result of kthread_run, which is of 64-bit type task_struct *, in a 32-bit integer. Depending on the value of the pointer, this will be interpreted as an error by the IS_ERR_VALUE macro.</p> <p>This problem exists, for example, with the creation of statahead threads, ll_sa.</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>static int start_statahead_thread(struct inode *dir, struct dentry *dentry) { ... int rc; ... rc = PTR_ERR(kthread_run(ll_statahead_thread, dentry-&gt;d_parent, "ll_sa_%u", lli-&gt;lli_opendir_pid)); thread = &amp;sai-&gt;sai_thread; if (IS_ERR_VALUE(rc)) { CERROR("can't start ll_sa thread, rc: %d\n", rc); spin_lock(&amp;lli-&gt;lli_sa_lock); thread_set_flags(thread, SVC_STOPPED); thread_set_flags(&amp;sai-&gt;sai_agl_thread, SVC_STOPPED); spin_unlock(&amp;lli-&gt;lli_sa_lock); ll_sai_put(sai); GOTO(out, rc = -EAGAIN); } ... </pre> </div></div> <p>This can cause a general protection fault if the sai struct is accessed by the ll_sa thread after it has been freed. Here is an example in which the return value from kthread_run is incorrectly interpreted as an error:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>2014-04-18T04:37:49.706791-05:00 c0-0c1s2n3 LustreError: 11453:0:(statahead.c:1588:start_statahead_thread()) can't start ll_sa thread, rc: -3968 </pre> </div></div> <p>The -3968 which is reported as the rc of the kthread_run is not a valid error number. It is the result of truncating the returned task_struct pointer to a 32-bit int.</p> <p>There are other places in Lustre which handle the return value of kthread_run incorrectly. We need to go through and make sure the return value of kthread_run is handled correctly in all cases. The correct way to handle it would be like this:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>struct task_struct *task = kthread_run(...) if (IS_ERR(task)) { rc = PTR_ERR(task); CERROR(..) } </pre> </div></div> LU-4985

Return value of kthread_run truncated to 32-bit int in ll_sa thread and elsewhere

Bug Minor Resolved Fixed John Hammond Ryan Haasken patch Wed, 30 Apr 2014 16:39:18 +0000 Thu, 5 Jun 2014 19:14:27 +0000 Wed, 14 May 2014 14:12:04 +0000 Lustre 2.6.0 0 10 <p>John,<br/> Can you look at this one and comment on the priority?<br/> Thank you!</p> <p>This looks like 2.5.*. Is that correct Ryan?</p> <p>This is fixed in 2.6.0 by <a href="http://review.whamcloud.com/#/c/6759/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/6759/</a> for <a href="https://jira.whamcloud.com/browse/LU-3498" title="most uses of IS_ERR_VALUE() are incorrect" class="issue-link" data-issue-key="LU-3498"><del>LU-3498</del></a>.</p> <p>I would say major/critical. Most of <a href="http://review.whamcloud.com/#/c/6759/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/6759/</a> can probably be ported to 2.5 without too much fuss.</p> <p>John, that's correct, it's 2.5.*.</p> <p>I didn't see <a href="https://jira.whamcloud.com/browse/LU-3498" title="most uses of IS_ERR_VALUE() are incorrect" class="issue-link" data-issue-key="LU-3498"><del>LU-3498</del></a> before, but it looks like <a href="http://review.whamcloud.com/#/c/6759/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/6759/</a> fixes most of the kthread_run calls. Should we port that to b2_5 then?</p> <p>It looks like there are still a few remaining spots that need fixing in master as well:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre> File Function Line 0 lfsck_layout.c lfsck_layout_master_prep 4318 rc = PTR_ERR(kthread_run(lfsck_layout_assistant, lta, "lfsck_layout")); 1 lfsck_lib.c lfsck_start 2238 rc = PTR_ERR(kthread_run(lfsck_master_engine, lta, "lfsck")); 2 lfsck_namespace.c lfsck_namespace_double_scan 1534 rc = PTR_ERR(kthread_run(lfsck_namespace_double_scan_main, lta, 3 ofd_io.c ofd_start_inconsistency_verification_ 230 rc = PTR_ERR(kthread_run(ofd_inconsistency_verification_main, ofd, </pre> </div></div> <p>Actually, I take back the comment about the four calls to kthread_run above. In each of those cases, rc is a long int, so it should be okay.</p> <p>Here is the port for b2_5: <a href="http://review.whamcloud.com/#/c/10178/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/10178/</a></p> <p>It wouldn't be terrible to fix the four remaining cases to assign the return value to a task_struct pointer for consistency with the other callers. </p> <p>Here's a patch against master to change the remaining four cases to match the rest: <a href="http://review.whamcloud.com/#/c/10266/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/10266/</a></p> <p>Patch landed to master. Ticket can be closed.</p> <p>Landed for 2.6</p> <p>The b2_5 port of the patch which fixed <a href="https://jira.whamcloud.com/browse/LU-3498" title="most uses of IS_ERR_VALUE() are incorrect" class="issue-link" data-issue-key="LU-3498"><del>LU-3498</del></a> is ready to land as well:</p> <p><a href="http://review.whamcloud.com/#/c/10178/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/10178/</a></p> Development Rank 1|hzwlif: Rank (Obsolete) 13809 Severity