From: Ming Lei <ming.lei@redhat.com>
To: Martin Wilck <mwilck@suse.com>
Cc: Ming Lei <tom.leiming@gmail.com>, Jens Axboe <axboe@kernel.dk>,
Hannes Reinecke <hare@suse.de>, Christoph Hellwig <hch@lst.de>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
jack@suse.com, kent.overstreet@gmail.com
Subject: Re: Silent data corruption in blkdev_direct_IO()
Date: Wed, 18 Jul 2018 15:54:46 +0800 [thread overview]
Message-ID: <20180718075440.GA15254@ming.t460p> (raw)
In-Reply-To: <54436062eee1e10644b536ae3c8c40f94da3ccbd.camel@suse.com>
On Wed, Jul 18, 2018 at 09:32:12AM +0200, Martin Wilck wrote:
> On Wed, 2018-07-18 at 10:48 +0800, Ming Lei wrote:
> > On Wed, Jul 18, 2018 at 02:07:28AM +0200, Martin Wilck wrote:
> > >
> > > From b75adc856119346e02126cf8975755300f2d9b7f Mon Sep 17 00:00:00
> > > 2001
> > > From: Martin Wilck <mwilck@suse.com>
> > > Date: Wed, 18 Jul 2018 01:56:37 +0200
> > > Subject: [PATCH] block: bio_iov_iter_get_pages: fix size of last
> > > iovec
> > >
> > > If the last page of the bio is not "full", the length of the last
> > > vector bin needs to be corrected. This bin has the index
> > > (bio->bi_vcnt - 1), but in bio->bi_io_vec, not in the "bv" helper
> > > array which
> > > is shifted by the value of bio->bi_vcnt at function invocation.
> > >
> > > Signed-off-by: Martin Wilck <mwilck@suse.com>
> > > ---
> > > block/bio.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/block/bio.c b/block/bio.c
> > > index 53e0f0a..c22e76f 100644
> > > --- a/block/bio.c
> > > +++ b/block/bio.c
> > > @@ -913,7 +913,7 @@ int bio_iov_iter_get_pages(struct bio *bio,
> > > struct iov_iter *iter)
> > > bv[0].bv_offset += offset;
> > > bv[0].bv_len -= offset;
> > > if (diff)
> > > - bv[bio->bi_vcnt - 1].bv_len -= diff;
> > > + bio->bi_io_vec[bio->bi_vcnt - 1].bv_len -= diff;
> > >
> > > iov_iter_advance(iter, size);
> > > return 0;
> >
> > Right, that is the issue, we need this fix for -stable, but maybe the
> > following fix is more readable:
> >
> > diff --git a/block/bio.c b/block/bio.c
> > index f3536bfc8298..6e37b803755b 100644
> > --- a/block/bio.c
> > +++ b/block/bio.c
> > @@ -914,16 +914,16 @@ EXPORT_SYMBOL(bio_add_page);
> > */
> > int bio_iov_iter_get_pages(struct bio *bio, struct iov_iter *iter)
> > {
> > - unsigned short nr_pages = bio->bi_max_vecs - bio->bi_vcnt;
> > + unsigned short idx, nr_pages = bio->bi_max_vecs - bio-
> > >bi_vcnt;
> > struct bio_vec *bv = bio->bi_io_vec + bio->bi_vcnt;
> > struct page **pages = (struct page **)bv;
> > - size_t offset, diff;
> > + size_t offset;
> > ssize_t size;
> >
> > size = iov_iter_get_pages(iter, pages, LONG_MAX, nr_pages,
> > &offset);
> > if (unlikely(size <= 0))
> > return size ? size : -EFAULT;
> > - nr_pages = (size + offset + PAGE_SIZE - 1) / PAGE_SIZE;
> > + idx = nr_pages = (size + offset + PAGE_SIZE - 1) /
> > PAGE_SIZE;
> >
> > /*
> > * Deep magic below: We need to walk the pinned pages
> > backwards
> > @@ -936,17 +936,15 @@ int bio_iov_iter_get_pages(struct bio *bio,
> > struct iov_iter *iter)
> > bio->bi_iter.bi_size += size;
> > bio->bi_vcnt += nr_pages;
> >
> > - diff = (nr_pages * PAGE_SIZE - offset) - size;
> > - while (nr_pages--) {
> > - bv[nr_pages].bv_page = pages[nr_pages];
> > - bv[nr_pages].bv_len = PAGE_SIZE;
> > - bv[nr_pages].bv_offset = 0;
> > + while (idx--) {
> > + bv[idx].bv_page = pages[idx];
> > + bv[idx].bv_len = PAGE_SIZE;
> > + bv[idx].bv_offset = 0;
> > }
> >
> > bv[0].bv_offset += offset;
> > bv[0].bv_len -= offset;
> > - if (diff)
> > - bv[bio->bi_vcnt - 1].bv_len -= diff;
> > + bv[nr_pages - 1].bv_len -= (nr_pages * PAGE_SIZE - offset) -
> > size;
> >
> > iov_iter_advance(iter, size);
> > return 0;
> >
> > And for mainline, I suggest to make Christoph's new code in, that is
> > easy to prove its correctness, and seems simpler.
>
> Fine with me. Will you take care of a submission, or should I?
> Btw, this is not the full fix for our data corruption issue yet.
> Another patch is needed which still needs testing.
Please go ahead and take care of it since you have the test cases.
thanks
Ming
next prev parent reply other threads:[~2018-07-18 7:54 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-12 14:36 Silent data corruption in blkdev_direct_IO() Hannes Reinecke
2018-07-12 15:08 ` Jens Axboe
2018-07-12 16:11 ` Martin Wilck
2018-07-12 16:14 ` Hannes Reinecke
2018-07-12 16:20 ` Jens Axboe
2018-07-12 16:42 ` Jens Axboe
2018-07-13 6:47 ` Martin Wilck
2018-07-13 16:56 ` Martin Wilck
2018-07-13 18:00 ` Jens Axboe
2018-07-13 18:50 ` Jens Axboe
2018-07-13 22:21 ` Martin Wilck
2018-07-13 20:48 ` Martin Wilck
2018-07-13 20:52 ` Jens Axboe
2018-07-16 19:05 ` Martin Wilck
2018-07-12 23:29 ` Ming Lei
2018-07-13 18:54 ` Jens Axboe
2018-07-13 22:29 ` Martin Wilck
2018-07-16 11:45 ` Ming Lei
2018-07-18 0:07 ` Martin Wilck
2018-07-18 2:48 ` Ming Lei
2018-07-18 7:32 ` Martin Wilck
2018-07-18 7:54 ` Ming Lei [this message]
2018-07-18 9:20 ` Johannes Thumshirn
2018-07-18 11:40 ` Jan Kara
2018-07-18 11:57 ` Jan Kara
2018-07-19 9:39 ` [PATCH 0/2] Fix silent " Martin Wilck
2018-07-19 9:39 ` [PATCH 1/2] block: bio_iov_iter_get_pages: fix size of last iovec Martin Wilck
2018-07-19 10:05 ` Hannes Reinecke
2018-07-19 10:09 ` Ming Lei
2018-07-19 10:20 ` Jan Kara
2018-07-19 14:52 ` Christoph Hellwig
2018-07-19 9:39 ` [PATCH 2/2] blkdev: __blkdev_direct_IO_simple: make sure to fill up the bio Martin Wilck
2018-07-19 10:06 ` Hannes Reinecke
2018-07-19 10:21 ` Ming Lei
2018-07-19 10:37 ` Jan Kara
2018-07-19 10:46 ` Ming Lei
2018-07-19 11:08 ` Al Viro
2018-07-19 14:53 ` Christoph Hellwig
2018-07-19 15:06 ` Jan Kara
2018-07-19 15:11 ` Christoph Hellwig
2018-07-19 19:21 ` Martin Wilck
2018-07-19 19:34 ` Martin Wilck
2018-07-19 10:45 ` Jan Kara
2018-07-19 12:23 ` Martin Wilck
2018-07-19 15:15 ` Jan Kara
2018-07-19 20:01 ` Martin Wilck
2018-07-19 11:04 ` Ming Lei
2018-07-19 11:56 ` Jan Kara
2018-07-19 12:20 ` Ming Lei
2018-07-19 15:21 ` Jan Kara
2018-07-19 19:06 ` Martin Wilck
2018-07-19 12:25 ` Martin Wilck
2018-07-19 10:08 ` [PATCH 0/2] Fix silent data corruption in blkdev_direct_IO() Hannes Reinecke
2018-07-19 14:50 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180718075440.GA15254@ming.t460p \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=jack@suse.com \
--cc=kent.overstreet@gmail.com \
--cc=linux-block@vger.kernel.org \
--cc=mwilck@suse.com \
--cc=tom.leiming@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.