All of lore.kernel.org
 help / color / mirror / Atom feed
From: Larry Finger <Larry.Finger@lwfinger.net>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: Re: Regression in 4.6.0-git - bisected to commit dd254f5a382c
Date: Tue, 24 May 2016 13:39:14 -0500	[thread overview]
Message-ID: <57449FD2.8090808@lwfinger.net> (raw)
In-Reply-To: <20160524162812.GY14480@ZenIV.linux.org.uk>

On 05/24/2016 11:28 AM, Al Viro wrote:
> On Tue, May 24, 2016 at 11:10:09AM -0500, Larry Finger wrote:
>
>> For now, the following one-line hack allows my system to boot:
>>
>> diff --git a/fs/read_write.c b/fs/read_write.c
>> index 933b53a..d5d64d9 100644
>> --- a/fs/read_write.c
>> +++ b/fs/read_write.c
>> @@ -721,6 +721,7 @@ static ssize_t do_loop_readv_writev(struct file *filp,
>> struct iov_iter *iter,
>>                  ret += nr;
>>                  if (nr != iovec.iov_len)
>>                          break;
>> +               nr = max_t(ssize_t, nr, 1);
>>                  iov_iter_advance(iter, nr);
>>          }
>>
>> I have no idea what subtle bug in do_loop_readv_writev() is causing nr to be
>> zero, but it seems to have been exposed by commit dd254f5a382c.
>
> This is definitely broken.  What happens is that something calls readv()
> or writev() with one of the iovecs in the middle of the vector having
> zero ->iov_len.  The call of iov_iter_advance(iter, 0) used to step to
> the next iovec in such situation; the change in this commit leaves that to the
> next primitive called, and most of the time that works just fine.
> do_loop_readv_writev(), though, is picking the size to be passed to
> ->write()/->read() from the current iovec, and if it had been zero from
> the very beginning... guess what's going to happen.
>
> I'm somewhat curious about the source of that syscall - it's a good testcase
> to add to ltp/xfstests, but it smells very odd for normal userland code.
> It certainly needs to be fixed kernel-side, but the code issuing that is
> probably worth looking into.  Oddities are like mushrooms - found one, look
> around for more and don't assume that the rest will be of the same species...
>
> I'm looking into iterate_and_advance right now; hopefully will have a sane
> replacement shortly...

I did a pull from mainline this morning (commit 84787c572d402) and the problem 
has somehow been fixed. I did not see any likely candidates in the commit 
messages, and I'm bisecting again to see which change did it.

Larry

  reply	other threads:[~2016-05-24 18:39 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-23 21:30 Regression in 4.6.0-git - bisected to commit dd254f5a382c Larry Finger
2016-05-24  0:18 ` Al Viro
2016-05-24  2:55   ` Larry Finger
2016-05-24 16:10   ` Larry Finger
2016-05-24 16:28     ` Al Viro
2016-05-24 18:39       ` Larry Finger [this message]
2016-05-24 19:13     ` Matthew McClintock
2016-05-24 19:16       ` Larry Finger
2016-05-24 19:25         ` Matthew McClintock
2016-05-24 19:36           ` Larry Finger
2016-05-24 22:31             ` Matthew McClintock
2016-05-24 23:41               ` Al Viro
2016-05-25  0:58                 ` Matthew McClintock
2016-05-25  1:10                   ` Al Viro
2016-05-25  1:20                     ` Matthew McClintock
2016-05-25  1:28                       ` Al Viro
2016-05-25  2:06                         ` Matthew McClintock
2016-05-25  3:21                           ` Al Viro
2016-05-25  6:24                 ` Al Viro
2016-05-25 14:28                   ` Larry Finger
2016-05-25 15:27                   ` Matthew McClintock

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57449FD2.8090808@lwfinger.net \
    --to=larry.finger@lwfinger.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.