From: Al Viro <viro@zeniv.linux.org.uk>
To: Keith Busch <kbusch@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Jens Axboe <axboe@kernel.dk>, Christoph Hellwig <hch@lst.de>,
Matthew Wilcox <willy@infradead.org>,
David Howells <dhowells@redhat.com>,
Dominique Martinet <asmadeus@codewreck.org>,
Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [block.git conflicts] Re: [PATCH 37/44] block: convert to advancing variants of iov_iter_get_pages{,_alloc}()
Date: Fri, 1 Jul 2022 19:12:17 +0100 [thread overview]
Message-ID: <Yr85AaNqNAEr+5ve@ZenIV> (raw)
In-Reply-To: <Yr838ci8FUsiZlSW@ZenIV>
On Fri, Jul 01, 2022 at 07:07:45PM +0100, Al Viro wrote:
> On Fri, Jul 01, 2022 at 11:53:44AM -0600, Keith Busch wrote:
> > On Fri, Jul 01, 2022 at 06:40:40PM +0100, Al Viro wrote:
> > > -static void bio_put_pages(struct page **pages, size_t size, size_t off)
> > > -{
> > > - size_t i, nr = DIV_ROUND_UP(size + (off & ~PAGE_MASK), PAGE_SIZE);
> > > -
> > > - for (i = 0; i < nr; i++)
> > > - put_page(pages[i]);
> > > -}
> > > -
> > > static int bio_iov_add_page(struct bio *bio, struct page *page,
> > > unsigned int len, unsigned int offset)
> > > {
> > > @@ -1228,11 +1220,11 @@ static int __bio_iov_iter_get_pages(struct bio *bio, struct iov_iter *iter)
> > > * the iov data will be picked up in the next bio iteration.
> > > */
> > > size = iov_iter_get_pages(iter, pages, LONG_MAX, nr_pages, &offset);
> > > - if (size > 0)
> > > - size = ALIGN_DOWN(size, bdev_logical_block_size(bio->bi_bdev));
> > > if (unlikely(size <= 0))
> > > return size ? size : -EFAULT;
> > > + nr_pages = DIV_ROUND_UP(offset + size, PAGE_SIZE);
> > >
> > > + size = ALIGN_DOWN(size, bdev_logical_block_size(bio->bi_bdev));
> >
> > This isn't quite right. The result of the ALIGN_DOWN could be 0, so whatever
> > page we got before would be leaked since unused pages are only released on an
> > add_page error. I was about to reply with a patch that fixes this, but here's
> > the one that I'm currently testing:
>
> AFAICS, result is broken; you might end up consuming some data and leaving
> iterator not advanced at all. With no way for the caller to tell which way it
> went.
How about the following?
commit 5e3e9769404de54734c110b2040bdb93593e0f1b
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Jul 1 13:15:36 2022 -0400
__bio_iov_iter_get_pages(): make sure we don't leak page refs on failure
Calculate the number of pages we'd grabbed before trimming size down.
And don't bother with bio_put_pages() - an explicit cleanup loop is
easier to follow...
Fixes: b1a000d3b8ec "block: relax direct io memory alignment"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/block/bio.c b/block/bio.c
index 933ea3210954..a9fe20cb71fe 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1151,14 +1151,6 @@ void bio_iov_bvec_set(struct bio *bio, struct iov_iter *iter)
bio_set_flag(bio, BIO_CLONED);
}
-static void bio_put_pages(struct page **pages, size_t size, size_t off)
-{
- size_t i, nr = DIV_ROUND_UP(size + (off & ~PAGE_MASK), PAGE_SIZE);
-
- for (i = 0; i < nr; i++)
- put_page(pages[i]);
-}
-
static int bio_iov_add_page(struct bio *bio, struct page *page,
unsigned int len, unsigned int offset)
{
@@ -1211,6 +1203,7 @@ static int __bio_iov_iter_get_pages(struct bio *bio, struct iov_iter *iter)
ssize_t size, left;
unsigned len, i;
size_t offset;
+ int ret;
/*
* Move page array up in the allocated memory for the bio vecs as far as
@@ -1228,14 +1221,13 @@ static int __bio_iov_iter_get_pages(struct bio *bio, struct iov_iter *iter)
* the iov data will be picked up in the next bio iteration.
*/
size = iov_iter_get_pages(iter, pages, LONG_MAX, nr_pages, &offset);
- if (size > 0)
- size = ALIGN_DOWN(size, bdev_logical_block_size(bio->bi_bdev));
if (unlikely(size <= 0))
return size ? size : -EFAULT;
+ nr_pages = DIV_ROUND_UP(offset + size, PAGE_SIZE);
+ size = ALIGN_DOWN(size, bdev_logical_block_size(bio->bi_bdev));
for (left = size, i = 0; left > 0; left -= len, i++) {
struct page *page = pages[i];
- int ret;
len = min_t(size_t, PAGE_SIZE - offset, left);
if (bio_op(bio) == REQ_OP_ZONE_APPEND)
@@ -1244,15 +1236,15 @@ static int __bio_iov_iter_get_pages(struct bio *bio, struct iov_iter *iter)
else
ret = bio_iov_add_page(bio, page, len, offset);
- if (ret) {
- bio_put_pages(pages + i, left, offset);
- return ret;
- }
+ if (ret)
+ break;
offset = 0;
}
+ while (i < nr_pages)
+ put_page(pages[i++]);
- iov_iter_advance(iter, size);
- return 0;
+ iov_iter_advance(iter, size - left);
+ return ret;
}
/**
next prev parent reply other threads:[~2022-07-01 18:12 UTC|newest]
Thread overview: 118+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 4:10 [RFC][CFT][PATCHSET] iov_iter stuff Al Viro
2022-06-22 4:15 ` [PATCH 01/44] 9p: handling Rerror without copy_from_iter_full() Al Viro
2022-06-22 4:15 ` [PATCH 02/44] No need of likely/unlikely on calls of check_copy_size() Al Viro
2022-06-22 4:15 ` [PATCH 03/44] teach iomap_dio_rw() to suppress dsync Al Viro
2022-06-22 4:15 ` [PATCH 04/44] btrfs: use IOMAP_DIO_NOSYNC Al Viro
2022-06-22 4:15 ` [PATCH 05/44] struct file: use anonymous union member for rcuhead and llist Al Viro
2022-06-22 4:15 ` [PATCH 06/44] iocb: delay evaluation of IS_SYNC(...) until we want to check IOCB_DSYNC Al Viro
2022-06-22 4:15 ` [PATCH 07/44] keep iocb_flags() result cached in struct file Al Viro
2022-06-22 4:15 ` [PATCH 08/44] copy_page_{to,from}_iter(): switch iovec variants to generic Al Viro
2022-06-27 18:31 ` Jeff Layton
2022-06-28 12:32 ` Christian Brauner
2022-06-28 18:36 ` Al Viro
2022-06-22 4:15 ` [PATCH 09/44] new iov_iter flavour - ITER_UBUF Al Viro
2022-06-27 18:47 ` Jeff Layton
2022-06-28 18:41 ` Al Viro
2022-06-28 12:38 ` Christian Brauner
2022-06-28 18:44 ` Al Viro
2022-07-28 9:55 ` [PATCH 9/44] " Alexander Gordeev
2022-07-29 17:21 ` Al Viro
2022-07-29 21:12 ` Alexander Gordeev
2022-07-30 0:03 ` Al Viro
2022-06-22 4:15 ` [PATCH 10/44] switch new_sync_{read,write}() to ITER_UBUF Al Viro
2022-06-22 4:15 ` [PATCH 11/44] iov_iter_bvec_advance(): don't bother with bvec_iter Al Viro
2022-06-27 18:48 ` Jeff Layton
2022-06-28 12:40 ` Christian Brauner
2022-06-22 4:15 ` [PATCH 12/44] fix short copy handling in copy_mc_pipe_to_iter() Al Viro
2022-06-27 19:15 ` Jeff Layton
2022-06-28 12:42 ` Christian Brauner
2022-06-22 4:15 ` [PATCH 13/44] splice: stop abusing iov_iter_advance() to flush a pipe Al Viro
2022-06-27 19:17 ` Jeff Layton
2022-06-28 12:43 ` Christian Brauner
2022-06-22 4:15 ` [PATCH 14/44] ITER_PIPE: helper for getting pipe buffer by index Al Viro
2022-06-28 10:38 ` Jeff Layton
2022-06-28 12:45 ` Christian Brauner
2022-06-22 4:15 ` [PATCH 15/44] ITER_PIPE: helpers for adding pipe buffers Al Viro
2022-06-28 11:32 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 16/44] ITER_PIPE: allocate buffers as we go in copy-to-pipe primitives Al Viro
2022-06-22 4:15 ` [PATCH 17/44] ITER_PIPE: fold push_pipe() into __pipe_get_pages() Al Viro
2022-06-22 4:15 ` [PATCH 18/44] ITER_PIPE: lose iter_head argument of __pipe_get_pages() Al Viro
2022-06-22 4:15 ` [PATCH 19/44] ITER_PIPE: clean pipe_advance() up Al Viro
2022-06-22 4:15 ` [PATCH 20/44] ITER_PIPE: clean iov_iter_revert() Al Viro
2022-06-22 4:15 ` [PATCH 21/44] ITER_PIPE: cache the type of last buffer Al Viro
2022-06-22 4:15 ` [PATCH 22/44] ITER_PIPE: fold data_start() and pipe_space_for_user() together Al Viro
2022-06-22 4:15 ` [PATCH 23/44] iov_iter_get_pages{,_alloc}(): cap the maxsize with MAX_RW_COUNT Al Viro
2022-06-28 11:41 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 24/44] iov_iter_get_pages_alloc(): lift freeing pages array on failure exits into wrapper Al Viro
2022-06-28 11:45 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 25/44] iov_iter_get_pages(): sanity-check arguments Al Viro
2022-06-28 11:47 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 26/44] unify pipe_get_pages() and pipe_get_pages_alloc() Al Viro
2022-06-28 11:49 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 27/44] unify xarray_get_pages() and xarray_get_pages_alloc() Al Viro
2022-06-28 11:50 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 28/44] unify the rest of iov_iter_get_pages()/iov_iter_get_pages_alloc() guts Al Viro
2022-06-28 11:54 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 29/44] ITER_XARRAY: don't open-code DIV_ROUND_UP() Al Viro
2022-06-28 11:54 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 30/44] iov_iter: lift dealing with maxpages out of first_{iovec,bvec}_segment() Al Viro
2022-06-28 11:56 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 31/44] iov_iter: first_{iovec,bvec}_segment() - simplify a bit Al Viro
2022-06-28 11:58 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 32/44] iov_iter: massage calling conventions for first_{iovec,bvec}_segment() Al Viro
2022-06-28 12:06 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 33/44] found_iovec_segment(): just return address Al Viro
2022-06-28 12:09 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 34/44] fold __pipe_get_pages() into pipe_get_pages() Al Viro
2022-06-28 12:11 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 35/44] iov_iter: saner helper for page array allocation Al Viro
2022-06-28 12:12 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 36/44] iov_iter: advancing variants of iov_iter_get_pages{,_alloc}() Al Viro
2022-06-28 12:13 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 37/44] block: convert to " Al Viro
2022-06-28 12:16 ` Jeff Layton
2022-06-30 22:11 ` [block.git conflicts] " Al Viro
2022-06-30 22:39 ` Al Viro
2022-07-01 2:07 ` Keith Busch
2022-07-01 17:40 ` Al Viro
2022-07-01 17:53 ` Keith Busch
2022-07-01 18:07 ` Al Viro
2022-07-01 18:12 ` Al Viro [this message]
2022-07-01 18:38 ` Keith Busch
2022-07-01 19:08 ` Al Viro
2022-07-01 19:28 ` Keith Busch
2022-07-01 19:43 ` Al Viro
2022-07-01 19:56 ` Keith Busch
2022-07-02 5:35 ` Al Viro
2022-07-02 21:02 ` Keith Busch
2022-07-01 19:05 ` Keith Busch
2022-07-01 21:30 ` Jens Axboe
2022-06-30 23:07 ` Jens Axboe
2022-07-10 18:04 ` Sedat Dilek
2022-06-22 4:15 ` [PATCH 38/44] iter_to_pipe(): switch to advancing variant of iov_iter_get_pages() Al Viro
2022-06-28 12:18 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 39/44] af_alg_make_sg(): " Al Viro
2022-06-28 12:18 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 40/44] 9p: convert to advancing variant of iov_iter_get_pages_alloc() Al Viro
2022-07-01 9:01 ` Dominique Martinet
2022-07-01 13:47 ` Christian Schoenebeck
2022-07-06 22:06 ` Christian Schoenebeck
2022-06-22 4:15 ` [PATCH 41/44] ceph: switch the last caller " Al Viro
2022-06-28 12:20 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 42/44] get rid of non-advancing variants Al Viro
2022-06-28 12:21 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 43/44] pipe_get_pages(): switch to append_pipe() Al Viro
2022-06-28 12:23 ` Jeff Layton
2022-06-22 4:15 ` [PATCH 44/44] expand those iov_iter_advance() Al Viro
2022-06-28 12:23 ` Jeff Layton
2022-07-01 6:21 ` [PATCH 01/44] 9p: handling Rerror without copy_from_iter_full() Dominique Martinet
2022-07-01 6:25 ` Dominique Martinet
2022-07-01 16:02 ` Christian Schoenebeck
2022-07-01 21:00 ` Dominique Martinet
2022-07-03 13:30 ` Christian Schoenebeck
2022-08-01 12:42 ` [PATCH 09/44] new iov_iter flavour - ITER_UBUF David Howells
2022-08-01 21:14 ` Al Viro
2022-08-01 22:54 ` David Howells
2022-06-23 15:21 ` [RFC][CFT][PATCHSET] iov_iter stuff David Howells
2022-06-23 20:32 ` Al Viro
2022-06-28 12:25 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yr85AaNqNAEr+5ve@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=asmadeus@codewreck.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).