From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Andrea Arcangeli <aarcange@redhat.com>,
"Theodore Tso" <tytso@mit.edu>,
Greg KH <gregkh@linuxfoundation.org>
Subject: [PATCH 65/91] ext4: avoid hangs in ext4_da_should_update_i_disksize()
Date: Sun, 05 Feb 2012 23:10:54 +0100 [thread overview]
Message-ID: <20120205220952.228676505@pcw.home.local> (raw)
In-Reply-To: <0635750f5f06ed2ca212b91fcb5c4483@local>
2.6.27-longterm review patch. If anyone has any objections, please let us know.
------------------
commit ea51d132dbf9b00063169c1159bee253d9649224 upstream.
If the pte mapping in generic_perform_write() is unmapped between
iov_iter_fault_in_readable() and iov_iter_copy_from_user_atomic(), the
"copied" parameter to ->end_write can be zero. ext4 couldn't cope with
it with delayed allocations enabled. This skips the i_disksize
enlargement logic if copied is zero and no new data was appeneded to
the inode.
gdb> bt
#0 0xffffffff811afe80 in ext4_da_should_update_i_disksize (file=0xffff88003f606a80, mapping=0xffff88001d3824e0, pos=0x1\
08000, len=0x1000, copied=0x0, page=0xffffea0000d792e8, fsdata=0x0) at fs/ext4/inode.c:2467
#1 ext4_da_write_end (file=0xffff88003f606a80, mapping=0xffff88001d3824e0, pos=0x108000, len=0x1000, copied=0x0, page=0\
xffffea0000d792e8, fsdata=0x0) at fs/ext4/inode.c:2512
#2 0xffffffff810d97f1 in generic_perform_write (iocb=<value optimized out>, iov=<value optimized out>, nr_segs=<value o\
ptimized out>, pos=0x108000, ppos=0xffff88001e26be40, count=<value optimized out>, written=0x0) at mm/filemap.c:2440
#3 generic_file_buffered_write (iocb=<value optimized out>, iov=<value optimized out>, nr_segs=<value optimized out>, p\
os=0x108000, ppos=0xffff88001e26be40, count=<value optimized out>, written=0x0) at mm/filemap.c:2482
#4 0xffffffff810db5d1 in __generic_file_aio_write (iocb=0xffff88001e26bde8, iov=0xffff88001e26bec8, nr_segs=0x1, ppos=0\
xffff88001e26be40) at mm/filemap.c:2600
#5 0xffffffff810db853 in generic_file_aio_write (iocb=0xffff88001e26bde8, iov=0xffff88001e26bec8, nr_segs=<value optimi\
zed out>, pos=<value optimized out>) at mm/filemap.c:2632
#6 0xffffffff811a71aa in ext4_file_write (iocb=0xffff88001e26bde8, iov=0xffff88001e26bec8, nr_segs=0x1, pos=0x108000) a\
t fs/ext4/file.c:136
#7 0xffffffff811375aa in do_sync_write (filp=0xffff88003f606a80, buf=<value optimized out>, len=<value optimized out>, \
ppos=0xffff88001e26bf48) at fs/read_write.c:406
#8 0xffffffff81137e56 in vfs_write (file=0xffff88003f606a80, buf=0x1ec2960 <Address 0x1ec2960 out of bounds>, count=0x4\
000, pos=0xffff88001e26bf48) at fs/read_write.c:435
#9 0xffffffff8113816c in sys_write (fd=<value optimized out>, buf=0x1ec2960 <Address 0x1ec2960 out of bounds>, count=0x\
4000) at fs/read_write.c:487
#10 <signal handler called>
#11 0x00007f120077a390 in __brk_reservation_fn_dmi_alloc__ ()
#12 0x0000000000000000 in ?? ()
gdb> print offset
$22 = 0xffffffffffffffff
gdb> print idx
$23 = 0xffffffff
gdb> print inode->i_blkbits
$24 = 0xc
gdb> up
#1 ext4_da_write_end (file=0xffff88003f606a80, mapping=0xffff88001d3824e0, pos=0x108000, len=0x1000, copied=0x0, page=0\
xffffea0000d792e8, fsdata=0x0) at fs/ext4/inode.c:2512
2512 if (ext4_da_should_update_i_disksize(page, end)) {
gdb> print start
$25 = 0x0
gdb> print end
$26 = 0xffffffffffffffff
gdb> print pos
$27 = 0x108000
gdb> print new_i_size
$28 = 0x108000
gdb> print ((struct ext4_inode_info *)((char *)inode-((int)(&((struct ext4_inode_info *)0)->vfs_inode))))->i_disksize
$29 = 0xd9000
gdb> down
2467 for (i = 0; i < idx; i++)
gdb> print i
$30 = 0xd44acbee
This is 100% reproducible with some autonuma development code tuned in
a very aggressive manner (not normal way even for knumad) which does
"exotic" changes to the ptes. It wouldn't normally trigger but I don't
see why it can't happen normally if the page is added to swap cache in
between the two faults leading to "copied" being zero (which then
hangs in ext4). So it should be fixed. Especially possible with lumpy
reclaim (albeit disabled if compaction is enabled) as that would
ignore the young bits in the ptes.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/ext4/inode.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Index: longterm-2.6.27/fs/ext4/inode.c
===================================================================
--- longterm-2.6.27.orig/fs/ext4/inode.c 2012-02-05 22:34:33.021914803 +0100
+++ longterm-2.6.27/fs/ext4/inode.c 2012-02-05 22:34:44.128916205 +0100
@@ -2816,7 +2816,7 @@
*/
new_i_size = pos + copied;
- if (new_i_size > EXT4_I(inode)->i_disksize) {
+ if (copied && new_i_size > EXT4_I(inode)->i_disksize) {
if (ext4_da_should_update_i_disksize(page, end)) {
down_write(&EXT4_I(inode)->i_data_sem);
if (new_i_size > EXT4_I(inode)->i_disksize) {
next prev parent reply other threads:[~2012-02-05 22:34 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0635750f5f06ed2ca212b91fcb5c4483@local>
2012-02-05 22:09 ` [PATCH 00/91] 2.6.27.60-longterm review Willy Tarreau
2012-02-05 22:09 ` [PATCH 01/91] UBIFS: fix master node recovery Willy Tarreau
2012-02-05 22:09 ` [PATCH 02/91] slub: fix panic with DISCONTIGMEM Willy Tarreau
2012-02-06 21:58 ` David Rientjes
2012-02-07 6:13 ` Willy Tarreau
2012-02-05 22:09 ` [PATCH 03/91] set memory ranges in N_NORMAL_MEMORY when onlined Willy Tarreau
2012-02-05 22:09 ` [PATCH 04/91] agp: fix arbitrary kernel memory writes Willy Tarreau
2012-02-05 22:09 ` [PATCH 05/91] agp: fix OOM and buffer overflow Willy Tarreau
2012-02-05 22:09 ` [PATCH 06/91] put stricter guards on queue dead checks Willy Tarreau
2012-02-05 22:09 ` [PATCH 07/91] mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot() Willy Tarreau
2012-02-05 22:09 ` [PATCH 08/91] mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish Willy Tarreau
2012-02-05 22:09 ` [PATCH 09/91] mmc: sdhci: Check mrq != NULL " Willy Tarreau
2012-02-05 22:09 ` [PATCH 10/91] af_unix: Only allow recv on connected seqpacket sockets Willy Tarreau
2012-02-05 22:10 ` [PATCH 11/91] ARM: 6891/1: prevent heap corruption in OABI semtimedop Willy Tarreau
2012-02-05 22:10 ` [PATCH 12/91] Open with O_CREAT flag set fails to open existing files on non writable directories Willy Tarreau
2012-02-05 22:10 ` [PATCH 13/91] fs/partitions/ldm.c: fix oops caused by corrupted partition table Willy Tarreau
2012-02-05 22:10 ` [PATCH 14/91] SUNRPC: fix NFS client over TCP hangs due to packet loss (Bug 16494) Willy Tarreau
2012-02-05 22:10 ` [PATCH 15/91] Fix corrupted OSF partition table parsing Willy Tarreau
2012-02-05 22:10 ` [PATCH 16/91] sata_via: Delay on vt6420 when starting ATAPI DMA write Willy Tarreau
2012-02-05 22:10 ` [PATCH 17/91] libata: set queue DMA alignment to sector size for ATAPI too Willy Tarreau
2012-02-05 22:10 ` [PATCH 18/91] usb: musb: core: set has_tt flag Willy Tarreau
2012-02-05 22:10 ` [PATCH 19/91] Validate size of EFI GUID partition entries Willy Tarreau
2012-02-05 22:10 ` [PATCH 20/91] libertas: fix cmdpendingq locking Willy Tarreau
2012-02-05 22:10 ` [PATCH 21/91] powerpc/oprofile: Handle events that raise an exception without overflowing Willy Tarreau
2012-02-05 22:10 ` [PATCH 22/91] ext3: Fix fs corruption when make_indexed_dir() fails Willy Tarreau
2012-02-05 22:10 ` [PATCH 23/91] Fix for buffer overflow in ldm_frag_add not sufficient Willy Tarreau
2012-02-05 22:10 ` [PATCH 24/91] seqlock: Dont smp_rmb in seqlock reader spin loop Willy Tarreau
2012-02-05 22:10 ` [PATCH 25/91] x86/amd-iommu: Fix 3 possible endless loops Willy Tarreau
2012-02-05 22:10 ` [PATCH 26/91] md: check ->hot_remove_disk when removing disk Willy Tarreau
2012-02-05 22:10 ` [PATCH 27/91] uvcvideo: Remove buffers from the queues when freeing Willy Tarreau
2012-02-05 22:10 ` [PATCH 28/91] cfq-iosched: fix locking around ioc->ioc_data assignment Willy Tarreau
2012-02-05 22:10 ` [PATCH 29/91] cfq-iosched: fix a rcu warning Willy Tarreau
2012-02-05 22:10 ` [PATCH 30/91] SUNRPC: Fix use of static variable in rpcb_getport_async Willy Tarreau
2012-02-05 22:10 ` [PATCH 31/91] x86: Make Dell Latitude E5420 use reboot=pci Willy Tarreau
2012-02-05 22:10 ` [PATCH 32/91] libsas: remove expander from dev list on error Willy Tarreau
2012-02-05 23:48 ` Luben Tuikov
2012-02-06 0:52 ` Wanlong Gao
2012-02-06 1:14 ` Luben Tuikov
2012-02-06 6:25 ` Willy Tarreau
2012-02-05 22:10 ` [PATCH 33/91] powerpc/kdump: Fix timeout in crash_kexec_wait_realmode Willy Tarreau
2012-02-05 22:10 ` [PATCH 34/91] ext3: Fix oops in ext3_try_to_allocate_with_rsv() Willy Tarreau
2012-02-05 22:10 ` [PATCH 35/91] svcrpc: fix list-corrupting race on nfsd shutdown Willy Tarreau
2012-02-05 22:10 ` [PATCH 36/91] powerpc/pseries/hvconsole: Fix dropped console output Willy Tarreau
2012-02-05 22:10 ` [PATCH 37/91] alpha: fix several security issues Willy Tarreau
2012-02-05 22:10 ` [PATCH 38/91] ALSA: timer - Fix Oops at closing slave timer Willy Tarreau
2012-02-05 22:10 ` [PATCH 39/91] powerpc: Fix device tree claim code Willy Tarreau
2012-02-05 22:10 ` [PATCH 40/91] powerpc: pseries: Fix kexec on machines with more than 4TB of RAM Willy Tarreau
2012-02-05 22:10 ` [PATCH 41/91] xen/smp: Warn user why they keel over - nosmp or noapic and what to use instead Willy Tarreau
2012-02-06 16:50 ` Konrad Rzeszutek Wilk
2012-02-06 18:30 ` Willy Tarreau
2012-02-05 22:10 ` [PATCH 42/91] cifs: fix possible memory corruption in CIFSFindNext Willy Tarreau
2012-02-05 22:10 ` [PATCH 43/91] TPM: Call tpm_transmit with correct size Willy Tarreau
2012-02-05 22:10 ` [PATCH 44/91] TPM: Zero buffer after copying to userspace Willy Tarreau
2012-02-05 22:10 ` [PATCH 45/91] aacraid: reset should disable MSI interrupt Willy Tarreau
2012-02-05 22:10 ` [PATCH 46/91] libsas: fix panic when single phy is disabled on a wide port Willy Tarreau
2012-02-05 22:10 ` [PATCH 47/91] KVM: s390: check cpu_id prior to using it Willy Tarreau
2012-02-05 22:10 ` [PATCH 48/91] carminefb: Fix module parameters permissions Willy Tarreau
2012-02-05 22:10 ` [PATCH 49/91] um: fix ubd cow size Willy Tarreau
2012-02-05 22:10 ` [PATCH 50/91] NLM: Dont hang forever on NLM unlock requests Willy Tarreau
2012-02-05 22:10 ` [PATCH 51/91] Bluetooth: Prevent buffer overflow in l2cap config request Willy Tarreau
2012-02-05 22:10 ` [PATCH 52/91] net_sched: Fix qdisc_notify() Willy Tarreau
2012-02-05 22:10 ` [PATCH 53/91] ext4: fix BUG_ON() in ext4_ext_insert_extent() Willy Tarreau
2012-02-05 22:10 ` [PATCH 54/91] drivers/net/rionet.c: fix ethernet address macros for LE platforms Willy Tarreau
2012-02-05 22:10 ` [PATCH 55/91] Make scsi_free_queue() kill pending SCSI commands Willy Tarreau
2012-02-06 7:28 ` Bart Van Assche
2012-02-06 7:37 ` Willy Tarreau
2012-02-05 22:10 ` [PATCH 56/91] hfs: add sanity check for file name length Willy Tarreau
2012-02-05 22:10 ` [PATCH 57/91] USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c Willy Tarreau
2012-02-05 22:10 ` [PATCH 58/91] oprofile, x86: Fix crash when unloading module (nmi timer mode) Willy Tarreau
2012-02-05 22:10 ` [PATCH 59/91] jbd/jbd2: validate sb->s_first in journal_get_superblock() Willy Tarreau
2012-02-05 22:10 ` [PATCH 60/91] Make TASKSTATS require root access Willy Tarreau
2012-02-05 22:10 ` [PATCH 61/91] hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops Willy Tarreau
2012-02-05 22:10 ` [PATCH 62/91] [PATCH] x86, mm: Add __get_user_pages_fast() Willy Tarreau
2012-02-05 22:10 ` [PATCH 63/91] export __get_user_pages_fast() function Willy Tarreau
2012-02-05 22:10 ` [PATCH 64/91] oprofile, x86: Fix nmi-unsafe callgraph support Willy Tarreau
2012-02-05 22:10 ` Willy Tarreau [this message]
2012-02-05 22:10 ` [PATCH 66/91] offb: Fix setting of the pseudo-palette for >8bpp Willy Tarreau
2012-02-05 22:10 ` [PATCH 67/91] offb: Fix bug in calculating requested vram size Willy Tarreau
2012-02-05 22:10 ` [PATCH 68/91] usb: usb-storage doesnt support dynamic id currently, the patch disables the feature to fix an oops Willy Tarreau
2012-02-05 22:10 ` [PATCH 69/91] SCSI: scsi_dh: check queuedata pointer before proceeding further Willy Tarreau
2012-02-05 22:10 ` [PATCH 70/91] ALSA: ice1724 - Check for ac97 to avoid kernel oops Willy Tarreau
2012-02-05 22:11 ` [PATCH 71/91] UBI: fix nameless volumes handling Willy Tarreau
2012-02-05 22:11 ` [PATCH 72/91] svcrpc: fix double-free on shutdown of nfsd after changing pool mode Willy Tarreau
2012-02-05 22:11 ` [PATCH 73/91] nfsd: Fix oops when parsing a 0 length export Willy Tarreau
2012-02-05 22:11 ` [PATCH 74/91] sym53c8xx: Fix NULL pointer dereference in slave_destroy Willy Tarreau
2012-02-05 22:11 ` [PATCH 75/91] [PATCH] bonding: correctly process non-linear skbs Willy Tarreau
2012-02-05 22:11 ` [PATCH 76/91] bonding: Ensure that we unshare skbs prior to calling pskb_may_pull Willy Tarreau
2012-02-05 22:11 ` [PATCH 77/91] block: add proper state guards to __elv_next_request Willy Tarreau
2012-02-05 22:11 ` [PATCH 78/91] x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address limit Willy Tarreau
2012-02-05 22:11 ` [PATCH 79/91] SCSI: scsi_lib: fix potential NULL dereference Willy Tarreau
2012-02-05 22:11 ` [PATCH 80/91] MAINTAINERS: stable: Update address Willy Tarreau
2012-02-05 22:11 ` [PATCH 81/91] af_packet: prevent information leak Willy Tarreau
2012-02-05 22:11 ` [PATCH 82/91] Fix time() inconsistencies caused by intermediate xtime_cache values being read Willy Tarreau
2012-02-05 22:11 ` [PATCH 83/91] net/ipv4: Check for mistakenly passed in non-IPv4 address Willy Tarreau
2012-02-05 22:11 ` [PATCH 84/91] x86: Fix mmap random address range Willy Tarreau
2012-02-05 22:11 ` [PATCH 85/91] i8k: Tell gcc that *regs gets clobbered Willy Tarreau
2012-02-05 22:11 ` [PATCH 86/91] Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again) Willy Tarreau
2012-02-05 22:11 ` [PATCH 87/91] kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0 Willy Tarreau
2012-02-05 22:11 ` [PATCH 88/91] kbuild: Fix passing -Wno-* options to gcc 4.4+ Willy Tarreau
2012-02-05 22:11 ` [PATCH 89/91] i8k: Avoid lahf in 64-bit code Willy Tarreau
2012-02-05 22:11 ` [PATCH 90/91] block: fail SCSI passthrough ioctls on partition devices Willy Tarreau
2012-02-05 22:44 ` Paolo Bonzini
2012-02-05 22:53 ` Willy Tarreau
2012-02-07 10:03 ` Paolo Bonzini
2012-02-07 10:21 ` Willy Tarreau
2012-02-05 22:11 ` [PATCH 91/91] dm: do not forward ioctls from logical volumes to the underlying device Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120205220952.228676505@pcw.home.local \
--to=w@1wt.eu \
--cc=aarcange@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).