From: Trond Myklebust <trond.myklebust@primarydata.com>
To: stable@vger.kernel.org
Cc: Weston Andros Adamson <dros@primarydata.com>, linux-nfs@vger.kernel.org
Subject: [PATCH 13/14] nfs: disallow duplicate pages in pgio page vectors
Date: Mon, 15 Sep 2014 14:14:44 -0400 [thread overview]
Message-ID: <1410804885-17228-14-git-send-email-trond.myklebust@primarydata.com> (raw)
In-Reply-To: <1410804885-17228-13-git-send-email-trond.myklebust@primarydata.com>
From: Weston Andros Adamson <dros@primarydata.com>
commit bba5c1887a925a9945d22217d38d58d8b3ba1043 upstream.
Adjacent requests that share the same page are allowed, but should only
use one entry in the page vector. This avoids overruning the page
vector - it is sized based on how many bytes there are, not by
request count.
This fixes issues that manifest as "Redzone overwritten" bugs (the
vector overrun) and hangs waiting on page read / write, as it waits on
the same page more than once.
This also adds bounds checking to the page vector with a graceful failure
(WARN_ON_ONCE and pgio error returned to application).
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
---
fs/nfs/pagelist.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
index f56b6351b660..91e84b3ad63e 100644
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -734,10 +734,11 @@ int nfs_generic_pgio(struct nfs_pageio_descriptor *desc,
struct nfs_pgio_header *hdr)
{
struct nfs_page *req;
- struct page **pages;
+ struct page **pages,
+ *last_page;
struct list_head *head = &desc->pg_list;
struct nfs_commit_info cinfo;
- unsigned int pagecount;
+ unsigned int pagecount, pageused;
pagecount = nfs_page_array_len(desc->pg_base, desc->pg_count);
if (!nfs_pgarray_set(&hdr->page_array, pagecount))
@@ -745,12 +746,23 @@ int nfs_generic_pgio(struct nfs_pageio_descriptor *desc,
nfs_init_cinfo(&cinfo, desc->pg_inode, desc->pg_dreq);
pages = hdr->page_array.pagevec;
+ last_page = NULL;
+ pageused = 0;
while (!list_empty(head)) {
req = nfs_list_entry(head->next);
nfs_list_remove_request(req);
nfs_list_add_request(req, &hdr->pages);
- *pages++ = req->wb_page;
+
+ if (WARN_ON_ONCE(pageused >= pagecount))
+ return nfs_pgio_error(desc, hdr);
+
+ if (!last_page || last_page != req->wb_page) {
+ *pages++ = last_page = req->wb_page;
+ pageused++;
+ }
}
+ if (WARN_ON_ONCE(pageused != pagecount))
+ return nfs_pgio_error(desc, hdr);
if ((desc->pg_ioflags & FLUSH_COND_STABLE) &&
(desc->pg_moreio || nfs_reqs_to_commit(&cinfo)))
--
1.9.3
next prev parent reply other threads:[~2014-09-15 18:15 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-15 18:14 [PATCH 00/14] Stable fixes for NFS client read/write code in 3.16.x Trond Myklebust
2014-09-15 18:14 ` [PATCH 01/14] nfs: move nfs_pgio_data and remove nfs_rw_header Trond Myklebust
2014-09-15 18:14 ` [PATCH 02/14] nfs: rename members of nfs_pgio_data Trond Myklebust
2014-09-15 18:14 ` [PATCH 03/14] nfs: merge nfs_pgio_data into _header Trond Myklebust
2014-09-15 18:14 ` [PATCH 04/14] nfs: remove pgio_header refcount, related cleanup Trond Myklebust
2014-09-15 18:14 ` [PATCH 05/14] nfs: check wait_on_bit_lock err in page_group_lock Trond Myklebust
2014-09-15 18:14 ` [PATCH 06/14] pnfs: add pnfs_put_lseg_async Trond Myklebust
2014-09-15 18:14 ` [PATCH 07/14] nfs: clear_request_commit while holding i_lock Trond Myklebust
2014-09-15 18:14 ` [PATCH 08/14] nfs: change nfs_page_group_lock argument Trond Myklebust
2014-09-15 18:14 ` [PATCH 09/14] nfs: fix nonblocking calls to nfs_page_group_lock Trond Myklebust
2014-09-15 18:14 ` [PATCH 10/14] nfs: use blocking page_group_lock in add_request Trond Myklebust
2014-09-15 18:14 ` [PATCH 11/14] nfs: fix error handling in lock_and_join_requests Trond Myklebust
2014-09-15 18:14 ` [PATCH 12/14] nfs: don't sleep with inode lock " Trond Myklebust
2014-09-15 18:14 ` Trond Myklebust [this message]
2014-09-15 18:14 ` [PATCH 14/14] nfs: can_coalesce_requests must enforce contiguity Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1410804885-17228-14-git-send-email-trond.myklebust@primarydata.com \
--to=trond.myklebust@primarydata.com \
--cc=dros@primarydata.com \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.