Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-24 Thread Vitaly Mayatskikh
On Sun, 24 Sep 2017 10:27:39 -0400, Al Viro wrote: > BTW, there's something fishy in bio_copy_user_iov(). If the area we'd asked > for > had been too large for a single bio, we are going to create a bio and have > bio_add_pc_page() eventually fill it up to limit. Then we return into >

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-24 Thread Vitaly Mayatskikh
On Sun, 24 Sep 2017 10:27:39 -0400, Al Viro wrote: > BTW, there's something fishy in bio_copy_user_iov(). If the area we'd asked > for > had been too large for a single bio, we are going to create a bio and have > bio_add_pc_page() eventually fill it up to limit. Then we return into >

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-24 Thread Al Viro
On Sun, Sep 24, 2017 at 03:27:39PM +0100, Al Viro wrote: > At the very least, we need bmd->iter = *iter; bmd->iter.iov = bmd->iov; > instead of that iov_iter_init() in there. I'm not sure how far back does > it go; looks like "block: support large requests in blk_rq_map_user_iov" > is the

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-24 Thread Al Viro
On Sun, Sep 24, 2017 at 03:27:39PM +0100, Al Viro wrote: > At the very least, we need bmd->iter = *iter; bmd->iter.iov = bmd->iov; > instead of that iov_iter_init() in there. I'm not sure how far back does > it go; looks like "block: support large requests in blk_rq_map_user_iov" > is the

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-24 Thread Al Viro
On Sat, Sep 23, 2017 at 09:33:23PM +0100, Al Viro wrote: > On Sat, Sep 23, 2017 at 06:19:26PM +0100, Al Viro wrote: > > On Sat, Sep 23, 2017 at 05:55:37PM +0100, Al Viro wrote: > > > > > IOW, the loop on failure exit should go through the bio, like > > > __bio_unmap_user() > > > does. We *also*

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-24 Thread Al Viro
On Sat, Sep 23, 2017 at 09:33:23PM +0100, Al Viro wrote: > On Sat, Sep 23, 2017 at 06:19:26PM +0100, Al Viro wrote: > > On Sat, Sep 23, 2017 at 05:55:37PM +0100, Al Viro wrote: > > > > > IOW, the loop on failure exit should go through the bio, like > > > __bio_unmap_user() > > > does. We *also*

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Sat, Sep 23, 2017 at 06:19:26PM +0100, Al Viro wrote: > On Sat, Sep 23, 2017 at 05:55:37PM +0100, Al Viro wrote: > > > IOW, the loop on failure exit should go through the bio, like > > __bio_unmap_user() > > does. We *also* need to put everything left unused in pages[], but only > > from

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Sat, Sep 23, 2017 at 06:19:26PM +0100, Al Viro wrote: > On Sat, Sep 23, 2017 at 05:55:37PM +0100, Al Viro wrote: > > > IOW, the loop on failure exit should go through the bio, like > > __bio_unmap_user() > > does. We *also* need to put everything left unused in pages[], but only > > from

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Sat, Sep 23, 2017 at 05:55:37PM +0100, Al Viro wrote: > IOW, the loop on failure exit should go through the bio, like > __bio_unmap_user() > does. We *also* need to put everything left unused in pages[], but only from > the > last iteration through iov_for_each(). > > Frankly, I would

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Sat, Sep 23, 2017 at 05:55:37PM +0100, Al Viro wrote: > IOW, the loop on failure exit should go through the bio, like > __bio_unmap_user() > does. We *also* need to put everything left unused in pages[], but only from > the > last iteration through iov_for_each(). > > Frankly, I would

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Sat, Sep 23, 2017 at 05:39:28PM +0100, Al Viro wrote: > On Fri, Sep 22, 2017 at 01:18:39AM -0400, Vitaly Mayatskikh wrote: > > bio_map_user_iov and bio_unmap_user do unbalanced pages refcounting if > > IO vector has small consecutive buffers belonging to the same page. > > bio_add_pc_page

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Sat, Sep 23, 2017 at 05:39:28PM +0100, Al Viro wrote: > On Fri, Sep 22, 2017 at 01:18:39AM -0400, Vitaly Mayatskikh wrote: > > bio_map_user_iov and bio_unmap_user do unbalanced pages refcounting if > > IO vector has small consecutive buffers belonging to the same page. > > bio_add_pc_page

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Fri, Sep 22, 2017 at 01:18:39AM -0400, Vitaly Mayatskikh wrote: > bio_map_user_iov and bio_unmap_user do unbalanced pages refcounting if > IO vector has small consecutive buffers belonging to the same page. > bio_add_pc_page merges them into one, but the page reference is never > dropped. > >

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-23 Thread Al Viro
On Fri, Sep 22, 2017 at 01:18:39AM -0400, Vitaly Mayatskikh wrote: > bio_map_user_iov and bio_unmap_user do unbalanced pages refcounting if > IO vector has small consecutive buffers belonging to the same page. > bio_add_pc_page merges them into one, but the page reference is never > dropped. > >

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-21 Thread Vitaly Mayatskikh
Reproducer (needs SCSI disk): #include #include #include #include #include #include #include #include #include #define NR_IOS 1 #define NR_IOVECS 8 #define SG_IO 0x2285 int main(int argc, char *argv[]) { int fd, i, j; unsigned char *buf, *ptr, cdb[10];

Re: [PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-21 Thread Vitaly Mayatskikh
Reproducer (needs SCSI disk): #include #include #include #include #include #include #include #include #include #define NR_IOS 1 #define NR_IOVECS 8 #define SG_IO 0x2285 int main(int argc, char *argv[]) { int fd, i, j; unsigned char *buf, *ptr, cdb[10];

[PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-21 Thread Vitaly Mayatskikh
bio_map_user_iov and bio_unmap_user do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page merges them into one, but the page reference is never dropped. Signed-off-by: Vitaly Mayatskikh diff --git

[PATCH] fix unbalanced page refcounting in bio_map_user_iov

2017-09-21 Thread Vitaly Mayatskikh
bio_map_user_iov and bio_unmap_user do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page merges them into one, but the page reference is never dropped. Signed-off-by: Vitaly Mayatskikh diff --git a/block/bio.c b/block/bio.c index