subject:"Re\: \[dm\-devel\] \[PATCH v3 01\/26\] block\: Fix a buffer overrun in bio_integrity

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Martin K. Petersen

> "Kent" == Kent Overstreet  writes:

>> > + *bp->bip1.bip_vec = bip->bip_vec[0];
>> > + *bp->bip2.bip_vec = bip->bip_vec[0];
>> 
>> I think this is horrible.

Yep.


>> Why not introduce bvec pointer in bip (like bio), to cover the case
>> when bvec are not inline.

Kent> That's... exactly what the next patch in the series does.

I'm perfectly ok with a patch that introduces the pointer and fixes the
bio_pair case. As long as that's all it does.

-- 
Martin K. Petersen  Oracle Linux Engineering
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Kent Overstreet

On Tue, Oct 02, 2012 at 05:58:45PM -0400, Vivek Goyal wrote:
> On Tue, Oct 02, 2012 at 02:01:43PM -0700, Kent Overstreet wrote:
> > I'm honestly not sure what your complaint about my bugfix patch was -
> > it's small and complete, it does fix the bug. I don't follow why you
> > think we need to introduce the bip->bio_vec pointer early...
> 
> I think having iv1 and iv2 and then not even accessing these using 
> bp->iv1 and bp->iv2 is a bad idea even for bugfix.
> 
> I have never seen a code which says, hey I have defined two fields in a
> struct but, don't access those fields directly(as there might be padding
> issues). These fields are just there for blocking a chunk of memory but are
> never meant to be accessed directly. I think, that's what my issue is. It
> is bad programming (does not matter whether it is bug fix or not).
> 
> For your series it probably is still fine as you will overide it pretty
> soon but what about stable. Anybody looking at that code might want
> to say, hey why not directly initialize bp->iv1 instead of trying to
> do *bp->bip1.bip_vec. And everybody will say, yes looks fine and boom
> a bug is introduced because we did bad programming.

Ok. It's definitely a bit weird and unusual, and if I wasn't getting rid
of it in the next patch it would definitely merit a comment.

For stable... wtf would they be making that kind of change for, and
without reading the relevant code?

Eh, maybe I will stick in that comment and take it out in the next
patch.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Vivek Goyal

On Tue, Oct 02, 2012 at 02:01:43PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 04:32:53PM -0400, Vivek Goyal wrote:
> > On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
> > > On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> > > > On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> > > > 
> > > > [..]
> > > > > Here's the new patch:
> > > > > 
> > > > > 
> > > > > commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> > > > > Author: Kent Overstreet 
> > > > > Date:   Mon Oct 1 14:41:08 2012 -0700
> > > > > 
> > > > > block: Fix a buffer overrun in bio_integrity_split()
> > > > > 
> > > > > bio_integrity_split() seemed to be confusing pointers and arrays -
> > > > > bip_vec in bio_integrity_payload is an array appended to the end 
> > > > > of the
> > > > > payload, so the bio_vecs in struct bio_pair need to come 
> > > > > immediately
> > > > > after the bio_integrity_payload they're for, and there was an 
> > > > > assignment
> > > > > in bio_integrity_split() that didn't make any sense.
> > > > > 
> > > > > Also, changed bio_integrity_split() to not refer to the bvecs 
> > > > > embedded
> > > > > in struct bio_pair, in case there's padding between them and
> > > > > bip->bip_vec.
> > > > > 
> > > > > Signed-off-by: Kent Overstreet 
> > > > > CC: Jens Axboe 
> > > > > CC: Martin K. Petersen 
> > > > > 
> > > > > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > > > > index a3f28f3..4ae22a8 100644
> > > > > --- a/fs/bio-integrity.c
> > > > > +++ b/fs/bio-integrity.c
> > > > > @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, 
> > > > > struct bio_pair *bp, int sectors)
> > > > >   bp->bio1.bi_integrity = >bip1;
> > > > >   bp->bio2.bi_integrity = >bip2;
> > > > >  
> > > > > - bp->iv1 = bip->bip_vec[0];
> > > > > - bp->iv2 = bip->bip_vec[0];
> > > > > + *bp->bip1.bip_vec = bip->bip_vec[0];
> > > > > + *bp->bip2.bip_vec = bip->bip_vec[0];
> > > > 
> > > > I think this is horrible. Why not introduce bvec pointer in bip (like 
> > > > bio),
> > > > to cover the case when bvec are not inline.
> > > 
> > > That's... exactly what the next patch in the series does.
> > 
> > Yes, but if you want to push some of the these bug fixes in stable (as 
> > martin
> > had said), we need to introduce that bip->bio_vec pointer early. Also that
> > next patch is doing lot other other things like getting rid of bip_slabs
> > and we don't require all that to fix this particular bug.
> > 
> > In fact I would say that it is beter to fix this blk integrity bug in a
> > separate patchset so that it can be pushed out earlier.
> 
> I'm honestly not sure what your complaint about my bugfix patch was -
> it's small and complete, it does fix the bug. I don't follow why you
> think we need to introduce the bip->bio_vec pointer early...

I think having iv1 and iv2 and then not even accessing these using 
bp->iv1 and bp->iv2 is a bad idea even for bugfix.

I have never seen a code which says, hey I have defined two fields in a
struct but, don't access those fields directly(as there might be padding
issues). These fields are just there for blocking a chunk of memory but are
never meant to be accessed directly. I think, that's what my issue is. It
is bad programming (does not matter whether it is bug fix or not).

For your series it probably is still fine as you will overide it pretty
soon but what about stable. Anybody looking at that code might want
to say, hey why not directly initialize bp->iv1 instead of trying to
do *bp->bip1.bip_vec. And everybody will say, yes looks fine and boom
a bug is introduced because we did bad programming.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Kent Overstreet

On Tue, Oct 02, 2012 at 04:32:53PM -0400, Vivek Goyal wrote:
> On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
> > On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> > > On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> > > 
> > > [..]
> > > > Here's the new patch:
> > > > 
> > > > 
> > > > commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> > > > Author: Kent Overstreet 
> > > > Date:   Mon Oct 1 14:41:08 2012 -0700
> > > > 
> > > > block: Fix a buffer overrun in bio_integrity_split()
> > > > 
> > > > bio_integrity_split() seemed to be confusing pointers and arrays -
> > > > bip_vec in bio_integrity_payload is an array appended to the end of 
> > > > the
> > > > payload, so the bio_vecs in struct bio_pair need to come immediately
> > > > after the bio_integrity_payload they're for, and there was an 
> > > > assignment
> > > > in bio_integrity_split() that didn't make any sense.
> > > > 
> > > > Also, changed bio_integrity_split() to not refer to the bvecs 
> > > > embedded
> > > > in struct bio_pair, in case there's padding between them and
> > > > bip->bip_vec.
> > > > 
> > > > Signed-off-by: Kent Overstreet 
> > > > CC: Jens Axboe 
> > > > CC: Martin K. Petersen 
> > > > 
> > > > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > > > index a3f28f3..4ae22a8 100644
> > > > --- a/fs/bio-integrity.c
> > > > +++ b/fs/bio-integrity.c
> > > > @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
> > > > bio_pair *bp, int sectors)
> > > > bp->bio1.bi_integrity = >bip1;
> > > > bp->bio2.bi_integrity = >bip2;
> > > >  
> > > > -   bp->iv1 = bip->bip_vec[0];
> > > > -   bp->iv2 = bip->bip_vec[0];
> > > > +   *bp->bip1.bip_vec = bip->bip_vec[0];
> > > > +   *bp->bip2.bip_vec = bip->bip_vec[0];
> > > 
> > > I think this is horrible. Why not introduce bvec pointer in bip (like 
> > > bio),
> > > to cover the case when bvec are not inline.
> > 
> > That's... exactly what the next patch in the series does.
> 
> Yes, but if you want to push some of the these bug fixes in stable (as martin
> had said), we need to introduce that bip->bio_vec pointer early. Also that
> next patch is doing lot other other things like getting rid of bip_slabs
> and we don't require all that to fix this particular bug.
> 
> In fact I would say that it is beter to fix this blk integrity bug in a
> separate patchset so that it can be pushed out earlier.

I'm honestly not sure what your complaint about my bugfix patch was -
it's small and complete, it does fix the bug. I don't follow why you
think we need to introduce the bip->bio_vec pointer early...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Vivek Goyal

On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> > On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> > 
> > [..]
> > > Here's the new patch:
> > > 
> > > 
> > > commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> > > Author: Kent Overstreet 
> > > Date:   Mon Oct 1 14:41:08 2012 -0700
> > > 
> > > block: Fix a buffer overrun in bio_integrity_split()
> > > 
> > > bio_integrity_split() seemed to be confusing pointers and arrays -
> > > bip_vec in bio_integrity_payload is an array appended to the end of 
> > > the
> > > payload, so the bio_vecs in struct bio_pair need to come immediately
> > > after the bio_integrity_payload they're for, and there was an 
> > > assignment
> > > in bio_integrity_split() that didn't make any sense.
> > > 
> > > Also, changed bio_integrity_split() to not refer to the bvecs embedded
> > > in struct bio_pair, in case there's padding between them and
> > > bip->bip_vec.
> > > 
> > > Signed-off-by: Kent Overstreet 
> > > CC: Jens Axboe 
> > > CC: Martin K. Petersen 
> > > 
> > > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > > index a3f28f3..4ae22a8 100644
> > > --- a/fs/bio-integrity.c
> > > +++ b/fs/bio-integrity.c
> > > @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
> > > bio_pair *bp, int sectors)
> > >   bp->bio1.bi_integrity = >bip1;
> > >   bp->bio2.bi_integrity = >bip2;
> > >  
> > > - bp->iv1 = bip->bip_vec[0];
> > > - bp->iv2 = bip->bip_vec[0];
> > > + *bp->bip1.bip_vec = bip->bip_vec[0];
> > > + *bp->bip2.bip_vec = bip->bip_vec[0];
> > 
> > I think this is horrible. Why not introduce bvec pointer in bip (like bio),
> > to cover the case when bvec are not inline.
> 
> That's... exactly what the next patch in the series does.

Yes, but if you want to push some of the these bug fixes in stable (as martin
had said), we need to introduce that bip->bio_vec pointer early. Also that
next patch is doing lot other other things like getting rid of bip_slabs
and we don't require all that to fix this particular bug.

In fact I would say that it is beter to fix this blk integrity bug in a
separate patchset so that it can be pushed out earlier.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Kent Overstreet

On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> 
> [..]
> > Here's the new patch:
> > 
> > 
> > commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> > Author: Kent Overstreet 
> > Date:   Mon Oct 1 14:41:08 2012 -0700
> > 
> > block: Fix a buffer overrun in bio_integrity_split()
> > 
> > bio_integrity_split() seemed to be confusing pointers and arrays -
> > bip_vec in bio_integrity_payload is an array appended to the end of the
> > payload, so the bio_vecs in struct bio_pair need to come immediately
> > after the bio_integrity_payload they're for, and there was an assignment
> > in bio_integrity_split() that didn't make any sense.
> > 
> > Also, changed bio_integrity_split() to not refer to the bvecs embedded
> > in struct bio_pair, in case there's padding between them and
> > bip->bip_vec.
> > 
> > Signed-off-by: Kent Overstreet 
> > CC: Jens Axboe 
> > CC: Martin K. Petersen 
> > 
> > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > index a3f28f3..4ae22a8 100644
> > --- a/fs/bio-integrity.c
> > +++ b/fs/bio-integrity.c
> > @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
> > bio_pair *bp, int sectors)
> > bp->bio1.bi_integrity = >bip1;
> > bp->bio2.bi_integrity = >bip2;
> >  
> > -   bp->iv1 = bip->bip_vec[0];
> > -   bp->iv2 = bip->bip_vec[0];
> > +   *bp->bip1.bip_vec = bip->bip_vec[0];
> > +   *bp->bip2.bip_vec = bip->bip_vec[0];
> 
> I think this is horrible. Why not introduce bvec pointer in bip (like bio),
> to cover the case when bvec are not inline.

That's... exactly what the next patch in the series does.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Vivek Goyal

On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:

[..]
> Here's the new patch:
> 
> 
> commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> Author: Kent Overstreet 
> Date:   Mon Oct 1 14:41:08 2012 -0700
> 
> block: Fix a buffer overrun in bio_integrity_split()
> 
> bio_integrity_split() seemed to be confusing pointers and arrays -
> bip_vec in bio_integrity_payload is an array appended to the end of the
> payload, so the bio_vecs in struct bio_pair need to come immediately
> after the bio_integrity_payload they're for, and there was an assignment
> in bio_integrity_split() that didn't make any sense.
> 
> Also, changed bio_integrity_split() to not refer to the bvecs embedded
> in struct bio_pair, in case there's padding between them and
> bip->bip_vec.
> 
> Signed-off-by: Kent Overstreet 
> CC: Jens Axboe 
> CC: Martin K. Petersen 
> 
> diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> index a3f28f3..4ae22a8 100644
> --- a/fs/bio-integrity.c
> +++ b/fs/bio-integrity.c
> @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
> bio_pair *bp, int sectors)
>   bp->bio1.bi_integrity = >bip1;
>   bp->bio2.bi_integrity = >bip2;
>  
> - bp->iv1 = bip->bip_vec[0];
> - bp->iv2 = bip->bip_vec[0];
> + *bp->bip1.bip_vec = bip->bip_vec[0];
> + *bp->bip2.bip_vec = bip->bip_vec[0];

I think this is horrible. Why not introduce bvec pointer in bip (like bio),
to cover the case when bvec are not inline.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Vivek Goyal

On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:

[..]
 Here's the new patch:
 
 
 commit e270c9ca843b5c86d59431b0d7a676b7846946d6
 Author: Kent Overstreet koverstr...@google.com
 Date:   Mon Oct 1 14:41:08 2012 -0700
 
 block: Fix a buffer overrun in bio_integrity_split()
 
 bio_integrity_split() seemed to be confusing pointers and arrays -
 bip_vec in bio_integrity_payload is an array appended to the end of the
 payload, so the bio_vecs in struct bio_pair need to come immediately
 after the bio_integrity_payload they're for, and there was an assignment
 in bio_integrity_split() that didn't make any sense.
 
 Also, changed bio_integrity_split() to not refer to the bvecs embedded
 in struct bio_pair, in case there's padding between them and
 bip-bip_vec.
 
 Signed-off-by: Kent Overstreet koverstr...@google.com
 CC: Jens Axboe ax...@kernel.dk
 CC: Martin K. Petersen martin.peter...@oracle.com
 
 diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
 index a3f28f3..4ae22a8 100644
 --- a/fs/bio-integrity.c
 +++ b/fs/bio-integrity.c
 @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
 bio_pair *bp, int sectors)
   bp-bio1.bi_integrity = bp-bip1;
   bp-bio2.bi_integrity = bp-bip2;
  
 - bp-iv1 = bip-bip_vec[0];
 - bp-iv2 = bip-bip_vec[0];
 + *bp-bip1.bip_vec = bip-bip_vec[0];
 + *bp-bip2.bip_vec = bip-bip_vec[0];

I think this is horrible. Why not introduce bvec pointer in bip (like bio),
to cover the case when bvec are not inline.

Thanks
Vivek
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Kent Overstreet

On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
 On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
 
 [..]
  Here's the new patch:
  
  
  commit e270c9ca843b5c86d59431b0d7a676b7846946d6
  Author: Kent Overstreet koverstr...@google.com
  Date:   Mon Oct 1 14:41:08 2012 -0700
  
  block: Fix a buffer overrun in bio_integrity_split()
  
  bio_integrity_split() seemed to be confusing pointers and arrays -
  bip_vec in bio_integrity_payload is an array appended to the end of the
  payload, so the bio_vecs in struct bio_pair need to come immediately
  after the bio_integrity_payload they're for, and there was an assignment
  in bio_integrity_split() that didn't make any sense.
  
  Also, changed bio_integrity_split() to not refer to the bvecs embedded
  in struct bio_pair, in case there's padding between them and
  bip-bip_vec.
  
  Signed-off-by: Kent Overstreet koverstr...@google.com
  CC: Jens Axboe ax...@kernel.dk
  CC: Martin K. Petersen martin.peter...@oracle.com
  
  diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
  index a3f28f3..4ae22a8 100644
  --- a/fs/bio-integrity.c
  +++ b/fs/bio-integrity.c
  @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
  bio_pair *bp, int sectors)
  bp-bio1.bi_integrity = bp-bip1;
  bp-bio2.bi_integrity = bp-bip2;
   
  -   bp-iv1 = bip-bip_vec[0];
  -   bp-iv2 = bip-bip_vec[0];
  +   *bp-bip1.bip_vec = bip-bip_vec[0];
  +   *bp-bip2.bip_vec = bip-bip_vec[0];
 
 I think this is horrible. Why not introduce bvec pointer in bip (like bio),
 to cover the case when bvec are not inline.

That's... exactly what the next patch in the series does.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Vivek Goyal

On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
 On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
  On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
  
  [..]
   Here's the new patch:
   
   
   commit e270c9ca843b5c86d59431b0d7a676b7846946d6
   Author: Kent Overstreet koverstr...@google.com
   Date:   Mon Oct 1 14:41:08 2012 -0700
   
   block: Fix a buffer overrun in bio_integrity_split()
   
   bio_integrity_split() seemed to be confusing pointers and arrays -
   bip_vec in bio_integrity_payload is an array appended to the end of 
   the
   payload, so the bio_vecs in struct bio_pair need to come immediately
   after the bio_integrity_payload they're for, and there was an 
   assignment
   in bio_integrity_split() that didn't make any sense.
   
   Also, changed bio_integrity_split() to not refer to the bvecs embedded
   in struct bio_pair, in case there's padding between them and
   bip-bip_vec.
   
   Signed-off-by: Kent Overstreet koverstr...@google.com
   CC: Jens Axboe ax...@kernel.dk
   CC: Martin K. Petersen martin.peter...@oracle.com
   
   diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
   index a3f28f3..4ae22a8 100644
   --- a/fs/bio-integrity.c
   +++ b/fs/bio-integrity.c
   @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
   bio_pair *bp, int sectors)
 bp-bio1.bi_integrity = bp-bip1;
 bp-bio2.bi_integrity = bp-bip2;

   - bp-iv1 = bip-bip_vec[0];
   - bp-iv2 = bip-bip_vec[0];
   + *bp-bip1.bip_vec = bip-bip_vec[0];
   + *bp-bip2.bip_vec = bip-bip_vec[0];
  
  I think this is horrible. Why not introduce bvec pointer in bip (like bio),
  to cover the case when bvec are not inline.
 
 That's... exactly what the next patch in the series does.

Yes, but if you want to push some of the these bug fixes in stable (as martin
had said), we need to introduce that bip-bio_vec pointer early. Also that
next patch is doing lot other other things like getting rid of bip_slabs
and we don't require all that to fix this particular bug.

In fact I would say that it is beter to fix this blk integrity bug in a
separate patchset so that it can be pushed out earlier.

Thanks
Vivek
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Kent Overstreet

On Tue, Oct 02, 2012 at 04:32:53PM -0400, Vivek Goyal wrote:
 On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
  On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
   On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
   
   [..]
Here's the new patch:


commit e270c9ca843b5c86d59431b0d7a676b7846946d6
Author: Kent Overstreet koverstr...@google.com
Date:   Mon Oct 1 14:41:08 2012 -0700

block: Fix a buffer overrun in bio_integrity_split()

bio_integrity_split() seemed to be confusing pointers and arrays -
bip_vec in bio_integrity_payload is an array appended to the end of 
the
payload, so the bio_vecs in struct bio_pair need to come immediately
after the bio_integrity_payload they're for, and there was an 
assignment
in bio_integrity_split() that didn't make any sense.

Also, changed bio_integrity_split() to not refer to the bvecs 
embedded
in struct bio_pair, in case there's padding between them and
bip-bip_vec.

Signed-off-by: Kent Overstreet koverstr...@google.com
CC: Jens Axboe ax...@kernel.dk
CC: Martin K. Petersen martin.peter...@oracle.com

diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
index a3f28f3..4ae22a8 100644
--- a/fs/bio-integrity.c
+++ b/fs/bio-integrity.c
@@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct 
bio_pair *bp, int sectors)
bp-bio1.bi_integrity = bp-bip1;
bp-bio2.bi_integrity = bp-bip2;
 
-   bp-iv1 = bip-bip_vec[0];
-   bp-iv2 = bip-bip_vec[0];
+   *bp-bip1.bip_vec = bip-bip_vec[0];
+   *bp-bip2.bip_vec = bip-bip_vec[0];
   
   I think this is horrible. Why not introduce bvec pointer in bip (like 
   bio),
   to cover the case when bvec are not inline.
  
  That's... exactly what the next patch in the series does.
 
 Yes, but if you want to push some of the these bug fixes in stable (as martin
 had said), we need to introduce that bip-bio_vec pointer early. Also that
 next patch is doing lot other other things like getting rid of bip_slabs
 and we don't require all that to fix this particular bug.
 
 In fact I would say that it is beter to fix this blk integrity bug in a
 separate patchset so that it can be pushed out earlier.

I'm honestly not sure what your complaint about my bugfix patch was -
it's small and complete, it does fix the bug. I don't follow why you
think we need to introduce the bip-bio_vec pointer early...
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Vivek Goyal

On Tue, Oct 02, 2012 at 02:01:43PM -0700, Kent Overstreet wrote:
 On Tue, Oct 02, 2012 at 04:32:53PM -0400, Vivek Goyal wrote:
  On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
   On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:

[..]
 Here's the new patch:
 
 
 commit e270c9ca843b5c86d59431b0d7a676b7846946d6
 Author: Kent Overstreet koverstr...@google.com
 Date:   Mon Oct 1 14:41:08 2012 -0700
 
 block: Fix a buffer overrun in bio_integrity_split()
 
 bio_integrity_split() seemed to be confusing pointers and arrays -
 bip_vec in bio_integrity_payload is an array appended to the end 
 of the
 payload, so the bio_vecs in struct bio_pair need to come 
 immediately
 after the bio_integrity_payload they're for, and there was an 
 assignment
 in bio_integrity_split() that didn't make any sense.
 
 Also, changed bio_integrity_split() to not refer to the bvecs 
 embedded
 in struct bio_pair, in case there's padding between them and
 bip-bip_vec.
 
 Signed-off-by: Kent Overstreet koverstr...@google.com
 CC: Jens Axboe ax...@kernel.dk
 CC: Martin K. Petersen martin.peter...@oracle.com
 
 diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
 index a3f28f3..4ae22a8 100644
 --- a/fs/bio-integrity.c
 +++ b/fs/bio-integrity.c
 @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, 
 struct bio_pair *bp, int sectors)
   bp-bio1.bi_integrity = bp-bip1;
   bp-bio2.bi_integrity = bp-bip2;
  
 - bp-iv1 = bip-bip_vec[0];
 - bp-iv2 = bip-bip_vec[0];
 + *bp-bip1.bip_vec = bip-bip_vec[0];
 + *bp-bip2.bip_vec = bip-bip_vec[0];

I think this is horrible. Why not introduce bvec pointer in bip (like 
bio),
to cover the case when bvec are not inline.
   
   That's... exactly what the next patch in the series does.
  
  Yes, but if you want to push some of the these bug fixes in stable (as 
  martin
  had said), we need to introduce that bip-bio_vec pointer early. Also that
  next patch is doing lot other other things like getting rid of bip_slabs
  and we don't require all that to fix this particular bug.
  
  In fact I would say that it is beter to fix this blk integrity bug in a
  separate patchset so that it can be pushed out earlier.
 
 I'm honestly not sure what your complaint about my bugfix patch was -
 it's small and complete, it does fix the bug. I don't follow why you
 think we need to introduce the bip-bio_vec pointer early...

I think having iv1 and iv2 and then not even accessing these using 
bp-iv1 and bp-iv2 is a bad idea even for bugfix.

I have never seen a code which says, hey I have defined two fields in a
struct but, don't access those fields directly(as there might be padding
issues). These fields are just there for blocking a chunk of memory but are
never meant to be accessed directly. I think, that's what my issue is. It
is bad programming (does not matter whether it is bug fix or not).

For your series it probably is still fine as you will overide it pretty
soon but what about stable. Anybody looking at that code might want
to say, hey why not directly initialize bp-iv1 instead of trying to
do *bp-bip1.bip_vec. And everybody will say, yes looks fine and boom
a bug is introduced because we did bad programming.

Thanks
Vivek
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Kent Overstreet

On Tue, Oct 02, 2012 at 05:58:45PM -0400, Vivek Goyal wrote:
 On Tue, Oct 02, 2012 at 02:01:43PM -0700, Kent Overstreet wrote:
  I'm honestly not sure what your complaint about my bugfix patch was -
  it's small and complete, it does fix the bug. I don't follow why you
  think we need to introduce the bip-bio_vec pointer early...
 
 I think having iv1 and iv2 and then not even accessing these using 
 bp-iv1 and bp-iv2 is a bad idea even for bugfix.
 
 I have never seen a code which says, hey I have defined two fields in a
 struct but, don't access those fields directly(as there might be padding
 issues). These fields are just there for blocking a chunk of memory but are
 never meant to be accessed directly. I think, that's what my issue is. It
 is bad programming (does not matter whether it is bug fix or not).
 
 For your series it probably is still fine as you will overide it pretty
 soon but what about stable. Anybody looking at that code might want
 to say, hey why not directly initialize bp-iv1 instead of trying to
 do *bp-bip1.bip_vec. And everybody will say, yes looks fine and boom
 a bug is introduced because we did bad programming.

Ok. It's definitely a bit weird and unusual, and if I wasn't getting rid
of it in the next patch it would definitely merit a comment.

For stable... wtf would they be making that kind of change for, and
without reading the relevant code?

Eh, maybe I will stick in that comment and take it out in the next
patch.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-02 Thread Martin K. Petersen

 Kent == Kent Overstreet koverstr...@google.com writes:

  + *bp-bip1.bip_vec = bip-bip_vec[0];
  + *bp-bip2.bip_vec = bip-bip_vec[0];
 
 I think this is horrible.

Yep.


 Why not introduce bvec pointer in bip (like bio), to cover the case
 when bvec are not inline.

Kent That's... exactly what the next patch in the series does.

I'm perfectly ok with a patch that introduces the pointer and fixes the
bio_pair case. As long as that's all it does.

-- 
Martin K. Petersen  Oracle Linux Engineering
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-01 Thread Kent Overstreet

On Mon, Oct 01, 2012 at 05:23:36PM -0400, Vivek Goyal wrote:
> On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
> > bio_integrity_split() seemed to be confusing pointers and arrays -
> > bip_vec in bio_integrity_payload is an array appended to the end of the
> > payload, so the bio_vecs in struct bio_pair need to come immediately
> > after the bio_integrity_payload they're for, and there was an assignment
> > in bio_integrity_split() that didn't make any sense.
> > 
> > Signed-off-by: Kent Overstreet 
> > CC: Jens Axboe 
> > CC: Martin K. Petersen 
> > ---
> >  fs/bio-integrity.c  | 3 ---
> >  include/linux/bio.h | 6 --
> >  2 files changed, 4 insertions(+), 5 deletions(-)
> > 
> > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > index a3f28f3..c7b6b52 100644
> > --- a/fs/bio-integrity.c
> > +++ b/fs/bio-integrity.c
> > @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct 
> > bio_pair *bp, int sectors)
> > bp->iv1 = bip->bip_vec[0];
> > bp->iv2 = bip->bip_vec[0];
> >  
> > -   bp->bip1.bip_vec[0] = bp->iv1;
> > -   bp->bip2.bip_vec[0] = bp->iv2;
> > -
> > bp->iv1.bv_len = sectors * bi->tuple_size;
> > bp->iv2.bv_offset += sectors * bi->tuple_size;
> > bp->iv2.bv_len -= sectors * bi->tuple_size;
> > diff --git a/include/linux/bio.h b/include/linux/bio.h
> > index b31036f..8e2d108 100644
> > --- a/include/linux/bio.h
> > +++ b/include/linux/bio.h
> > @@ -200,8 +200,10 @@ struct bio_pair {
> > struct bio  bio1, bio2;
> > struct bio_vec  bv1, bv2;
> >  #if defined(CONFIG_BLK_DEV_INTEGRITY)
> > -   struct bio_integrity_payloadbip1, bip2;
> > -   struct bio_vec  iv1, iv2;
> > +   struct bio_integrity_payloadbip1;
> > +   struct bio_vec  iv1;
> > +   struct bio_integrity_payloadbip2;
> > +   struct bio_vec  iv2;
> >  #endif
> 
> I think it probably is a good idea to put a comment here so that we
> know that certain elements of structure assume ordering.
> 
> Also I am wondering that what's the gurantee that there are no padding
> bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
> bytes then the assumption that bio_vec is always following bip will be
> broken?

Here's the new patch:


commit e270c9ca843b5c86d59431b0d7a676b7846946d6
Author: Kent Overstreet 
Date:   Mon Oct 1 14:41:08 2012 -0700

block: Fix a buffer overrun in bio_integrity_split()

bio_integrity_split() seemed to be confusing pointers and arrays -
bip_vec in bio_integrity_payload is an array appended to the end of the
payload, so the bio_vecs in struct bio_pair need to come immediately
after the bio_integrity_payload they're for, and there was an assignment
in bio_integrity_split() that didn't make any sense.

Also, changed bio_integrity_split() to not refer to the bvecs embedded
in struct bio_pair, in case there's padding between them and
bip->bip_vec.

Signed-off-by: Kent Overstreet 
CC: Jens Axboe 
CC: Martin K. Petersen 

diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
index a3f28f3..4ae22a8 100644
--- a/fs/bio-integrity.c
+++ b/fs/bio-integrity.c
@@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct bio_pair 
*bp, int sectors)
bp->bio1.bi_integrity = >bip1;
bp->bio2.bi_integrity = >bip2;
 
-   bp->iv1 = bip->bip_vec[0];
-   bp->iv2 = bip->bip_vec[0];
+   *bp->bip1.bip_vec = bip->bip_vec[0];
+   *bp->bip2.bip_vec = bip->bip_vec[0];
 
-   bp->bip1.bip_vec[0] = bp->iv1;
-   bp->bip2.bip_vec[0] = bp->iv2;
-
-   bp->iv1.bv_len = sectors * bi->tuple_size;
-   bp->iv2.bv_offset += sectors * bi->tuple_size;
-   bp->iv2.bv_len -= sectors * bi->tuple_size;
+   bp->bip1.bip_vec->bv_len = sectors * bi->tuple_size;
+   bp->bip2.bip_vec->bv_offset += sectors * bi->tuple_size;
+   bp->bip2.bip_vec->bv_len -= sectors * bi->tuple_size;
 
bp->bip1.bip_sector = bio->bi_integrity->bip_sector;
bp->bip2.bip_sector = bio->bi_integrity->bip_sector + nr_sectors;
diff --git a/include/linux/bio.h b/include/linux/bio.h
index b31036f..8e2d108 100644
--- a/include/linux/bio.h
+++ b/include/linux/bio.h
@@ -200,8 +200,10 @@ struct bio_pair {
struct bio  bio1, bio2;
struct bio_vec  bv1, bv2;
 #if defined(CONFIG_BLK_DEV_INTEGRITY)
-   struct bio_integrity_payloadbip1, bip2;
-   struct bio_vec  iv1, iv2;
+   struct bio_integrity_payloadbip1;
+   struct bio_vec  iv1;
+   struct bio_integrity_payloadbip2;
+   struct bio_vec  iv2;
 #endif
atomic_tcnt;
int error;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-01 Thread Kent Overstreet

On Mon, Oct 01, 2012 at 05:23:36PM -0400, Vivek Goyal wrote:
> On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
> > bio_integrity_split() seemed to be confusing pointers and arrays -
> > bip_vec in bio_integrity_payload is an array appended to the end of the
> > payload, so the bio_vecs in struct bio_pair need to come immediately
> > after the bio_integrity_payload they're for, and there was an assignment
> > in bio_integrity_split() that didn't make any sense.
> > 
> > Signed-off-by: Kent Overstreet 
> > CC: Jens Axboe 
> > CC: Martin K. Petersen 
> > ---
> >  fs/bio-integrity.c  | 3 ---
> >  include/linux/bio.h | 6 --
> >  2 files changed, 4 insertions(+), 5 deletions(-)
> > 
> > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > index a3f28f3..c7b6b52 100644
> > --- a/fs/bio-integrity.c
> > +++ b/fs/bio-integrity.c
> > @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct 
> > bio_pair *bp, int sectors)
> > bp->iv1 = bip->bip_vec[0];
> > bp->iv2 = bip->bip_vec[0];
> >  
> > -   bp->bip1.bip_vec[0] = bp->iv1;
> > -   bp->bip2.bip_vec[0] = bp->iv2;
> > -
> > bp->iv1.bv_len = sectors * bi->tuple_size;
> > bp->iv2.bv_offset += sectors * bi->tuple_size;
> > bp->iv2.bv_len -= sectors * bi->tuple_size;
> > diff --git a/include/linux/bio.h b/include/linux/bio.h
> > index b31036f..8e2d108 100644
> > --- a/include/linux/bio.h
> > +++ b/include/linux/bio.h
> > @@ -200,8 +200,10 @@ struct bio_pair {
> > struct bio  bio1, bio2;
> > struct bio_vec  bv1, bv2;
> >  #if defined(CONFIG_BLK_DEV_INTEGRITY)
> > -   struct bio_integrity_payloadbip1, bip2;
> > -   struct bio_vec  iv1, iv2;
> > +   struct bio_integrity_payloadbip1;
> > +   struct bio_vec  iv1;
> > +   struct bio_integrity_payloadbip2;
> > +   struct bio_vec  iv2;
> >  #endif
> 
> I think it probably is a good idea to put a comment here so that we
> know that certain elements of structure assume ordering.

I'd agree, but I am getting rid of that requirement in the next patch...

> Also I am wondering that what's the gurantee that there are no padding
> bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
> bytes then the assumption that bio_vec is always following bip will be
> broken?

Feh, that is an issue. It wouldn't be an issue if we never referred to
the embedded bvecs - and only referred to bip->bip_inline_vecs - but we
don't.

I'll have to fix that.

> Also had a general question about split logic. We seem to have only one
> global pool for bio pair (bio_split_pool). So in the IO stack if we split
> a bio more than once, we have the deadlock possibility again?

Yes.

I have a fix for that in my patch queue. There's no trivial fix because
the current bio_split implementation requires its own mempool - either
we'd have to add that mempool to struct bio_set (ew, no) or we'd have to
have all the callers also allocate their own bio_pairi mempool.

My approach gets rid of the need for the bio_pair mempool by adding
generic bio chaining, which requires adding a single refcount to struct
bio - bi_remaining, and bio_endio() does an atomic_dec_and_test() on
that refcount. Chaining is also done with a flag indicating that
bi_private points to a bio, instead of a bio_chain_endio function.

A bio_chain_endio() function would be cleaner, but the problem is with
arbitrary and unlimited bio splitting, completing a bio can complete an
unlimited number of splits and use an unbounded amount of stack. (tail
call optimization would be another way of solving that, but building
with frame pointers also disables sibling call optimization so we can't
depend on that).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-01 Thread Vivek Goyal

On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
> bio_integrity_split() seemed to be confusing pointers and arrays -
> bip_vec in bio_integrity_payload is an array appended to the end of the
> payload, so the bio_vecs in struct bio_pair need to come immediately
> after the bio_integrity_payload they're for, and there was an assignment
> in bio_integrity_split() that didn't make any sense.
> 
> Signed-off-by: Kent Overstreet 
> CC: Jens Axboe 
> CC: Martin K. Petersen 
> ---
>  fs/bio-integrity.c  | 3 ---
>  include/linux/bio.h | 6 --
>  2 files changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> index a3f28f3..c7b6b52 100644
> --- a/fs/bio-integrity.c
> +++ b/fs/bio-integrity.c
> @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct bio_pair 
> *bp, int sectors)
>   bp->iv1 = bip->bip_vec[0];
>   bp->iv2 = bip->bip_vec[0];
>  
> - bp->bip1.bip_vec[0] = bp->iv1;
> - bp->bip2.bip_vec[0] = bp->iv2;
> -
>   bp->iv1.bv_len = sectors * bi->tuple_size;
>   bp->iv2.bv_offset += sectors * bi->tuple_size;
>   bp->iv2.bv_len -= sectors * bi->tuple_size;
> diff --git a/include/linux/bio.h b/include/linux/bio.h
> index b31036f..8e2d108 100644
> --- a/include/linux/bio.h
> +++ b/include/linux/bio.h
> @@ -200,8 +200,10 @@ struct bio_pair {
>   struct bio  bio1, bio2;
>   struct bio_vec  bv1, bv2;
>  #if defined(CONFIG_BLK_DEV_INTEGRITY)
> - struct bio_integrity_payloadbip1, bip2;
> - struct bio_vec  iv1, iv2;
> + struct bio_integrity_payloadbip1;
> + struct bio_vec  iv1;
> + struct bio_integrity_payloadbip2;
> + struct bio_vec  iv2;
>  #endif

I think it probably is a good idea to put a comment here so that we
know that certain elements of structure assume ordering.

Also I am wondering that what's the gurantee that there are no padding
bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
bytes then the assumption that bio_vec is always following bip will be
broken?

Also had a general question about split logic. We seem to have only one
global pool for bio pair (bio_split_pool). So in the IO stack if we split
a bio more than once, we have the deadlock possibility again?

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-01 Thread Vivek Goyal

On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
 bio_integrity_split() seemed to be confusing pointers and arrays -
 bip_vec in bio_integrity_payload is an array appended to the end of the
 payload, so the bio_vecs in struct bio_pair need to come immediately
 after the bio_integrity_payload they're for, and there was an assignment
 in bio_integrity_split() that didn't make any sense.
 
 Signed-off-by: Kent Overstreet koverstr...@google.com
 CC: Jens Axboe ax...@kernel.dk
 CC: Martin K. Petersen martin.peter...@oracle.com
 ---
  fs/bio-integrity.c  | 3 ---
  include/linux/bio.h | 6 --
  2 files changed, 4 insertions(+), 5 deletions(-)
 
 diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
 index a3f28f3..c7b6b52 100644
 --- a/fs/bio-integrity.c
 +++ b/fs/bio-integrity.c
 @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct bio_pair 
 *bp, int sectors)
   bp-iv1 = bip-bip_vec[0];
   bp-iv2 = bip-bip_vec[0];
  
 - bp-bip1.bip_vec[0] = bp-iv1;
 - bp-bip2.bip_vec[0] = bp-iv2;
 -
   bp-iv1.bv_len = sectors * bi-tuple_size;
   bp-iv2.bv_offset += sectors * bi-tuple_size;
   bp-iv2.bv_len -= sectors * bi-tuple_size;
 diff --git a/include/linux/bio.h b/include/linux/bio.h
 index b31036f..8e2d108 100644
 --- a/include/linux/bio.h
 +++ b/include/linux/bio.h
 @@ -200,8 +200,10 @@ struct bio_pair {
   struct bio  bio1, bio2;
   struct bio_vec  bv1, bv2;
  #if defined(CONFIG_BLK_DEV_INTEGRITY)
 - struct bio_integrity_payloadbip1, bip2;
 - struct bio_vec  iv1, iv2;
 + struct bio_integrity_payloadbip1;
 + struct bio_vec  iv1;
 + struct bio_integrity_payloadbip2;
 + struct bio_vec  iv2;
  #endif

I think it probably is a good idea to put a comment here so that we
know that certain elements of structure assume ordering.

Also I am wondering that what's the gurantee that there are no padding
bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
bytes then the assumption that bio_vec is always following bip will be
broken?

Also had a general question about split logic. We seem to have only one
global pool for bio pair (bio_split_pool). So in the IO stack if we split
a bio more than once, we have the deadlock possibility again?

Thanks
Vivek
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-01 Thread Kent Overstreet

On Mon, Oct 01, 2012 at 05:23:36PM -0400, Vivek Goyal wrote:
 On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
  bio_integrity_split() seemed to be confusing pointers and arrays -
  bip_vec in bio_integrity_payload is an array appended to the end of the
  payload, so the bio_vecs in struct bio_pair need to come immediately
  after the bio_integrity_payload they're for, and there was an assignment
  in bio_integrity_split() that didn't make any sense.
  
  Signed-off-by: Kent Overstreet koverstr...@google.com
  CC: Jens Axboe ax...@kernel.dk
  CC: Martin K. Petersen martin.peter...@oracle.com
  ---
   fs/bio-integrity.c  | 3 ---
   include/linux/bio.h | 6 --
   2 files changed, 4 insertions(+), 5 deletions(-)
  
  diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
  index a3f28f3..c7b6b52 100644
  --- a/fs/bio-integrity.c
  +++ b/fs/bio-integrity.c
  @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct 
  bio_pair *bp, int sectors)
  bp-iv1 = bip-bip_vec[0];
  bp-iv2 = bip-bip_vec[0];
   
  -   bp-bip1.bip_vec[0] = bp-iv1;
  -   bp-bip2.bip_vec[0] = bp-iv2;
  -
  bp-iv1.bv_len = sectors * bi-tuple_size;
  bp-iv2.bv_offset += sectors * bi-tuple_size;
  bp-iv2.bv_len -= sectors * bi-tuple_size;
  diff --git a/include/linux/bio.h b/include/linux/bio.h
  index b31036f..8e2d108 100644
  --- a/include/linux/bio.h
  +++ b/include/linux/bio.h
  @@ -200,8 +200,10 @@ struct bio_pair {
  struct bio  bio1, bio2;
  struct bio_vec  bv1, bv2;
   #if defined(CONFIG_BLK_DEV_INTEGRITY)
  -   struct bio_integrity_payloadbip1, bip2;
  -   struct bio_vec  iv1, iv2;
  +   struct bio_integrity_payloadbip1;
  +   struct bio_vec  iv1;
  +   struct bio_integrity_payloadbip2;
  +   struct bio_vec  iv2;
   #endif
 
 I think it probably is a good idea to put a comment here so that we
 know that certain elements of structure assume ordering.

I'd agree, but I am getting rid of that requirement in the next patch...

 Also I am wondering that what's the gurantee that there are no padding
 bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
 bytes then the assumption that bio_vec is always following bip will be
 broken?

Feh, that is an issue. It wouldn't be an issue if we never referred to
the embedded bvecs - and only referred to bip-bip_inline_vecs - but we
don't.

I'll have to fix that.

 Also had a general question about split logic. We seem to have only one
 global pool for bio pair (bio_split_pool). So in the IO stack if we split
 a bio more than once, we have the deadlock possibility again?

Yes.

I have a fix for that in my patch queue. There's no trivial fix because
the current bio_split implementation requires its own mempool - either
we'd have to add that mempool to struct bio_set (ew, no) or we'd have to
have all the callers also allocate their own bio_pairi mempool.

My approach gets rid of the need for the bio_pair mempool by adding
generic bio chaining, which requires adding a single refcount to struct
bio - bi_remaining, and bio_endio() does an atomic_dec_and_test() on
that refcount. Chaining is also done with a flag indicating that
bi_private points to a bio, instead of a bio_chain_endio function.

A bio_chain_endio() function would be cleaner, but the problem is with
arbitrary and unlimited bio splitting, completing a bio can complete an
unlimited number of splits and use an unbounded amount of stack. (tail
call optimization would be another way of solving that, but building
with frame pointers also disables sibling call optimization so we can't
depend on that).
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

2012-10-01 Thread Kent Overstreet

On Mon, Oct 01, 2012 at 05:23:36PM -0400, Vivek Goyal wrote:
 On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
  bio_integrity_split() seemed to be confusing pointers and arrays -
  bip_vec in bio_integrity_payload is an array appended to the end of the
  payload, so the bio_vecs in struct bio_pair need to come immediately
  after the bio_integrity_payload they're for, and there was an assignment
  in bio_integrity_split() that didn't make any sense.
  
  Signed-off-by: Kent Overstreet koverstr...@google.com
  CC: Jens Axboe ax...@kernel.dk
  CC: Martin K. Petersen martin.peter...@oracle.com
  ---
   fs/bio-integrity.c  | 3 ---
   include/linux/bio.h | 6 --
   2 files changed, 4 insertions(+), 5 deletions(-)
  
  diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
  index a3f28f3..c7b6b52 100644
  --- a/fs/bio-integrity.c
  +++ b/fs/bio-integrity.c
  @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct 
  bio_pair *bp, int sectors)
  bp-iv1 = bip-bip_vec[0];
  bp-iv2 = bip-bip_vec[0];
   
  -   bp-bip1.bip_vec[0] = bp-iv1;
  -   bp-bip2.bip_vec[0] = bp-iv2;
  -
  bp-iv1.bv_len = sectors * bi-tuple_size;
  bp-iv2.bv_offset += sectors * bi-tuple_size;
  bp-iv2.bv_len -= sectors * bi-tuple_size;
  diff --git a/include/linux/bio.h b/include/linux/bio.h
  index b31036f..8e2d108 100644
  --- a/include/linux/bio.h
  +++ b/include/linux/bio.h
  @@ -200,8 +200,10 @@ struct bio_pair {
  struct bio  bio1, bio2;
  struct bio_vec  bv1, bv2;
   #if defined(CONFIG_BLK_DEV_INTEGRITY)
  -   struct bio_integrity_payloadbip1, bip2;
  -   struct bio_vec  iv1, iv2;
  +   struct bio_integrity_payloadbip1;
  +   struct bio_vec  iv1;
  +   struct bio_integrity_payloadbip2;
  +   struct bio_vec  iv2;
   #endif
 
 I think it probably is a good idea to put a comment here so that we
 know that certain elements of structure assume ordering.
 
 Also I am wondering that what's the gurantee that there are no padding
 bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
 bytes then the assumption that bio_vec is always following bip will be
 broken?

Here's the new patch:


commit e270c9ca843b5c86d59431b0d7a676b7846946d6
Author: Kent Overstreet koverstr...@google.com
Date:   Mon Oct 1 14:41:08 2012 -0700

block: Fix a buffer overrun in bio_integrity_split()

bio_integrity_split() seemed to be confusing pointers and arrays -
bip_vec in bio_integrity_payload is an array appended to the end of the
payload, so the bio_vecs in struct bio_pair need to come immediately
after the bio_integrity_payload they're for, and there was an assignment
in bio_integrity_split() that didn't make any sense.

Also, changed bio_integrity_split() to not refer to the bvecs embedded
in struct bio_pair, in case there's padding between them and
bip-bip_vec.

Signed-off-by: Kent Overstreet koverstr...@google.com
CC: Jens Axboe ax...@kernel.dk
CC: Martin K. Petersen martin.peter...@oracle.com

diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
index a3f28f3..4ae22a8 100644
--- a/fs/bio-integrity.c
+++ b/fs/bio-integrity.c
@@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct bio_pair 
*bp, int sectors)
bp-bio1.bi_integrity = bp-bip1;
bp-bio2.bi_integrity = bp-bip2;
 
-   bp-iv1 = bip-bip_vec[0];
-   bp-iv2 = bip-bip_vec[0];
+   *bp-bip1.bip_vec = bip-bip_vec[0];
+   *bp-bip2.bip_vec = bip-bip_vec[0];
 
-   bp-bip1.bip_vec[0] = bp-iv1;
-   bp-bip2.bip_vec[0] = bp-iv2;
-
-   bp-iv1.bv_len = sectors * bi-tuple_size;
-   bp-iv2.bv_offset += sectors * bi-tuple_size;
-   bp-iv2.bv_len -= sectors * bi-tuple_size;
+   bp-bip1.bip_vec-bv_len = sectors * bi-tuple_size;
+   bp-bip2.bip_vec-bv_offset += sectors * bi-tuple_size;
+   bp-bip2.bip_vec-bv_len -= sectors * bi-tuple_size;
 
bp-bip1.bip_sector = bio-bi_integrity-bip_sector;
bp-bip2.bip_sector = bio-bi_integrity-bip_sector + nr_sectors;
diff --git a/include/linux/bio.h b/include/linux/bio.h
index b31036f..8e2d108 100644
--- a/include/linux/bio.h
+++ b/include/linux/bio.h
@@ -200,8 +200,10 @@ struct bio_pair {
struct bio  bio1, bio2;
struct bio_vec  bv1, bv2;
 #if defined(CONFIG_BLK_DEV_INTEGRITY)
-   struct bio_integrity_payloadbip1, bip2;
-   struct bio_vec  iv1, iv2;
+   struct bio_integrity_payloadbip1;
+   struct bio_vec  iv1;
+   struct bio_integrity_payloadbip2;
+   struct bio_vec  iv2;
 #endif
atomic_tcnt;
int error;
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()

20 matches

Site Navigation

Mail list logo

Footer information