From patchwork Fri Nov 4 16:37:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 15688 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp518233wru; Fri, 4 Nov 2022 09:48:16 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6kHuEk5YF83ha2yYsG8LNWK4FIK9wGNPM80k1rxKKUsMh417qX7cWRLTGl2jHcyAobziOx X-Received: by 2002:a17:907:701:b0:780:2c44:e4dd with SMTP id xb1-20020a170907070100b007802c44e4ddmr2379468ejb.589.1667580496711; Fri, 04 Nov 2022 09:48:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667580496; cv=none; d=google.com; s=arc-20160816; b=KMZ1nScDKL8UpKekfWKxem6LVUHbUGQoBkB9sq73I5KO9Af/bHSdMdxiAgoxEqFsS7 FI4WTa9/ncczTJwXLTC4Xw+KMGLxt+MfmbfW12BGX8v0cAWFNHbU3XBa6jhdYDafapk5 NNi9SJkFO4jTJtrHEi0cj+BzULE8VhB/ZBieWPwWyiT97q/bTcixwMo7ZhgFzfK8Bh4j Td7dFeaIMlga3tQEdRq5o3nesGHMPwais+ZmpKdTHzlpAIdPTy5m9Rx49fl3WaPw9PMD hcokDhxxZYvVUNukiWAPanpXgDbb6H0M91W+F9CXPFAuNTpLClpdSwaEfzITzC5wZSUP Ttqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:date:cc:to:from:subject:organization :dkim-signature; bh=meSbCtcdhls8TiywckooFQyX4UhcYRP/sFZKWlTa6GQ=; b=WbjdA9ssxpCcn0FiG+1vpt4DM4q/95TtfypMPz/Hh3hGVhngYZdBDADO6ESxaNwOb9 rlk5F9gbe1SM7hqtLEkE4Jts2NozrnsrvuoS2znSb8IL+B9G08Y4taJ68yG3VKR2L81k JSMF+9jd2Zq0f3Mt/kbrLLbZEK+tjdnmzZa/0Xaf5Jsfrg2Ycnosyt+d73WAtAomeUlC kEE/W7TULlNGUHvwELeztqJLbF/mL/AhGgB4cnDP9WLxb2GHSP4r0J7tM6NuGfRKLNDp JcgW+Ee/3iRsvOJ4TcEh0Uq5u3lW/AIyHOi31pLOvxbVUjeZWtY3cezf1A6FrBgWWOlc D5WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QcRkc2WC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hg2-20020a1709072cc200b007add8ec38aesi6118653ejc.424.2022.11.04.09.47.50; Fri, 04 Nov 2022 09:48:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QcRkc2WC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232072AbiKDQjc (ORCPT + 99 others); Fri, 4 Nov 2022 12:39:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231926AbiKDQjG (ORCPT ); Fri, 4 Nov 2022 12:39:06 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 329E52B628 for ; Fri, 4 Nov 2022 09:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667579886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=meSbCtcdhls8TiywckooFQyX4UhcYRP/sFZKWlTa6GQ=; b=QcRkc2WCFp7CyBEJQ5WwfweaSqxNyO/5IW8/5h1p3mCOd21t7TElzVN2tCJXnlkxDYLYMl HW/UFvKnBLu14E9kXRIrtlWqN5+r8/B2Ngk1xItHYJqQ97rGFiOhzdsFOg5xWlMWQjKNUU dKNg74idPxQm4enu70AVG5yNb7Btf38= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-316-6IVZcBo2PGC0Te8OLKW-lA-1; Fri, 04 Nov 2022 12:38:01 -0400 X-MC-Unique: 6IVZcBo2PGC0Te8OLKW-lA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EDFED833AEC; Fri, 4 Nov 2022 16:38:00 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.37.22]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1A0E74EA61; Fri, 4 Nov 2022 16:38:00 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH v2 1/2] netfs: Fix missing xas_retry() calls in xarray iteration From: David Howells To: willy@infradead.org Cc: George Law , Jeff Layton , linux-cachefs@redhat.com, linux-fsdevel@vger.kernel.org, dhowells@redhat.com, linux-kernel@vger.kernel.org Date: Fri, 04 Nov 2022 16:37:59 +0000 Message-ID: <166757987929.950645.12595273010425381286.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748512452291186269?= X-GMAIL-MSGID: =?utf-8?q?1748584886722764813?= netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the first thing inside of the loop and do "continue" if it returns true in case the xarray walker passed out a special value indicating that the walk needs to be redone from the root[*]. Fix this by adding the missing retry checks. [*] I wonder if this should be done inside xas_find(), xas_next_node() and suchlike, but I'm told that's not an simple change to effect. This can cause an oops like that below. Note the faulting address - this is an internal value (|0x2) returned from xarray. BUG: kernel NULL pointer dereference, address: 0000000000000402 ... RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] ... Call Trace: netfs_rreq_assess+0xa6/0x240 [netfs] netfs_readpage+0x173/0x3b0 [netfs] ? init_wait_var_entry+0x50/0x50 filemap_read_page+0x33/0xf0 filemap_get_pages+0x2f2/0x3f0 filemap_read+0xaa/0x320 ? do_filp_open+0xb2/0x150 ? rmqueue+0x3be/0xe10 ceph_read_iter+0x1fe/0x680 [ceph] ? new_sync_read+0x115/0x1a0 new_sync_read+0x115/0x1a0 vfs_read+0xf3/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: 3d3c95046742 ("netfs: Provide readahead and readpage netfs helpers") Reported-by: George Law Signed-off-by: David Howells Reviewed-by: Jeff Layton cc: Matthew Wilcox cc: linux-cachefs@redhat.com cc: linux-fsdevel@vger.kernel.org Reviewed-by: Jingbo Xu --- fs/netfs/buffered_read.c | 9 +++++++-- fs/netfs/io.c | 3 +++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/netfs/buffered_read.c b/fs/netfs/buffered_read.c index 0ce535852151..baf668fb4315 100644 --- a/fs/netfs/buffered_read.c +++ b/fs/netfs/buffered_read.c @@ -46,10 +46,15 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq) rcu_read_lock(); xas_for_each(&xas, folio, last_page) { - unsigned int pgpos = (folio_index(folio) - start_page) * PAGE_SIZE; - unsigned int pgend = pgpos + folio_size(folio); + unsigned int pgpos, pgend; bool pg_failed = false; + if (xas_retry(&xas, folio)) + continue; + + pgpos = (folio_index(folio) - start_page) * PAGE_SIZE; + pgend = pgpos + folio_size(folio); + for (;;) { if (!subreq) { pg_failed = true; diff --git a/fs/netfs/io.c b/fs/netfs/io.c index 428925899282..e374767d1b68 100644 --- a/fs/netfs/io.c +++ b/fs/netfs/io.c @@ -121,6 +121,9 @@ static void netfs_rreq_unmark_after_write(struct netfs_io_request *rreq, XA_STATE(xas, &rreq->mapping->i_pages, subreq->start / PAGE_SIZE); xas_for_each(&xas, folio, (subreq->start + subreq->len - 1) / PAGE_SIZE) { + if (xas_retry(&xas, folio)) + continue; + /* We might have multiple writes from the same huge * folio, but we mustn't unlock a folio more than once. */ From patchwork Fri Nov 4 16:38:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 15686 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp518113wru; Fri, 4 Nov 2022 09:48:01 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5Npou6gepauQjKSKMb7Bd45QMutBJm2zX56ovE+W43UESGMUSxUSP+bGdWg0CWQ88RtDrY X-Received: by 2002:a05:6a00:1812:b0:56d:74bf:3204 with SMTP id y18-20020a056a00181200b0056d74bf3204mr27724327pfa.39.1667580481569; Fri, 04 Nov 2022 09:48:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667580481; cv=none; d=google.com; s=arc-20160816; b=AOsxW2MzM+m0G9cEU8Nfz+0XIlnH2wd0EJpwiX6A70AgFihXaMVrsnMqhhhIx7gm12 rpmQxVtk0C2kw3b0vMoxsk/PdWEiMgExCpVjGk0qYoSiAUAcQQoTM4USmzG9OeBZcO1T x813VIOeUs4XefMX4t+XgyYPv/9ZDjul0XU4Kc1uDzuNez9vRefwxGXG1mTfiZpumI72 VfZf8PVCFHQJvQshISAXQctE/DwIH/Eh3TxKW1X9n5GiGPDuyG+0EPPcMk4z+S3cc2tr qynttR8KZcmts6hKuigxmB0SzOiceD6A+xZdIT1Ziz4vhESQLogmviQXwDpVAM7AQ2Sl tplw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:dkim-signature; bh=98DS/ShV9PbTmYsJBJpYU7G9vDl9LaoIobMfit60y3k=; b=zc2X1nY8Icu4hPWWHDg+2lG/3WDIMAHUZXF+25Rb1cInNmuye+bj7OiTEeKgJL0MEG KpzfW+bz5bdinQR3iq5t+BGeP/aAGZfLs2eAcRyU/yf/sfUXChIyjw4rusYfMid/oFtF qaivx4xQzRdG6smm4Cn/G9ahgNXuPFql+FMnLfKtgMZYxLb4lc2YxEqzn8NY+Qcwi+rY Hi6NbdWCtqcaSNQO4J5f95UXStxRoNC8K2avx56HhGUXU9YlkegJ2HRFkfRd8hzbggN3 vQhOZ4UxQUO8NJheeqoELiZ4LJA/hWet5oddjKYhI2b3BXjSTRoYoEJ+4v4q1trYLImm 8Zgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=cPa0EPP0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q15-20020a170902f78f00b0018862b8c9a2si3565679pln.12.2022.11.04.09.47.48; Fri, 04 Nov 2022 09:48:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=cPa0EPP0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232058AbiKDQja (ORCPT + 99 others); Fri, 4 Nov 2022 12:39:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231919AbiKDQjE (ORCPT ); Fri, 4 Nov 2022 12:39:04 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A39032BB0A for ; Fri, 4 Nov 2022 09:38:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667579889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=98DS/ShV9PbTmYsJBJpYU7G9vDl9LaoIobMfit60y3k=; b=cPa0EPP0oY28v/Q7mrNeprlVhOvXDbDzyBmn7gwdDBshTbbWcSzXgvhoRm5gRoX2L+Iwvh fcfKeIKxks4aSUUIM+lciCg9htA3UJxpGw/13rPlyqUhB+9D1tQTbJTXxnrddyawdXRAVe qAKkJyHVBRGqDMaMPExMWpwzF/npv9E= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-623-H_dYYikvOU6jbZlu1Jeswg-1; Fri, 04 Nov 2022 12:38:08 -0400 X-MC-Unique: H_dYYikvOU6jbZlu1Jeswg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 852D8800B23; Fri, 4 Nov 2022 16:38:07 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.37.22]) by smtp.corp.redhat.com (Postfix) with ESMTP id C4B8C40C835A; Fri, 4 Nov 2022 16:38:06 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH v2 2/2] netfs: Fix dodgy maths From: David Howells To: willy@infradead.org Cc: Jeff Layton , linux-cachefs@redhat.com, linux-fsdevel@vger.kernel.org, dhowells@redhat.com, linux-kernel@vger.kernel.org Date: Fri, 04 Nov 2022 16:38:06 +0000 Message-ID: <166757988611.950645.7626959069846893164.stgit@warthog.procyon.org.uk> In-Reply-To: <166757987929.950645.12595273010425381286.stgit@warthog.procyon.org.uk> References: <166757987929.950645.12595273010425381286.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748584871274067145?= X-GMAIL-MSGID: =?utf-8?q?1748584871274067145?= Fix the dodgy maths in netfs_rreq_unlock_folios(). start_page could be inside the folio, in which case the calculation of pgpos will be come up with a negative number (though for the moment rreq->start is rounded down earlier and folios would have to get merged whilst locked) Alter how this works to just frame the tracking in terms of absolute file positions, rather than offsets from the start of the I/O request. This simplifies the maths and makes it easier to follow. Fix the issue by using folio_pos() and folio_size() to calculate the end position of the page. Fixes: 3d3c95046742 ("netfs: Provide readahead and readpage netfs helpers") Reported-by: Matthew Wilcox Signed-off-by: David Howells cc: Jeff Layton cc: linux-cachefs@redhat.com cc: linux-fsdevel@vger.kernel.org Link: https://lore.kernel.org/r/Y2SJw7w1IsIik3nb@casper.infradead.org/ Reviewed-by: Jingbo Xu Reviewed-by: Jeff Layton --- fs/netfs/buffered_read.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/netfs/buffered_read.c b/fs/netfs/buffered_read.c index baf668fb4315..7679a68e8193 100644 --- a/fs/netfs/buffered_read.c +++ b/fs/netfs/buffered_read.c @@ -17,9 +17,9 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq) { struct netfs_io_subrequest *subreq; struct folio *folio; - unsigned int iopos, account = 0; pgoff_t start_page = rreq->start / PAGE_SIZE; pgoff_t last_page = ((rreq->start + rreq->len) / PAGE_SIZE) - 1; + size_t account = 0; bool subreq_failed = false; XA_STATE(xas, &rreq->mapping->i_pages, start_page); @@ -39,23 +39,23 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq) */ subreq = list_first_entry(&rreq->subrequests, struct netfs_io_subrequest, rreq_link); - iopos = 0; subreq_failed = (subreq->error < 0); trace_netfs_rreq(rreq, netfs_rreq_trace_unlock); rcu_read_lock(); xas_for_each(&xas, folio, last_page) { - unsigned int pgpos, pgend; + loff_t pg_end; bool pg_failed = false; if (xas_retry(&xas, folio)) continue; - pgpos = (folio_index(folio) - start_page) * PAGE_SIZE; - pgend = pgpos + folio_size(folio); + pg_end = folio_pos(folio) + folio_size(folio) - 1; for (;;) { + loff_t sreq_end; + if (!subreq) { pg_failed = true; break; @@ -63,11 +63,11 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq) if (test_bit(NETFS_SREQ_COPY_TO_CACHE, &subreq->flags)) folio_start_fscache(folio); pg_failed |= subreq_failed; - if (pgend < iopos + subreq->len) + sreq_end = subreq->start + subreq->len - 1; + if (pg_end < sreq_end) break; account += subreq->transferred; - iopos += subreq->len; if (!list_is_last(&subreq->rreq_link, &rreq->subrequests)) { subreq = list_next_entry(subreq, rreq_link); subreq_failed = (subreq->error < 0); @@ -75,7 +75,8 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq) subreq = NULL; subreq_failed = false; } - if (pgend == iopos) + + if (pg_end == sreq_end) break; }