From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bruno =?UTF-8?B?UHLDqW1vbnQ=?= <bonbons@sysophe.eu>
Subject: Re: [PATCH] dm-crypt, dm-integrity: allow unaligned bv_offset (was:
 [Regression, Bisected] dm-crypt IO failures with active slub_debug in 4.12
 and later)
Date: Tue, 7 Nov 2017 09:13:23 +0100
Message-ID: <20171107091323.20664e3f@pluto.restena.lu>
References: <20171102213903.1baa4a10@uranus>
        <20171106161808.GC25073@redhat.com>
        <20171106232918.25c0ae1a@uranus>
        <alpine.LRH.2.02.1711061852380.23082@file01.intranet.prod.int.rdu2.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <alpine.LRH.2.02.1711061852380.23082@file01.intranet.prod.int.rdu2.redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: Mike Snitzer <snitzer@redhat.com>, Milan Broz <gmazyland@gmail.com>, dm-devel@redhat.com, linux-kernel@vger.kernel.org
List-Id: dm-devel.ids

On Mon, 6 Nov 2017 18:57:15 -0500 (EST) Mikulas Patocka wrote:
> On Mon, 6 Nov 2017, Bruno Pr=C3=A9mont wrote:
> > On Mon, 6 Nov 2017 11:18:09 Mike Snitzer wrote: =20
> > > On Thu, Nov 02 2017 at  4:39pm -0400, Bruno Pr=C3=A9mont wrote: =20
> > > > Hi,
> > > >=20
> > > > Between 4.11 and 4.12 I stopped being able to boot my system with r=
oot
> > > > partition encrypted with dm-crypt (issue still present in 4.14-rc7).
> > > > The system was able to open the dm-crypt device and read-only mount=
 the
> > > > XFS root partition on it.
> > > > Later read-write remounting though caused XFS to shutdown the files=
ystem
> > > > on IO error.
> > > >=20
> > > > Some reports found online indicated a possible coincidence with sta=
ck
> > > > protection or the like as well as use of slub_debug, the latter cau=
sing
> > > > the IO errors to surface for me (I have slub_debug=3DZP on my kernel
> > > > cmdline).
> > > >=20
> > > > I finally got time to go and bisect in order to find the triggering
> > > > patch. Bisect log:
> > > >=20
> > > > # good: [a351e9b9fc24e982ec2f0e76379a49826036da12] Linux 4.11
> > > > git bisect good a351e9b9fc24e982ec2f0e76379a49826036da12
> > > > # bad: [6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c] Linux 4.12
> > > > git bisect bad 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c
> > > > # bad: [2bd80401743568ced7d303b008ae5298ce77e695] Merge tag 'gpio-v=
4.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
> > > > git bisect bad 2bd80401743568ced7d303b008ae5298ce77e695
> > > > # good: [8d65b08debc7e62b2c6032d7fe7389d895b92cbc] Merge git://git.=
kernel.org/pub/scm/linux/kernel/git/davem/net-next
> > > > git bisect good 8d65b08debc7e62b2c6032d7fe7389d895b92cbc
> > > > # good: [8b03d1ed2c43a2ba5ef3381322ee4515b97381bf] Merge branch 'li=
nux-4.12' of git://github.com/skeggsb/linux into drm-next
> > > > git bisect good 8b03d1ed2c43a2ba5ef3381322ee4515b97381bf
> > > > # bad: [e897f267c51812bfecec45771a2d835c1a2bdacf] Merge tag 'backli=
ght-next-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlig=
ht
> > > > git bisect bad e897f267c51812bfecec45771a2d835c1a2bdacf
> > > > # good: [46f0537b1ecf672052007c97f102a7e6bf0791e4] Merge branch 'st=
able-4.12' of git://git.infradead.org/users/pcmoore/audit
> > > > git bisect good 46f0537b1ecf672052007c97f102a7e6bf0791e4
> > > > # good: [20d5c84bef067b7e804a163e2abca16c47125bad] Merge remote-tra=
cking branches 'asoc/topic/wm8960', 'asoc/topic/wm8978' and 'asoc/topic/zte=
-tdm' into asoc-next
> > > > git bisect good 20d5c84bef067b7e804a163e2abca16c47125bad
> > > > # bad: [7b66f13207e60e7c550af730986e77e38a0c69a3] Merge tag 'for-4.=
12/dm-post-merge-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/=
device-mapper/linux-dm
> > > > git bisect bad 7b66f13207e60e7c550af730986e77e38a0c69a3
> > > > # good: [dd7a8f5dee81ffb1794df1103f07c63fd4f1d766] md/raid5: make c=
hunk_aligned_read() split bios more cleanly.
> > > > git bisect good dd7a8f5dee81ffb1794df1103f07c63fd4f1d766
> > > > # bad: [6625d903253eb6f003849823e22d7b8de5bfb5b2] dm integrity: use=
 hex2bin instead of open-coded variant
> > > > git bisect bad 6625d903253eb6f003849823e22d7b8de5bfb5b2
> > > > # bad: [449b668ce0b9069fcaafa6344c7f10fa2ba9632e] dm cache: set/cle=
ar the cache core's dirty_bitset when loading mappings
> > > > git bisect bad 449b668ce0b9069fcaafa6344c7f10fa2ba9632e
> > > > # good: [33d2f09fcb357fd1861c4959d1d3505492bf91f8] dm crypt: introd=
uce new format of cipher with "capi:" prefix
> > > > git bisect good 33d2f09fcb357fd1861c4959d1d3505492bf91f8
> > > > # bad: [ff3af92b4461be773337111daea80bb91b2cd545] dm crypt: use shi=
fts instead of sector_div
> > > > git bisect bad ff3af92b4461be773337111daea80bb91b2cd545
> > > > # bad: [1aa0efd4210df1c57764b77040a6615bc9b3ac0f] dm integrity: fac=
tor out create_journal() from dm_integrity_ctr()
> > > > git bisect bad 1aa0efd4210df1c57764b77040a6615bc9b3ac0f
> > > > # bad: [8f0009a225171cc1b76a6b443de5137b26e1374b] dm crypt: optiona=
lly support larger encryption sector size
> > > > git bisect bad 8f0009a225171cc1b76a6b443de5137b26e1374b
> > > > # first bad commit: [8f0009a225171cc1b76a6b443de5137b26e1374b] dm c=
rypt: optionally support larger encryption sector size
> > > >=20
> > > > In order to test on 4.12 I had to revert the following commits,
> > > > the first two having been applied on top of bad commit:
> > > >   583fe7474c05ee5523e14ef791ea59604cd846dc (dm crypt: fix large blo=
ck integrity support)
> > > >   ff3af92b4461be773337111daea80bb91b2cd545 (dm crypt: use shifts in=
stead of sector_div)
> > > >   8f0009a225171cc1b76a6b443de5137b26e1374b (dm crypt: optionally su=
pport larger encryption sector size)
> > > >=20
> > > > From looking at 8f0009a225171cc1b76a6b443de5137b26e1374b I can't sp=
ot
> > > > direct cause though I assume there might be a mismatch in memory
> > > > allocation versus access sizes as a consequence of support for larg=
er
> > > > encryption sector size (someplace 512 byte versus page size access
> > > > tripping on memory poison?).   =20
> > >=20
> > > Thanks for bisecting this.
> > >=20
> > > Can you apply the following debug patch to see if either of these new=
er
> > > -EIO returns (introduced by commit 8f0009a225) are causing you proble=
ms
> > > for some reason?
> > >=20
> > > Thanks
> > >=20
> > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> > > index 05acc42..daefe37 100644
> > > --- a/drivers/md/dm-crypt.c
> > > +++ b/drivers/md/dm-crypt.c
> > > @@ -1056,7 +1056,7 @@ static int crypt_convert_block_aead(struct cryp=
t_config *cc,
> > >  	BUG_ON(cc->integrity_iv_size && cc->integrity_iv_size !=3D cc->iv_s=
ize);
> > > =20
> > >  	/* Reject unexpected unaligned bio. */
> > > -	if (unlikely(bv_in.bv_offset & (cc->sector_size - 1)))
> > > +	if (WARN_ON_ONCE(unlikely(bv_in.bv_offset & (cc->sector_size - 1)))=
))
> > >  		return -EIO;
> > > =20
> > >  	dmreq =3D dmreq_of_req(cc, req);
> > > @@ -1149,7 +1149,7 @@ static int crypt_convert_block_skcipher(struct =
crypt_config *cc,
> > >  	int r =3D 0;
> > > =20
> > >  	/* Reject unexpected unaligned bio. */
> > > -	if (unlikely(bv_in.bv_offset & (cc->sector_size - 1)))
> > > +	if (WARN_ON_ONCE(unlikely(bv_in.bv_offset & (cc->sector_size - 1))))
> > >  		return -EIO;
> > > =20
> > >  	dmreq =3D dmreq_of_req(cc, req); =20
> >=20
> > This second one triggers:
> > [  143.238220] ------------[ cut here ]------------
> > [  143.238228] WARNING: CPU: 1 PID: 379 at /usr/src/linux-git/drivers/m=
d/dm-crypt.c:1158 crypt_convert+0xd53/0x1070
> > [  143.238229] Modules linked in:
> > [  143.238233] CPU: 1 PID: 379 Comm: kworker/u17:3 Not tainted 4.12.14+=
 #2
> > [  143.238234] Hardware name: FUJITSU LIFEBOOK U904/FJNB27D, BIOS Versi=
on 1.09 03/20/2014
> > [  143.238236] Workqueue: kcryptd kcryptd_crypt
> > [  143.238238] task: ffff982ccdf628c0 task.stack: ffffb3b5c0bb8000
> > [  143.238240] RIP: 0010:crypt_convert+0xd53/0x1070
> > [  143.238242] RSP: 0018:ffffb3b5c0bbbd28 EFLAGS: 00010202
> > [  143.238243] RAX: 00000000000001ff RBX: ffff982ccbebafe0 RCX: ffffd8d=
08a2fc880
> > [  143.238244] RDX: 0000000000000868 RSI: ffff982ccbebaf40 RDI: 0000000=
000000000
> > [  143.238245] RBP: ffffb3b5c0bbbdd8 R08: 0000000000000000 R09: 0000000=
000000018
> > [  143.238246] R10: ffffb3b5c0073e60 R11: ffffd8d08a2fc880 R12: 0000000=
000000000
> > [  143.238247] R13: ffff982ccbebaf40 R14: ffff982ccdf5f308 R15: ffff982=
cd00dd288
> > [  143.238248] FS:  0000000000000000(0000) GS:ffff982cde240000(0000) kn=
lGS:0000000000000000
> > [  143.238249] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [  143.238251] CR2: 00007f45350793c4 CR3: 000000006b20a000 CR4: 0000000=
0001406e0
> > [  143.238251] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000=
000000000
> > [  143.238252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000=
000000400
> > [  143.238253] Call Trace:
> > [  143.238256]  kcryptd_crypt+0x32c/0x3a0
> > [  143.238261]  process_one_work+0x11c/0x340
> > [  143.238264]  worker_thread+0x43/0x3e0
> > [  143.238267]  kthread+0xfe/0x140
> > [  143.238269]  ? create_worker+0x1a0/0x1a0
> > [  143.238271]  ? kthread_create_on_node+0x40/0x40
> > [  143.238275]  ret_from_fork+0x22/0x30
> > [  143.238276] Code: ff ff 49 8b 7e 10 be 00 00 40 01 e8 a8 2b 9c ff 49=
 89 45 70 e9 42 f3 ff ff 48 8b 75 c0 48 8b 7d c8 e8 52 34 c1 ff e9 d2 fa ff=
 ff <0f> ff e9 0f ff ff ff 41 3b 86 d8 00 00 00 0f 84 c2 f3 ff ff 0f
> > [  143.238306] ---[ end trace 81f0c82a360b9fb6 ]---
> > [  143.238369] XFS (dm-1): metadata I/O error: block 0x2 ("xfs_trans_re=
ad_buf_map") error 5 numblks 1
> > [  143.238373] XFS (dm-1): xfs_do_force_shutdown(0x1) called from line =
315 of file /usr/src/linux-git/fs/xfs/xfs_trans_buf.c.  Return address =3D =
0xffffffff9734a15c
> > [  143.238378] XFS (dm-1): I/O Error Detected. Shutting down filesystem
> > [  143.238378] XFS (dm-1): Please umount the filesystem and rectify the=
 problem(s)
> >=20
> > (your patch, compile-fixed, applied on 4.12.14 with offset=3D6)
> >=20
> > Bruno =20
>=20
> Hi
>=20
> I've made this patch for this bug. Try it.
>=20
> Mikulas
>=20
>=20
>=20
> From: Mikulas Patocka <mpatocka@redhat.com>
> Subject: [PATCH] dm-crypt, dm-integrity: allow unaligned bv_offset
>=20
> When slub_debug is enabled, kmalloc returns unaligned memory. XFS uses
> this unaligned memory for its buffers (if an unaligned buffer crosses a
> page, XFS frees it and allocates a full page instead - see the function
> xfs_buf_allocate_memory).
>=20
> dm-crypt and dm-integrity contain checks if bv_offset is aligned on page
> size and these checks fail with slub_debug and XFS.
>=20
> This patch fixes the bug by removing the bv_offset checks. In dm-crypt, w=
e=20
> check if bv_len is aligned instead of bv_offset (this check should be=20
> sufficient to prevent overruns if a bio with too small bv_len is=20
> received). In dm-integrity, we remove the check for bv_offset and leave=20
> only the check for bv_len.
>=20
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
> Cc: stable@vger.kernel.org	# v4.12+
> Fixes: 8f0009a22517 ("dm crypt: optionally support larger encryption sect=
or size")
> Fixes: 7eada909bfd7 ("dm: add integrity target")

Reported-by: Bruno Pr=C3=A9mont <bonbons@sysophe.eu>
Tested-by: Bruno Pr=C3=A9mont <bonbons@sysophe.eu>

Successfully tested on 4.12.14, 4.13.11 and 4.14-rc8+ (e4880bc5dfb1).


Thanks,
Bruno


> ---
>  drivers/md/dm-crypt.c     |    4 ++--
>  drivers/md/dm-integrity.c |    2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
>=20
> Index: linux-2.6/drivers/md/dm-crypt.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- linux-2.6.orig/drivers/md/dm-crypt.c
> +++ linux-2.6/drivers/md/dm-crypt.c
> @@ -1075,7 +1075,7 @@ static int crypt_convert_block_aead(stru
>  	BUG_ON(cc->integrity_iv_size && cc->integrity_iv_size !=3D cc->iv_size);
> =20
>  	/* Reject unexpected unaligned bio. */
> -	if (unlikely(bv_in.bv_offset & (cc->sector_size - 1)))
> +	if (unlikely(bv_in.bv_len & (cc->sector_size - 1)))
>  		return -EIO;
> =20
>  	dmreq =3D dmreq_of_req(cc, req);
> @@ -1168,7 +1168,7 @@ static int crypt_convert_block_skcipher(
>  	int r =3D 0;
> =20
>  	/* Reject unexpected unaligned bio. */
> -	if (unlikely(bv_in.bv_offset & (cc->sector_size - 1)))
> +	if (unlikely(bv_in.bv_len & (cc->sector_size - 1)))
>  		return -EIO;
> =20
>  	dmreq =3D dmreq_of_req(cc, req);
> Index: linux-2.6/drivers/md/dm-integrity.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- linux-2.6.orig/drivers/md/dm-integrity.c
> +++ linux-2.6/drivers/md/dm-integrity.c
> @@ -1376,7 +1376,7 @@ static int dm_integrity_map(struct dm_ta
>  		struct bvec_iter iter;
>  		struct bio_vec bv;
>  		bio_for_each_segment(bv, bio, iter) {
> -			if (unlikely((bv.bv_offset | bv.bv_len) & ((ic->sectors_per_block << =
SECTOR_SHIFT) - 1))) {
> +			if (unlikely(bv.bv_len & ((ic->sectors_per_block << SECTOR_SHIFT) - 1=
))) {
>  				DMERR("Bio vector (%u,%u) is not aligned on %u-sector boundary",
>  					bv.bv_offset, bv.bv_len, ic->sectors_per_block);
>  				return DM_MAPIO_KILL;