[PATCH] block: make sure that bvec length can't be overflowed

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] block: make sure that bvec length can't be overflowed
@ 2019-04-16 15:38 Ming Lei
  2019-04-16 16:46 ` Christoph Hellwig
  2019-04-17 11:52 ` Hannes Reinecke
  0 siblings, 2 replies; 5+ messages in thread
From: Ming Lei @ 2019-04-16 15:38 UTC (permalink / raw)
  To: Jens Axboe; +Cc: linux-block, Ming Lei, Christoph Hellwig, Yi Zhang

bvec->bv_offset may be bigger than PAGE_SIZE sometimes, such as,
when one bio is splitted in the middle of one bvec via bio_split(),
and bi_iter.bi_bvec_done is used to build offset of the 1st bvec of
remained bio.

So we have to make sure that every bvec's offset is less than
PAGE_SIZE from bio_for_each_segment().

This patch fixes this issue reported by Zhang Yi When running nvme/011.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Yi Zhang <yi.zhang@redhat.com>
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Fixes: 6dc4f100c175 ("block: allow bio_for_each_segment_all() to iterate over multi-page bvec")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
---
 include/linux/bvec.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/linux/bvec.h b/include/linux/bvec.h
index 3bc91879e1e2..f179b370066f 100644
--- a/include/linux/bvec.h
+++ b/include/linux/bvec.h
@@ -160,8 +160,9 @@ static inline void bvec_advance(const struct bio_vec *bvec,
 		bv->bv_page = nth_page(bv->bv_page, 1);
 		bv->bv_offset = 0;
 	} else {
-		bv->bv_page = bvec->bv_page;
-		bv->bv_offset = bvec->bv_offset;
+		bv->bv_page = bvec_nth_page(bvec->bv_page, bvec->bv_offset /
+					    PAGE_SIZE);
+		bv->bv_offset = bvec->bv_offset % PAGE_SIZE;
 	}
 	bv->bv_len = min_t(unsigned int, PAGE_SIZE - bv->bv_offset,
 			   bvec->bv_len - iter_all->done);
-- 
2.9.5


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] block: make sure that bvec length can't be overflowed
  2019-04-16 15:38 [PATCH] block: make sure that bvec length can't be overflowed Ming Lei
@ 2019-04-16 16:46 ` Christoph Hellwig
  2019-04-16 17:03   ` Jens Axboe
  2019-04-17 11:52 ` Hannes Reinecke
  1 sibling, 1 reply; 5+ messages in thread
From: Christoph Hellwig @ 2019-04-16 16:46 UTC (permalink / raw)
  To: Ming Lei; +Cc: Jens Axboe, linux-block, Christoph Hellwig, Yi Zhang

s/overflowed/overflow/ in the subject.

Otherwise this looks good to me:

Reviewed-by: Christoph Hellwig <hch@lst.de>

Although this will create yet another conflict between Linus' tree
and the 5.2 block tree.

Although maybe Jens still reset the tree and move the merge past this..

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] block: make sure that bvec length can't be overflowed
  2019-04-16 16:46 ` Christoph Hellwig
@ 2019-04-16 17:03   ` Jens Axboe
  2019-04-17  0:48     ` Ming Lei
  0 siblings, 1 reply; 5+ messages in thread
From: Jens Axboe @ 2019-04-16 17:03 UTC (permalink / raw)
  To: Christoph Hellwig, Ming Lei; +Cc: linux-block, Yi Zhang

On 4/16/19 10:46 AM, Christoph Hellwig wrote:
> s/overflowed/overflow/ in the subject.
> 
> Otherwise this looks good to me:
> 
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> 
> Although this will create yet another conflict between Linus' tree
> and the 5.2 block tree.
> 
> Although maybe Jens still reset the tree and move the merge past this..

That was my main worry too... But I'll probably just deal with it and
redo the merge, I don't want to do two, and I don't want to have to
deal with answering for why we get repeated conflicts in this area.

For the patch, I do generally prefer doing an AND with PAGE_MASK
rather than a modulo with PAGE_SIZE. I know the compiler will take
care of it, but still, it's more prudent imho.

-- 
Jens Axboe

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] block: make sure that bvec length can't be overflowed
  2019-04-16 17:03   ` Jens Axboe
@ 2019-04-17  0:48     ` Ming Lei
  0 siblings, 0 replies; 5+ messages in thread
From: Ming Lei @ 2019-04-17  0:48 UTC (permalink / raw)
  To: Jens Axboe; +Cc: Christoph Hellwig, linux-block, Yi Zhang

On Tue, Apr 16, 2019 at 11:03:00AM -0600, Jens Axboe wrote:
> On 4/16/19 10:46 AM, Christoph Hellwig wrote:
> > s/overflowed/overflow/ in the subject.
> > 
> > Otherwise this looks good to me:
> > 
> > Reviewed-by: Christoph Hellwig <hch@lst.de>
> > 
> > Although this will create yet another conflict between Linus' tree
> > and the 5.2 block tree.
> > 
> > Although maybe Jens still reset the tree and move the merge past this..
> 
> That was my main worry too... But I'll probably just deal with it and
> redo the merge, I don't want to do two, and I don't want to have to
> deal with answering for why we get repeated conflicts in this area.

This one is a fix which should affect on loop and nvme-loop only in theory.

That is typical conflict between fix and feature(improvement).

Anyway, sorry for the a bit late fix.

> 
> For the patch, I do generally prefer doing an AND with PAGE_MASK
> rather than a modulo with PAGE_SIZE. I know the compiler will take
> care of it, but still, it's more prudent imho.

OK, do it in V2.


Thanks,
Ming

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] block: make sure that bvec length can't be overflowed
  2019-04-16 15:38 [PATCH] block: make sure that bvec length can't be overflowed Ming Lei
  2019-04-16 16:46 ` Christoph Hellwig
@ 2019-04-17 11:52 ` Hannes Reinecke
  1 sibling, 0 replies; 5+ messages in thread
From: Hannes Reinecke @ 2019-04-17 11:52 UTC (permalink / raw)
  To: Ming Lei, Jens Axboe; +Cc: linux-block, Christoph Hellwig, Yi Zhang

On 4/16/19 5:38 PM, Ming Lei wrote:
> bvec->bv_offset may be bigger than PAGE_SIZE sometimes, such as,
> when one bio is splitted in the middle of one bvec via bio_split(),
> and bi_iter.bi_bvec_done is used to build offset of the 1st bvec of
> remained bio.
> 
> So we have to make sure that every bvec's offset is less than
> PAGE_SIZE from bio_for_each_segment().
> 
> This patch fixes this issue reported by Zhang Yi When running nvme/011.
> 
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Yi Zhang <yi.zhang@redhat.com>
> Reported-by: Yi Zhang <yi.zhang@redhat.com>
> Fixes: 6dc4f100c175 ("block: allow bio_for_each_segment_all() to iterate over multi-page bvec")
> Signed-off-by: Ming Lei <ming.lei@redhat.com>
> ---
>   include/linux/bvec.h | 5 +++--
>   1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/bvec.h b/include/linux/bvec.h
> index 3bc91879e1e2..f179b370066f 100644
> --- a/include/linux/bvec.h
> +++ b/include/linux/bvec.h
> @@ -160,8 +160,9 @@ static inline void bvec_advance(const struct bio_vec *bvec,
>   		bv->bv_page = nth_page(bv->bv_page, 1);
>   		bv->bv_offset = 0;
>   	} else {
> -		bv->bv_page = bvec->bv_page;
> -		bv->bv_offset = bvec->bv_offset;
> +		bv->bv_page = bvec_nth_page(bvec->bv_page, bvec->bv_offset /
> +					    PAGE_SIZE);
> +		bv->bv_offset = bvec->bv_offset % PAGE_SIZE;
>   	}
>   	bv->bv_len = min_t(unsigned int, PAGE_SIZE - bv->bv_offset,
>   			   bvec->bv_len - iter_all->done);
> 
Looks okay.

Reviewed-by: Hannes Reinecke <hare@suse.com>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke            Teamlead Storage & Networking
hare@suse.de                              +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah
HRB 21284 (AG Nürnberg)

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-04-17 11:52 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-16 15:38 [PATCH] block: make sure that bvec length can't be overflowed Ming Lei
2019-04-16 16:46 ` Christoph Hellwig
2019-04-16 17:03   ` Jens Axboe
2019-04-17  0:48     ` Ming Lei
2019-04-17 11:52 ` Hannes Reinecke

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.