From: Boaz Harrosh <boaz@plexistor.com>
To: Ross Zwisler <ross.zwisler@linux.intel.com>,
linux-kernel@vger.kernel.org
Cc: "Roger C. Pao (Enmotus)" <rcpao.enmotus@gmail.com>,
linux-nvdimm@lists.01.org, Nick Piggin <npiggin@kernel.dk>
Subject: Re: [PATCH] brd: Ensure that bio_vecs have size <= PAGE_SIZE
Date: Wed, 11 Mar 2015 19:17:31 +0200 [thread overview]
Message-ID: <550078AB.5030203@plexistor.com> (raw)
In-Reply-To: <1426093353-23709-1-git-send-email-ross.zwisler@linux.intel.com>
On 03/11/2015 07:02 PM, Ross Zwisler wrote:
> The functions copy_from_brd() and copy_to_brd() are written with an
> assumption that the bio_vec they are given has size <= PAGE_SIZE. This
> assumption is not enforced in any way, and if the bio_vec has size
> larger than PAGE_SIZE data will just be lost.
>
> Such a situation can occur with I/Os generated from in-kernel sources,
> or with coalesced bio_vecs.
I wish you could show me where in Kernel this can happen.
who "coalesced bio_vecs" ? what Kernel sources generate bio->b_size > PAGE_SIZE ?
I did try to look and could not find any. Sorry for my slowness.
In fact I know of a couple of places that would break if this is true
> This bug was originally reported against
> the pmem driver, where it was found using the Enmotus tiering engine.
>
This out-of-tree driver - none-gpl, with no source code - is the first I have
heard of this.
> Instead we should have brd explicitly tell the block layer that it can
> handle data segments of at most PAGE_SIZE.
>
> Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
> Reported-by: Hugh Daschbach <hugh.daschbach@enmotus.com>
> Cc: Roger C. Pao (Enmotus) <rcpao.enmotus@gmail.com>
> Cc: Boaz Harrosh <boaz@plexistor.com>
> Cc: linux-nvdimm@lists.01.org
> Cc: Nick Piggin <npiggin@kernel.dk>
> ---
> drivers/block/brd.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/block/brd.c b/drivers/block/brd.c
> index 898b4f256782..7e4873361b64 100644
> --- a/drivers/block/brd.c
> +++ b/drivers/block/brd.c
> @@ -490,6 +490,7 @@ static struct brd_device *brd_alloc(int i)
> blk_queue_make_request(brd->brd_queue, brd_make_request);
> blk_queue_max_hw_sectors(brd->brd_queue, 1024);
> blk_queue_bounce_limit(brd->brd_queue, BLK_BOUNCE_ANY);
> + blk_queue_max_segment_size(brd->brd_queue, PAGE_SIZE);
The only place that I can find that uses _max_segment_size is
when translating a bio list to an sg_list, where physical segments
may coalesce. I have never seen it at the bio level
>
> brd->brd_queue->limits.discard_granularity = PAGE_SIZE;
> brd->brd_queue->limits.max_discard_sectors = UINT_MAX;
>
Cheers
Boaz
WARNING: multiple messages have this Message-ID (diff)
From: Boaz Harrosh <boaz@plexistor.com>
To: Ross Zwisler <ross.zwisler@linux.intel.com>,
linux-kernel@vger.kernel.org
Cc: "Roger C. Pao (Enmotus)" <rcpao.enmotus@gmail.com>,
linux-nvdimm@ml01.01.org, Nick Piggin <npiggin@kernel.dk>
Subject: Re: [PATCH] brd: Ensure that bio_vecs have size <= PAGE_SIZE
Date: Wed, 11 Mar 2015 19:17:31 +0200 [thread overview]
Message-ID: <550078AB.5030203@plexistor.com> (raw)
In-Reply-To: <1426093353-23709-1-git-send-email-ross.zwisler@linux.intel.com>
On 03/11/2015 07:02 PM, Ross Zwisler wrote:
> The functions copy_from_brd() and copy_to_brd() are written with an
> assumption that the bio_vec they are given has size <= PAGE_SIZE. This
> assumption is not enforced in any way, and if the bio_vec has size
> larger than PAGE_SIZE data will just be lost.
>
> Such a situation can occur with I/Os generated from in-kernel sources,
> or with coalesced bio_vecs.
I wish you could show me where in Kernel this can happen.
who "coalesced bio_vecs" ? what Kernel sources generate bio->b_size > PAGE_SIZE ?
I did try to look and could not find any. Sorry for my slowness.
In fact I know of a couple of places that would break if this is true
> This bug was originally reported against
> the pmem driver, where it was found using the Enmotus tiering engine.
>
This out-of-tree driver - none-gpl, with no source code - is the first I have
heard of this.
> Instead we should have brd explicitly tell the block layer that it can
> handle data segments of at most PAGE_SIZE.
>
> Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
> Reported-by: Hugh Daschbach <hugh.daschbach@enmotus.com>
> Cc: Roger C. Pao (Enmotus) <rcpao.enmotus@gmail.com>
> Cc: Boaz Harrosh <boaz@plexistor.com>
> Cc: linux-nvdimm@lists.01.org
> Cc: Nick Piggin <npiggin@kernel.dk>
> ---
> drivers/block/brd.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/block/brd.c b/drivers/block/brd.c
> index 898b4f256782..7e4873361b64 100644
> --- a/drivers/block/brd.c
> +++ b/drivers/block/brd.c
> @@ -490,6 +490,7 @@ static struct brd_device *brd_alloc(int i)
> blk_queue_make_request(brd->brd_queue, brd_make_request);
> blk_queue_max_hw_sectors(brd->brd_queue, 1024);
> blk_queue_bounce_limit(brd->brd_queue, BLK_BOUNCE_ANY);
> + blk_queue_max_segment_size(brd->brd_queue, PAGE_SIZE);
The only place that I can find that uses _max_segment_size is
when translating a bio list to an sg_list, where physical segments
may coalesce. I have never seen it at the bio level
>
> brd->brd_queue->limits.discard_granularity = PAGE_SIZE;
> brd->brd_queue->limits.max_discard_sectors = UINT_MAX;
>
Cheers
Boaz
next prev parent reply other threads:[~2015-03-11 17:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-11 17:02 [PATCH] brd: Ensure that bio_vecs have size <= PAGE_SIZE Ross Zwisler
2015-03-11 17:02 ` Ross Zwisler
2015-03-11 17:17 ` Boaz Harrosh [this message]
2015-03-11 17:17 ` Boaz Harrosh
2015-03-11 22:42 ` Ross Zwisler
2015-03-11 22:42 ` Ross Zwisler
2015-03-12 16:30 ` Boaz Harrosh
2015-03-12 16:30 ` Boaz Harrosh
2015-03-12 0:21 ` [Linux-nvdimm] " Dan Williams
2015-03-12 0:21 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=550078AB.5030203@plexistor.com \
--to=boaz@plexistor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=npiggin@kernel.dk \
--cc=rcpao.enmotus@gmail.com \
--cc=ross.zwisler@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.