[f2fs-dev] [PATCH v3 1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()

[f2fs-dev] [PATCH v3 1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()

[Yangtao Li via Linux-f2fs-devel]

Add iotype sanity check to avoid potential memory corruption.
This is to fix the compile error below:

fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
'io_lat->peak_lat[type]' 3 <= 3

vim +228 fs/f2fs/iostat.c

  211  static inline void __update_iostat_latency(struct bio_iostat_ctx
	*iostat_ctx,
  212					enum iostat_lat_type type)
  213  {
  214		unsigned long ts_diff;
  215		unsigned int page_type = iostat_ctx->type;
  216		struct f2fs_sb_info *sbi = iostat_ctx->sbi;
  217		struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
  218		unsigned long flags;
  219
  220		if (!sbi->iostat_enable)
  221			return;
  222
  223		ts_diff = jiffies - iostat_ctx->submit_ts;
  224		if (page_type >= META_FLUSH)
                                 ^^^^^^^^^^

  225			page_type = META;
  226
  227		spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
 @228		io_lat->sum_lat[type][page_type] += ts_diff;
                                      ^^^^^^^^^
Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.

Fixes: a4b6817625e7 ("f2fs: introduce periodic iostat io latency traces")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Suggested-by: Chao Yu <chao@kernel.org>
Suggested-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Yangtao Li <frank.li@vivo.com>
---
v3:
-convert to warn
 fs/f2fs/iostat.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
index ed8176939aa5..96637756eae8 100644
--- a/fs/f2fs/iostat.c
+++ b/fs/f2fs/iostat.c
@@ -223,8 +223,12 @@ static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
 		return;
 
 	ts_diff = jiffies - iostat_ctx->submit_ts;
-	if (iotype >= META_FLUSH)
+	if (iotype == META_FLUSH) {
 		iotype = META;
+	} else if (iotype >= NR_PAGE_TYPE) {
+		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
+		return;
+	}
 
 	if (rw == 0) {
 		idx = READ_IO;
-- 
2.25.1



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

[f2fs-dev] [PATCH v3 2/2] f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()

[Yangtao Li via Linux-f2fs-devel]

Convert to use iostat_lat_type as parameter instead of raw number.
BTW, move NUM_PREALLOC_IOSTAT_CTXS to the header file, and rename
iotype to page_type to match the definition.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Yangtao Li <frank.li@vivo.com>
---
v3:
-convert to f2fs_warn()
 fs/f2fs/data.c   |  4 ++--
 fs/f2fs/iostat.c | 39 ++++++++++++++++-----------------------
 fs/f2fs/iostat.h | 19 ++++++++++---------
 3 files changed, 28 insertions(+), 34 deletions(-)

diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index 1645b8a1b904..710d4acde187 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -292,7 +292,7 @@ static void f2fs_read_end_io(struct bio *bio)
 	struct bio_post_read_ctx *ctx;
 	bool intask = in_task();
 
-	iostat_update_and_unbind_ctx(bio, 0);
+	iostat_update_and_unbind_ctx(bio, READ_IO);
 	ctx = bio->bi_private;
 
 	if (time_to_inject(sbi, FAULT_READ_IO))
@@ -330,7 +330,7 @@ static void f2fs_write_end_io(struct bio *bio)
 	struct bio_vec *bvec;
 	struct bvec_iter_all iter_all;
 
-	iostat_update_and_unbind_ctx(bio, 1);
+	iostat_update_and_unbind_ctx(bio, bio->bi_opf & REQ_SYNC ? WRITE_SYNC_IO : WRITE_ASYNC_IO);
 	sbi = bio->bi_private;
 
 	if (time_to_inject(sbi, FAULT_WRITE_IO))
diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
index 96637756eae8..c767a2e7d5a9 100644
--- a/fs/f2fs/iostat.c
+++ b/fs/f2fs/iostat.c
@@ -14,7 +14,6 @@
 #include "iostat.h"
 #include <trace/events/f2fs.h>
 
-#define NUM_PREALLOC_IOSTAT_CTXS	128
 static struct kmem_cache *bio_iostat_ctx_cache;
 static mempool_t *bio_iostat_ctx_pool;
 
@@ -210,53 +209,47 @@ void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
 }
 
 static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
-				int rw, bool is_sync)
+				enum iostat_lat_type lat_type)
 {
 	unsigned long ts_diff;
-	unsigned int iotype = iostat_ctx->type;
+	unsigned int page_type = iostat_ctx->type;
 	struct f2fs_sb_info *sbi = iostat_ctx->sbi;
 	struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
-	int idx;
 	unsigned long flags;
 
 	if (!sbi->iostat_enable)
 		return;
 
 	ts_diff = jiffies - iostat_ctx->submit_ts;
-	if (iotype == META_FLUSH) {
-		iotype = META;
-	} else if (iotype >= NR_PAGE_TYPE) {
-		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
+	if (page_type == META_FLUSH) {
+		page_type = META;
+	} else if (page_type >= NR_PAGE_TYPE) {
+		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, page_type);
 		return;
 	}
 
-	if (rw == 0) {
-		idx = READ_IO;
-	} else {
-		if (is_sync)
-			idx = WRITE_SYNC_IO;
-		else
-			idx = WRITE_ASYNC_IO;
+	if (lat_type >= MAX_IO_TYPE) {
+		f2fs_warn(sbi, "%s: %d over MAX_IO_TYPE", __func__, lat_type);
+		return;
 	}
 
 	spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
-	io_lat->sum_lat[idx][iotype] += ts_diff;
-	io_lat->bio_cnt[idx][iotype]++;
-	if (ts_diff > io_lat->peak_lat[idx][iotype])
-		io_lat->peak_lat[idx][iotype] = ts_diff;
+	io_lat->sum_lat[lat_type][page_type] += ts_diff;
+	io_lat->bio_cnt[lat_type][page_type]++;
+	if (ts_diff > io_lat->peak_lat[lat_type][page_type])
+		io_lat->peak_lat[lat_type][page_type] = ts_diff;
 	spin_unlock_irqrestore(&sbi->iostat_lat_lock, flags);
 }
 
-void iostat_update_and_unbind_ctx(struct bio *bio, int rw)
+void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type lat_type)
 {
 	struct bio_iostat_ctx *iostat_ctx = bio->bi_private;
-	bool is_sync = bio->bi_opf & REQ_SYNC;
 
-	if (rw == 0)
+	if (lat_type == READ_IO)
 		bio->bi_private = iostat_ctx->post_read_ctx;
 	else
 		bio->bi_private = iostat_ctx->sbi;
-	__update_iostat_latency(iostat_ctx, rw, is_sync);
+	__update_iostat_latency(iostat_ctx, lat_type);
 	mempool_free(iostat_ctx, bio_iostat_ctx_pool);
 }
 
diff --git a/fs/f2fs/iostat.h b/fs/f2fs/iostat.h
index 2c048307b6e0..1f827a2fe6b2 100644
--- a/fs/f2fs/iostat.h
+++ b/fs/f2fs/iostat.h
@@ -8,20 +8,21 @@
 
 struct bio_post_read_ctx;
 
+enum iostat_lat_type {
+	READ_IO = 0,
+	WRITE_SYNC_IO,
+	WRITE_ASYNC_IO,
+	MAX_IO_TYPE,
+};
+
 #ifdef CONFIG_F2FS_IOSTAT
 
+#define NUM_PREALLOC_IOSTAT_CTXS	128
 #define DEFAULT_IOSTAT_PERIOD_MS	3000
 #define MIN_IOSTAT_PERIOD_MS		100
 /* maximum period of iostat tracing is 1 day */
 #define MAX_IOSTAT_PERIOD_MS		8640000
 
-enum {
-	READ_IO,
-	WRITE_SYNC_IO,
-	WRITE_ASYNC_IO,
-	MAX_IO_TYPE,
-};
-
 struct iostat_lat_info {
 	unsigned long sum_lat[MAX_IO_TYPE][NR_PAGE_TYPE];	/* sum of io latencies */
 	unsigned long peak_lat[MAX_IO_TYPE][NR_PAGE_TYPE];	/* peak io latency */
@@ -57,7 +58,7 @@ static inline struct bio_post_read_ctx *get_post_read_ctx(struct bio *bio)
 	return iostat_ctx->post_read_ctx;
 }
 
-extern void iostat_update_and_unbind_ctx(struct bio *bio, int rw);
+extern void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type);
 extern void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
 		struct bio *bio, struct bio_post_read_ctx *ctx);
 extern int f2fs_init_iostat_processing(void);
@@ -67,7 +68,7 @@ extern void f2fs_destroy_iostat(struct f2fs_sb_info *sbi);
 #else
 static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
 		enum iostat_type type, unsigned long long io_bytes) {}
-static inline void iostat_update_and_unbind_ctx(struct bio *bio, int rw) {}
+static inline void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type) {}
 static inline void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
 		struct bio *bio, struct bio_post_read_ctx *ctx) {}
 static inline void iostat_update_submit_ctx(struct bio *bio,
-- 
2.25.1



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH v3 2/2] f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()

[Chao Yu]

On 2023/1/21 0:16, Yangtao Li wrote:
> Convert to use iostat_lat_type as parameter instead of raw number.
> BTW, move NUM_PREALLOC_IOSTAT_CTXS to the header file, and rename
> iotype to page_type to match the definition.
> 
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <error27@gmail.com>
> Signed-off-by: Yangtao Li <frank.li@vivo.com>
> ---
> v3:
> -convert to f2fs_warn()
>   fs/f2fs/data.c   |  4 ++--
>   fs/f2fs/iostat.c | 39 ++++++++++++++++-----------------------
>   fs/f2fs/iostat.h | 19 ++++++++++---------
>   3 files changed, 28 insertions(+), 34 deletions(-)
> 
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index 1645b8a1b904..710d4acde187 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -292,7 +292,7 @@ static void f2fs_read_end_io(struct bio *bio)
>   	struct bio_post_read_ctx *ctx;
>   	bool intask = in_task();
>   
> -	iostat_update_and_unbind_ctx(bio, 0);
> +	iostat_update_and_unbind_ctx(bio, READ_IO);
>   	ctx = bio->bi_private;
>   
>   	if (time_to_inject(sbi, FAULT_READ_IO))
> @@ -330,7 +330,7 @@ static void f2fs_write_end_io(struct bio *bio)
>   	struct bio_vec *bvec;
>   	struct bvec_iter_all iter_all;
>   
> -	iostat_update_and_unbind_ctx(bio, 1);
> +	iostat_update_and_unbind_ctx(bio, bio->bi_opf & REQ_SYNC ? WRITE_SYNC_IO : WRITE_ASYNC_IO);
>   	sbi = bio->bi_private;
>   
>   	if (time_to_inject(sbi, FAULT_WRITE_IO))
> diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
> index 96637756eae8..c767a2e7d5a9 100644
> --- a/fs/f2fs/iostat.c
> +++ b/fs/f2fs/iostat.c
> @@ -14,7 +14,6 @@
>   #include "iostat.h"
>   #include <trace/events/f2fs.h>
>   
> -#define NUM_PREALLOC_IOSTAT_CTXS	128
>   static struct kmem_cache *bio_iostat_ctx_cache;
>   static mempool_t *bio_iostat_ctx_pool;
>   
> @@ -210,53 +209,47 @@ void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
>   }
>   
>   static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
> -				int rw, bool is_sync)
> +				enum iostat_lat_type lat_type)
>   {
>   	unsigned long ts_diff;
> -	unsigned int iotype = iostat_ctx->type;
> +	unsigned int page_type = iostat_ctx->type;
>   	struct f2fs_sb_info *sbi = iostat_ctx->sbi;
>   	struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
> -	int idx;
>   	unsigned long flags;
>   
>   	if (!sbi->iostat_enable)
>   		return;
>   
>   	ts_diff = jiffies - iostat_ctx->submit_ts;
> -	if (iotype == META_FLUSH) {
> -		iotype = META;
> -	} else if (iotype >= NR_PAGE_TYPE) {
> -		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
> +	if (page_type == META_FLUSH) {
> +		page_type = META;
> +	} else if (page_type >= NR_PAGE_TYPE) {
> +		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, page_type);
>   		return;
>   	}
>   
> -	if (rw == 0) {
> -		idx = READ_IO;
> -	} else {
> -		if (is_sync)
> -			idx = WRITE_SYNC_IO;
> -		else
> -			idx = WRITE_ASYNC_IO;
> +	if (lat_type >= MAX_IO_TYPE) {
> +		f2fs_warn(sbi, "%s: %d over MAX_IO_TYPE", __func__, lat_type);
> +		return;
>   	}
>   
>   	spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
> -	io_lat->sum_lat[idx][iotype] += ts_diff;
> -	io_lat->bio_cnt[idx][iotype]++;
> -	if (ts_diff > io_lat->peak_lat[idx][iotype])
> -		io_lat->peak_lat[idx][iotype] = ts_diff;
> +	io_lat->sum_lat[lat_type][page_type] += ts_diff;
> +	io_lat->bio_cnt[lat_type][page_type]++;
> +	if (ts_diff > io_lat->peak_lat[lat_type][page_type])
> +		io_lat->peak_lat[lat_type][page_type] = ts_diff;
>   	spin_unlock_irqrestore(&sbi->iostat_lat_lock, flags);
>   }
>   
> -void iostat_update_and_unbind_ctx(struct bio *bio, int rw)
> +void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type lat_type)
>   {
>   	struct bio_iostat_ctx *iostat_ctx = bio->bi_private;
> -	bool is_sync = bio->bi_opf & REQ_SYNC;
>   
> -	if (rw == 0)
> +	if (lat_type == READ_IO)
>   		bio->bi_private = iostat_ctx->post_read_ctx;
>   	else
>   		bio->bi_private = iostat_ctx->sbi;
> -	__update_iostat_latency(iostat_ctx, rw, is_sync);
> +	__update_iostat_latency(iostat_ctx, lat_type);
>   	mempool_free(iostat_ctx, bio_iostat_ctx_pool);
>   }
>   
> diff --git a/fs/f2fs/iostat.h b/fs/f2fs/iostat.h
> index 2c048307b6e0..1f827a2fe6b2 100644
> --- a/fs/f2fs/iostat.h
> +++ b/fs/f2fs/iostat.h
> @@ -8,20 +8,21 @@
>   
>   struct bio_post_read_ctx;
>   
> +enum iostat_lat_type {
> +	READ_IO = 0,
> +	WRITE_SYNC_IO,
> +	WRITE_ASYNC_IO,
> +	MAX_IO_TYPE,
> +};

How about adjusting iostat_lat[{0,1,2}] to iostat_lat[{READ_IO,WRITE_SYNC_IO,WRITE_ASYNC_IO}]
in tracepoint function.

	TP_fast_assign(
		__entry->dev		= sbi->sb->s_dev;
		__entry->d_rd_peak	= iostat_lat[0][DATA].peak_lat;
		__entry->d_rd_avg	= iostat_lat[0][DATA].avg_lat;
		__entry->d_rd_cnt	= iostat_lat[0][DATA].cnt;
		__entry->n_rd_peak	= iostat_lat[0][NODE].peak_lat;
		__entry->n_rd_avg	= iostat_lat[0][NODE].avg_lat;
		__entry->n_rd_cnt	= iostat_lat[0][NODE].cnt;
		__entry->m_rd_peak	= iostat_lat[0][META].peak_lat;
		__entry->m_rd_avg	= iostat_lat[0][META].avg_lat;
		__entry->m_rd_cnt	= iostat_lat[0][META].cnt;
		__entry->d_wr_s_peak	= iostat_lat[1][DATA].peak_lat;
		__entry->d_wr_s_avg	= iostat_lat[1][DATA].avg_lat;
		__entry->d_wr_s_cnt	= iostat_lat[1][DATA].cnt;
		__entry->n_wr_s_peak	= iostat_lat[1][NODE].peak_lat;
		__entry->n_wr_s_avg	= iostat_lat[1][NODE].avg_lat;
		__entry->n_wr_s_cnt	= iostat_lat[1][NODE].cnt;
		__entry->m_wr_s_peak	= iostat_lat[1][META].peak_lat;
		__entry->m_wr_s_avg	= iostat_lat[1][META].avg_lat;
		__entry->m_wr_s_cnt	= iostat_lat[1][META].cnt;
		__entry->d_wr_as_peak	= iostat_lat[2][DATA].peak_lat;
		__entry->d_wr_as_avg	= iostat_lat[2][DATA].avg_lat;
		__entry->d_wr_as_cnt	= iostat_lat[2][DATA].cnt;
		__entry->n_wr_as_peak	= iostat_lat[2][NODE].peak_lat;
		__entry->n_wr_as_avg	= iostat_lat[2][NODE].avg_lat;
		__entry->n_wr_as_cnt	= iostat_lat[2][NODE].cnt;
		__entry->m_wr_as_peak	= iostat_lat[2][META].peak_lat;
		__entry->m_wr_as_avg	= iostat_lat[2][META].avg_lat;
		__entry->m_wr_as_cnt	= iostat_lat[2][META].cnt;
	),

Thanks,

> +
>   #ifdef CONFIG_F2FS_IOSTAT
>   
> +#define NUM_PREALLOC_IOSTAT_CTXS	128
>   #define DEFAULT_IOSTAT_PERIOD_MS	3000
>   #define MIN_IOSTAT_PERIOD_MS		100
>   /* maximum period of iostat tracing is 1 day */
>   #define MAX_IOSTAT_PERIOD_MS		8640000
>   
> -enum {
> -	READ_IO,
> -	WRITE_SYNC_IO,
> -	WRITE_ASYNC_IO,
> -	MAX_IO_TYPE,
> -};
> -
>   struct iostat_lat_info {
>   	unsigned long sum_lat[MAX_IO_TYPE][NR_PAGE_TYPE];	/* sum of io latencies */
>   	unsigned long peak_lat[MAX_IO_TYPE][NR_PAGE_TYPE];	/* peak io latency */
> @@ -57,7 +58,7 @@ static inline struct bio_post_read_ctx *get_post_read_ctx(struct bio *bio)
>   	return iostat_ctx->post_read_ctx;
>   }
>   
> -extern void iostat_update_and_unbind_ctx(struct bio *bio, int rw);
> +extern void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type);
>   extern void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
>   		struct bio *bio, struct bio_post_read_ctx *ctx);
>   extern int f2fs_init_iostat_processing(void);
> @@ -67,7 +68,7 @@ extern void f2fs_destroy_iostat(struct f2fs_sb_info *sbi);
>   #else
>   static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
>   		enum iostat_type type, unsigned long long io_bytes) {}
> -static inline void iostat_update_and_unbind_ctx(struct bio *bio, int rw) {}
> +static inline void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type) {}
>   static inline void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
>   		struct bio *bio, struct bio_post_read_ctx *ctx) {}
>   static inline void iostat_update_submit_ctx(struct bio *bio,


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH v3 2/2] f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()

[Jaegeuk Kim]

On 01/31, Chao Yu wrote:
> On 2023/1/21 0:16, Yangtao Li wrote:
> > Convert to use iostat_lat_type as parameter instead of raw number.
> > BTW, move NUM_PREALLOC_IOSTAT_CTXS to the header file, and rename
> > iotype to page_type to match the definition.
> > 
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <error27@gmail.com>
> > Signed-off-by: Yangtao Li <frank.li@vivo.com>
> > ---
> > v3:
> > -convert to f2fs_warn()
> >   fs/f2fs/data.c   |  4 ++--
> >   fs/f2fs/iostat.c | 39 ++++++++++++++++-----------------------
> >   fs/f2fs/iostat.h | 19 ++++++++++---------
> >   3 files changed, 28 insertions(+), 34 deletions(-)
> > 
> > diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> > index 1645b8a1b904..710d4acde187 100644
> > --- a/fs/f2fs/data.c
> > +++ b/fs/f2fs/data.c
> > @@ -292,7 +292,7 @@ static void f2fs_read_end_io(struct bio *bio)
> >   	struct bio_post_read_ctx *ctx;
> >   	bool intask = in_task();
> > -	iostat_update_and_unbind_ctx(bio, 0);
> > +	iostat_update_and_unbind_ctx(bio, READ_IO);
> >   	ctx = bio->bi_private;
> >   	if (time_to_inject(sbi, FAULT_READ_IO))
> > @@ -330,7 +330,7 @@ static void f2fs_write_end_io(struct bio *bio)
> >   	struct bio_vec *bvec;
> >   	struct bvec_iter_all iter_all;
> > -	iostat_update_and_unbind_ctx(bio, 1);
> > +	iostat_update_and_unbind_ctx(bio, bio->bi_opf & REQ_SYNC ? WRITE_SYNC_IO : WRITE_ASYNC_IO);
> >   	sbi = bio->bi_private;
> >   	if (time_to_inject(sbi, FAULT_WRITE_IO))
> > diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
> > index 96637756eae8..c767a2e7d5a9 100644
> > --- a/fs/f2fs/iostat.c
> > +++ b/fs/f2fs/iostat.c
> > @@ -14,7 +14,6 @@
> >   #include "iostat.h"
> >   #include <trace/events/f2fs.h>
> > -#define NUM_PREALLOC_IOSTAT_CTXS	128
> >   static struct kmem_cache *bio_iostat_ctx_cache;
> >   static mempool_t *bio_iostat_ctx_pool;
> > @@ -210,53 +209,47 @@ void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
> >   }
> >   static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
> > -				int rw, bool is_sync)
> > +				enum iostat_lat_type lat_type)
> >   {
> >   	unsigned long ts_diff;
> > -	unsigned int iotype = iostat_ctx->type;
> > +	unsigned int page_type = iostat_ctx->type;
> >   	struct f2fs_sb_info *sbi = iostat_ctx->sbi;
> >   	struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
> > -	int idx;
> >   	unsigned long flags;
> >   	if (!sbi->iostat_enable)
> >   		return;
> >   	ts_diff = jiffies - iostat_ctx->submit_ts;
> > -	if (iotype == META_FLUSH) {
> > -		iotype = META;
> > -	} else if (iotype >= NR_PAGE_TYPE) {
> > -		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
> > +	if (page_type == META_FLUSH) {
> > +		page_type = META;
> > +	} else if (page_type >= NR_PAGE_TYPE) {
> > +		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, page_type);
> >   		return;
> >   	}
> > -	if (rw == 0) {
> > -		idx = READ_IO;
> > -	} else {
> > -		if (is_sync)
> > -			idx = WRITE_SYNC_IO;
> > -		else
> > -			idx = WRITE_ASYNC_IO;
> > +	if (lat_type >= MAX_IO_TYPE) {
> > +		f2fs_warn(sbi, "%s: %d over MAX_IO_TYPE", __func__, lat_type);
> > +		return;
> >   	}
> >   	spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
> > -	io_lat->sum_lat[idx][iotype] += ts_diff;
> > -	io_lat->bio_cnt[idx][iotype]++;
> > -	if (ts_diff > io_lat->peak_lat[idx][iotype])
> > -		io_lat->peak_lat[idx][iotype] = ts_diff;
> > +	io_lat->sum_lat[lat_type][page_type] += ts_diff;
> > +	io_lat->bio_cnt[lat_type][page_type]++;
> > +	if (ts_diff > io_lat->peak_lat[lat_type][page_type])
> > +		io_lat->peak_lat[lat_type][page_type] = ts_diff;
> >   	spin_unlock_irqrestore(&sbi->iostat_lat_lock, flags);
> >   }
> > -void iostat_update_and_unbind_ctx(struct bio *bio, int rw)
> > +void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type lat_type)
> >   {
> >   	struct bio_iostat_ctx *iostat_ctx = bio->bi_private;
> > -	bool is_sync = bio->bi_opf & REQ_SYNC;
> > -	if (rw == 0)
> > +	if (lat_type == READ_IO)
> >   		bio->bi_private = iostat_ctx->post_read_ctx;
> >   	else
> >   		bio->bi_private = iostat_ctx->sbi;
> > -	__update_iostat_latency(iostat_ctx, rw, is_sync);
> > +	__update_iostat_latency(iostat_ctx, lat_type);
> >   	mempool_free(iostat_ctx, bio_iostat_ctx_pool);
> >   }
> > diff --git a/fs/f2fs/iostat.h b/fs/f2fs/iostat.h
> > index 2c048307b6e0..1f827a2fe6b2 100644
> > --- a/fs/f2fs/iostat.h
> > +++ b/fs/f2fs/iostat.h
> > @@ -8,20 +8,21 @@
> >   struct bio_post_read_ctx;
> > +enum iostat_lat_type {
> > +	READ_IO = 0,
> > +	WRITE_SYNC_IO,
> > +	WRITE_ASYNC_IO,
> > +	MAX_IO_TYPE,
> > +};
> 
> How about adjusting iostat_lat[{0,1,2}] to iostat_lat[{READ_IO,WRITE_SYNC_IO,WRITE_ASYNC_IO}]
> in tracepoint function.
> 
> 	TP_fast_assign(
> 		__entry->dev		= sbi->sb->s_dev;
> 		__entry->d_rd_peak	= iostat_lat[0][DATA].peak_lat;
> 		__entry->d_rd_avg	= iostat_lat[0][DATA].avg_lat;
> 		__entry->d_rd_cnt	= iostat_lat[0][DATA].cnt;
> 		__entry->n_rd_peak	= iostat_lat[0][NODE].peak_lat;
> 		__entry->n_rd_avg	= iostat_lat[0][NODE].avg_lat;
> 		__entry->n_rd_cnt	= iostat_lat[0][NODE].cnt;
> 		__entry->m_rd_peak	= iostat_lat[0][META].peak_lat;
> 		__entry->m_rd_avg	= iostat_lat[0][META].avg_lat;
> 		__entry->m_rd_cnt	= iostat_lat[0][META].cnt;
> 		__entry->d_wr_s_peak	= iostat_lat[1][DATA].peak_lat;
> 		__entry->d_wr_s_avg	= iostat_lat[1][DATA].avg_lat;
> 		__entry->d_wr_s_cnt	= iostat_lat[1][DATA].cnt;
> 		__entry->n_wr_s_peak	= iostat_lat[1][NODE].peak_lat;
> 		__entry->n_wr_s_avg	= iostat_lat[1][NODE].avg_lat;
> 		__entry->n_wr_s_cnt	= iostat_lat[1][NODE].cnt;
> 		__entry->m_wr_s_peak	= iostat_lat[1][META].peak_lat;
> 		__entry->m_wr_s_avg	= iostat_lat[1][META].avg_lat;
> 		__entry->m_wr_s_cnt	= iostat_lat[1][META].cnt;
> 		__entry->d_wr_as_peak	= iostat_lat[2][DATA].peak_lat;
> 		__entry->d_wr_as_avg	= iostat_lat[2][DATA].avg_lat;
> 		__entry->d_wr_as_cnt	= iostat_lat[2][DATA].cnt;
> 		__entry->n_wr_as_peak	= iostat_lat[2][NODE].peak_lat;
> 		__entry->n_wr_as_avg	= iostat_lat[2][NODE].avg_lat;
> 		__entry->n_wr_as_cnt	= iostat_lat[2][NODE].cnt;
> 		__entry->m_wr_as_peak	= iostat_lat[2][META].peak_lat;
> 		__entry->m_wr_as_avg	= iostat_lat[2][META].avg_lat;
> 		__entry->m_wr_as_cnt	= iostat_lat[2][META].cnt;
> 	),

Yangtao,

Could you please send another patch to address the Choa's suggestion?

Thanks,

> 
> Thanks,
> 
> > +
> >   #ifdef CONFIG_F2FS_IOSTAT
> > +#define NUM_PREALLOC_IOSTAT_CTXS	128
> >   #define DEFAULT_IOSTAT_PERIOD_MS	3000
> >   #define MIN_IOSTAT_PERIOD_MS		100
> >   /* maximum period of iostat tracing is 1 day */
> >   #define MAX_IOSTAT_PERIOD_MS		8640000
> > -enum {
> > -	READ_IO,
> > -	WRITE_SYNC_IO,
> > -	WRITE_ASYNC_IO,
> > -	MAX_IO_TYPE,
> > -};
> > -
> >   struct iostat_lat_info {
> >   	unsigned long sum_lat[MAX_IO_TYPE][NR_PAGE_TYPE];	/* sum of io latencies */
> >   	unsigned long peak_lat[MAX_IO_TYPE][NR_PAGE_TYPE];	/* peak io latency */
> > @@ -57,7 +58,7 @@ static inline struct bio_post_read_ctx *get_post_read_ctx(struct bio *bio)
> >   	return iostat_ctx->post_read_ctx;
> >   }
> > -extern void iostat_update_and_unbind_ctx(struct bio *bio, int rw);
> > +extern void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type);
> >   extern void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
> >   		struct bio *bio, struct bio_post_read_ctx *ctx);
> >   extern int f2fs_init_iostat_processing(void);
> > @@ -67,7 +68,7 @@ extern void f2fs_destroy_iostat(struct f2fs_sb_info *sbi);
> >   #else
> >   static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
> >   		enum iostat_type type, unsigned long long io_bytes) {}
> > -static inline void iostat_update_and_unbind_ctx(struct bio *bio, int rw) {}
> > +static inline void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type) {}
> >   static inline void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
> >   		struct bio *bio, struct bio_post_read_ctx *ctx) {}
> >   static inline void iostat_update_submit_ctx(struct bio *bio,


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH v3 1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()

[Chao Yu]

On 2023/1/21 0:16, Yangtao Li wrote:
> Add iotype sanity check to avoid potential memory corruption.
> This is to fix the compile error below:
> 
> fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
> 'io_lat->peak_lat[type]' 3 <= 3
> 
> vim +228 fs/f2fs/iostat.c
> 
>    211  static inline void __update_iostat_latency(struct bio_iostat_ctx
> 	*iostat_ctx,
>    212					enum iostat_lat_type type)
>    213  {
>    214		unsigned long ts_diff;
>    215		unsigned int page_type = iostat_ctx->type;
>    216		struct f2fs_sb_info *sbi = iostat_ctx->sbi;
>    217		struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
>    218		unsigned long flags;
>    219
>    220		if (!sbi->iostat_enable)
>    221			return;
>    222
>    223		ts_diff = jiffies - iostat_ctx->submit_ts;
>    224		if (page_type >= META_FLUSH)
>                                   ^^^^^^^^^^
> 
>    225			page_type = META;
>    226
>    227		spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
>   @228		io_lat->sum_lat[type][page_type] += ts_diff;
>                                        ^^^^^^^^^
> Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.
> 
> Fixes: a4b6817625e7 ("f2fs: introduce periodic iostat io latency traces")
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <error27@gmail.com>
> Suggested-by: Chao Yu <chao@kernel.org>
> Suggested-by: Jaegeuk Kim <jaegeuk@kernel.org>
> Signed-off-by: Yangtao Li <frank.li@vivo.com>

Reviewed-by: Chao Yu <chao@kernel.org>

Thanks,


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH v3 1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()

[patchwork-bot+f2fs]

Hello:

This series was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim <jaegeuk@kernel.org>:

On Sat, 21 Jan 2023 00:16:55 +0800 you wrote:
> Add iotype sanity check to avoid potential memory corruption.
> This is to fix the compile error below:
> 
> fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
> 'io_lat->peak_lat[type]' 3 <= 3
> 
> vim +228 fs/f2fs/iostat.c
> 
> [...]

Here is the summary with links:
  - [f2fs-dev,v3,1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
    https://git.kernel.org/jaegeuk/f2fs/c/dcbf2ae5504f
  - [f2fs-dev,v3,2/2] f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()
    (no matching commit)

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html




_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel