[PATCH v2] direct-io: Fix unsigned comparison overflow

[PATCH v2] direct-io: Fix unsigned comparison overflow

[Harish Kasiviswanathan]

The first write after file create fails to take the direct IO
(Peer-to-Peer) path and falls back to slower software copy. The function
get_more_block() sets 'create' to 0 after comparing 'unsigned long
fs_startblk = 0' with 'long long (i_size_read(dio->inode) - 1) >>
i_blkbits = 0xfffffffffffff'.

v2: Instead of casting to loff_t check explicitly if i_size > 0

Signed-off-by: Harish Kasiviswanathan <Harish.Kasiviswanathan@amd.com>
---
 fs/direct-io.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/direct-io.c b/fs/direct-io.c
index 3aafb33..7a65a74 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -686,7 +686,8 @@ static int get_more_blocks(struct dio *dio, struct dio_submit *sdio,
 		 * buffer head.
 		 */
 		create = dio->op == REQ_OP_WRITE;
-		if (dio->flags & DIO_SKIP_HOLES) {
+		if (dio->flags & DIO_SKIP_HOLES &&
+		    i_size_read(dio->inode) > 0) {
 			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
 							i_blkbits))
 				create = 0;
-- 
2.7.4

Re: [PATCH v2] direct-io: Fix unsigned comparison overflow

[Matthew Wilcox]

On Tue, Dec 05, 2017 at 04:40:27PM -0500, Harish Kasiviswanathan wrote:
>  		create = dio->op == REQ_OP_WRITE;
> -		if (dio->flags & DIO_SKIP_HOLES) {
> +		if (dio->flags & DIO_SKIP_HOLES &&
> +		    i_size_read(dio->inode) > 0) {
>  			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
>  							i_blkbits))

i_size_read() isn't cheap on 32-bit SMP ... do we actually need to sample
it at all here, or is it enough to use the i_size that was sampled earlier?
IOW:

		create = dio->op == REQ_OP_WRITE;
-		if (dio->flags & DIO_SKIP_HOLES) {
-			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
-							i_blkbits))
+		if (dio->flags & DIO_SKIP_HOLES && dio->i_size) {
+			if (fs_startblk <= (dio->i_size - 1) >> i_blkbits))

Another possibility would be to tweak the comparison slightly ...

		if (dio->flags & DIO_SKIP_HOLES) {
-			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
-							i_blkbits))
+			if (fs_startblk < ((i_size_read(dio->inode) +
+					(1UL << i_blkbits) - 1) >> i_blkbits))

Or we could use a temporary variable to avoid reading i_size twice.

RE: [PATCH v2] direct-io: Fix unsigned comparison overflow

[Kasiviswanathan, Harish]

-----Original Message-----
From: Matthew Wilcox [mailto:willy@infradead.org] 
Sent: Tuesday, December 05, 2017 5:19 PM
To: Kasiviswanathan, Harish <Harish.Kasiviswanathan@amd.com>
Cc: guaneryu@gmail.com; linux-fsdevel@vger.kernel.org; Kuehling, Felix <Felix.Kuehling@amd.com>
Subject: Re: [PATCH v2] direct-io: Fix unsigned comparison overflow

On Tue, Dec 05, 2017 at 04:40:27PM -0500, Harish Kasiviswanathan wrote:
>  		create = dio->op == REQ_OP_WRITE;
> -		if (dio->flags & DIO_SKIP_HOLES) {
> +		if (dio->flags & DIO_SKIP_HOLES &&
> +		    i_size_read(dio->inode) > 0) {
>  			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
>  							i_blkbits))

i_size_read() isn't cheap on 32-bit SMP ... do we actually need to sample
it at all here, or is it enough to use the i_size that was sampled earlier?
IOW:


[HK]: Thanks Matthew. I don't know enough about ext4 subsystem to comment if dio->i_size could be used here.


		create = dio->op == REQ_OP_WRITE;
-		if (dio->flags & DIO_SKIP_HOLES) {
-			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
-							i_blkbits))
+		if (dio->flags & DIO_SKIP_HOLES && dio->i_size) {
+			if (fs_startblk <= (dio->i_size - 1) >> i_blkbits))

Another possibility would be to tweak the comparison slightly ...

		if (dio->flags & DIO_SKIP_HOLES) {
-			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
-							i_blkbits))
+			if (fs_startblk < ((i_size_read(dio->inode) +
+					(1UL << i_blkbits) - 1) >> i_blkbits))

[HK]: I like this solution. Achieves the same functionality. If no one else has an objection then we can go with this solution.

Or we could use a temporary variable to avoid reading i_size twice.

Re: [PATCH v2] direct-io: Fix unsigned comparison overflow

[Eryu Guan]

On Tue, Dec 05, 2017 at 02:19:27PM -0800, Matthew Wilcox wrote:
> On Tue, Dec 05, 2017 at 04:40:27PM -0500, Harish Kasiviswanathan wrote:
> >  		create = dio->op == REQ_OP_WRITE;
> > -		if (dio->flags & DIO_SKIP_HOLES) {
> > +		if (dio->flags & DIO_SKIP_HOLES &&
> > +		    i_size_read(dio->inode) > 0) {
> >  			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
> >  							i_blkbits))
> 
> i_size_read() isn't cheap on 32-bit SMP ... do we actually need to sample
> it at all here, or is it enough to use the i_size that was sampled earlier?
> IOW:
> 
> 		create = dio->op == REQ_OP_WRITE;
> -		if (dio->flags & DIO_SKIP_HOLES) {
> -			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
> -							i_blkbits))
> +		if (dio->flags & DIO_SKIP_HOLES && dio->i_size) {
> +			if (fs_startblk <= (dio->i_size - 1) >> i_blkbits))

I think using dio->i_size should be fine. I tested ext3/4 with LTP
(aio-)dio tests and fstests and didn't see any regression introduced
with this change.

Thanks,
Eryu

> 
> Another possibility would be to tweak the comparison slightly ...
> 
> 		if (dio->flags & DIO_SKIP_HOLES) {
> -			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
> -							i_blkbits))
> +			if (fs_startblk < ((i_size_read(dio->inode) +
> +					(1UL << i_blkbits) - 1) >> i_blkbits))
> 
> Or we could use a temporary variable to avoid reading i_size twice.