From: "J. Bruce Fields" <bfields@fieldses.org>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: Mark Young <MYoung@nvidia.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
Matt Craighead <mcraighead@nvidia.com>
Subject: Re: Issue found with kernel/net/sunrpc/xdr.c
Date: Wed, 28 Aug 2013 10:32:56 -0400 [thread overview]
Message-ID: <20130828143256.GA2960@fieldses.org> (raw)
In-Reply-To: <4FA345DA4F4AE44899BD2B03EEEC2FA94677C96F@SACEXCMBX04-PRD.hq.netapp.com>
On Tue, Aug 27, 2013 at 10:01:38PM +0000, Myklebust, Trond wrote:
> > -----Original Message-----
> > From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs-
> > owner@vger.kernel.org] On Behalf Of Mark Young
> > Sent: Tuesday, August 27, 2013 5:17 PM
> > To: linux-nfs@vger.kernel.org
> > Cc: Matt Craighead
> > Subject: Issue found with kernel/net/sunrpc/xdr.c
> >
> > I was pointed to this mailing list by Brian Fields.
> >
> > We're currently seeing NFS data corruption, which we traced back to
> > memory corruption that happens in the function _shift_data_right_pages in
> > net/sunrpc/xdr.c.
> >
> > When we see the issue, we're running a 32bit os with systems running with
> > more than 1GB of physical memory. The errant behavior appears to be that
> > two calls to kmap_atomic (on 32bit systems with highmem present) with the
> > same physical address (on addresses within highmem) will return two
> > different vaddrs. In our assessment, this confuses the memmove code into
> > thinking that the two addresses are non-overlapping in spite of the fact that
> > they are overlapping in physical space. This, in turn, results in corruption.
> >
> > A proposed solution to the problem would involve calling kmap_atomic only
> > once in the case that the pgfrom and pgto are identical, and then re-using
> > the resultant vaddr for both vto and vfrom.
> >
> > Any insight on the issue or the proposed solution would be greatly
> > appreciated.
>
> I'm fine with that solution. Mind sending a duly conformant patch w/ a signed-off-by line?
I'm curious why we haven't seen it before: the code's done this for
years. It looks to me like the two kmap_atomic()s, if they're
non-trivial, should always return different addresses. And overlapping
copies are probably the normal case for this function.
Shouldn't anyone on 32 bit and high memory have seen filesystem
corruption?
Or maybe memmove is an architecture-specific implementation that happens
to handle left-to-right overlapping copies correctly on common
architectures?
--b.
next prev parent reply other threads:[~2013-08-28 14:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-27 21:16 Issue found with kernel/net/sunrpc/xdr.c Mark Young
2013-08-27 22:01 ` Myklebust, Trond
2013-08-28 14:32 ` J. Bruce Fields [this message]
2013-08-28 15:18 ` Matt Craighead
2013-08-28 15:41 ` J. Bruce Fields
2013-08-28 15:47 ` Matt Craighead
2013-08-28 16:08 ` J. Bruce Fields
2013-08-28 16:32 ` Myklebust, Trond
2013-08-28 17:51 ` Myklebust, Trond
2013-08-28 18:53 ` Matt Craighead
2013-08-28 19:39 ` Myklebust, Trond
2013-08-28 19:40 ` Matt Craighead
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130828143256.GA2960@fieldses.org \
--to=bfields@fieldses.org \
--cc=MYoung@nvidia.com \
--cc=Trond.Myklebust@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=mcraighead@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox