[PATCH] md: be careful not lot leak internal curr

linux-raid.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] md: be careful not lot leak internal curr_resync value into metadata.
@ 2016-10-28  4:59 NeilBrown
  2016-10-29  5:01 ` Shaohua Li
  0 siblings, 1 reply; 2+ messages in thread
From: NeilBrown @ 2016-10-28  4:59 UTC (permalink / raw)
  To: Shaohua Li; +Cc: Linux-RAID, Viswesh

[-- Attachment #1: Type: text/plain, Size: 2354 bytes --]



mddev->curr_resync usually records where the current resync is up to,
but during the starting phase it has some "magic" values.

 1 - means that the array is trying to start a resync, but has yielded
     to another array which shares physical devices, and also needs to
     start a resync
 2 - means the array is trying to start resync, but has found another
     array which shares physical devices and has already started resync.

 3 - means that resync has commensed, but it is possible that nothing
     has actually been resynced yet.

It is important that this value not be visible to user-space and
particularly that it doesn't get written to the metadata, as the
resync or recovery checkpoint.  In part, this is because it may be
slightly higher than the correct value, though this is very rare.
In part, because it is not a multiple of 4K, and some devices only
support 4K aligned accesses.

There are two places where this value is propagates into either
->curr_resync_completed or ->recovery_cp or ->recovery_offset.
These currently avoid the propagation of values 1 and 3, but will
allow 3 to leak through.

Change them to only propagate the value if it is > 3.

As this can cause an array to fail, the patch is suitable for -stable.

Cc: stable@vger.kernel.org
Reported-by: Viswesh <viswesh.vichu@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.com>
---
 drivers/md/md.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index eac84d8ff724..18d0c4adbd7b 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8144,14 +8144,14 @@ void md_do_sync(struct md_thread *thread)
 
 	if (!test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery) &&
 	    !test_bit(MD_RECOVERY_INTR, &mddev->recovery) &&
-	    mddev->curr_resync > 2) {
+	    mddev->curr_resync > 3) {
 		mddev->curr_resync_completed = mddev->curr_resync;
 		sysfs_notify(&mddev->kobj, NULL, "sync_completed");
 	}
 	mddev->pers->sync_request(mddev, max_sectors, &skipped);
 
 	if (!test_bit(MD_RECOVERY_CHECK, &mddev->recovery) &&
-	    mddev->curr_resync > 2) {
+	    mddev->curr_resync > 3) {
 		if (test_bit(MD_RECOVERY_SYNC, &mddev->recovery)) {
 			if (test_bit(MD_RECOVERY_INTR, &mddev->recovery)) {
 				if (mddev->curr_resync >= mddev->recovery_cp) {
-- 
2.10.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 800 bytes --]

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] md: be careful not lot leak internal curr_resync value into metadata.
  2016-10-28  4:59 [PATCH] md: be careful not lot leak internal curr_resync value into metadata NeilBrown
@ 2016-10-29  5:01 ` Shaohua Li
  0 siblings, 0 replies; 2+ messages in thread
From: Shaohua Li @ 2016-10-29  5:01 UTC (permalink / raw)
  To: NeilBrown; +Cc: Shaohua Li, Linux-RAID, Viswesh

On Fri, Oct 28, 2016 at 03:59:41PM +1100, Neil Brown wrote:
> 
> 
> mddev->curr_resync usually records where the current resync is up to,
> but during the starting phase it has some "magic" values.
> 
>  1 - means that the array is trying to start a resync, but has yielded
>      to another array which shares physical devices, and also needs to
>      start a resync
>  2 - means the array is trying to start resync, but has found another
>      array which shares physical devices and has already started resync.
> 
>  3 - means that resync has commensed, but it is possible that nothing
>      has actually been resynced yet.
> 
> It is important that this value not be visible to user-space and
> particularly that it doesn't get written to the metadata, as the
> resync or recovery checkpoint.  In part, this is because it may be
> slightly higher than the correct value, though this is very rare.
> In part, because it is not a multiple of 4K, and some devices only
> support 4K aligned accesses.
> 
> There are two places where this value is propagates into either
> ->curr_resync_completed or ->recovery_cp or ->recovery_offset.
> These currently avoid the propagation of values 1 and 3, but will
> allow 3 to leak through.
> 
> Change them to only propagate the value if it is > 3.
> 
> As this can cause an array to fail, the patch is suitable for -stable.
> 
> Cc: stable@vger.kernel.org
> Reported-by: Viswesh <viswesh.vichu@gmail.com>
> Signed-off-by: NeilBrown <neilb@suse.com>

Good catch, applied, thanks!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-10-29  5:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-28  4:59 [PATCH] md: be careful not lot leak internal curr_resync value into metadata NeilBrown
2016-10-29  5:01 ` Shaohua Li

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).