stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Ilya Dryomov <ilya.dryomov@inktank.com>,
	Josh Durgin <josh.durgin@inktank.com>
Subject: [PATCH 3.15 066/122] rbd: handle parent_overlap on writes correctly
Date: Mon,  7 Jul 2014 16:57:08 -0700	[thread overview]
Message-ID: <20140707235736.249418951@linuxfoundation.org> (raw)
In-Reply-To: <20140707235734.234226883@linuxfoundation.org>

3.15-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ilya Dryomov <ilya.dryomov@inktank.com>

commit 9638556a276125553549fdfe349c464481ec2f39 upstream.

The following check in rbd_img_obj_request_submit()

    rbd_dev->parent_overlap <= obj_request->img_offset

allows the fall through to the non-layered write case even if both
parent_overlap and obj_request->img_offset belong to the same RADOS
object.  This leads to data corruption, because the area to the left of
parent_overlap ends up unconditionally zero-filled instead of being
populated with parent data.  Suppose we want to write 1M to offset 6M
of image bar, which is a clone of foo@snap; object_size is 4M,
parent_overlap is 5M:

    rbd_data.<id>.0000000000000001
     ---------------------|----------------------|------------
    | should be copyup'ed | should be zeroed out | write ...
     ---------------------|----------------------|------------
   4M                    5M                     6M
                    parent_overlap    obj_request->img_offset

4..5M should be copyup'ed from foo, yet it is zero-filled, just like
5..6M is.

Given that the only striping mode kernel client currently supports is
chunking (i.e. stripe_unit == object_size, stripe_count == 1), round
parent_overlap up to the next object boundary for the purposes of the
overlap check.

Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/block/rbd.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -1366,6 +1366,14 @@ static bool obj_request_exists_test(stru
 	return test_bit(OBJ_REQ_EXISTS, &obj_request->flags) != 0;
 }
 
+static bool obj_request_overlaps_parent(struct rbd_obj_request *obj_request)
+{
+	struct rbd_device *rbd_dev = obj_request->img_request->rbd_dev;
+
+	return obj_request->img_offset <
+	    round_up(rbd_dev->parent_overlap, rbd_obj_bytes(&rbd_dev->header));
+}
+
 static void rbd_obj_request_get(struct rbd_obj_request *obj_request)
 {
 	dout("%s: obj %p (was %d)\n", __func__, obj_request,
@@ -2683,7 +2691,7 @@ static int rbd_img_obj_request_submit(st
 	 */
 	if (!img_request_write_test(img_request) ||
 		!img_request_layered_test(img_request) ||
-		rbd_dev->parent_overlap <= obj_request->img_offset ||
+		!obj_request_overlaps_parent(obj_request) ||
 		((known = obj_request_known_test(obj_request)) &&
 			obj_request_exists_test(obj_request))) {
 



  parent reply	other threads:[~2014-07-07 23:57 UTC|newest]

Thread overview: 118+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-07 23:56 [PATCH 3.15 000/122] 3.15.5-stable review Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 001/122] SCSI: use the scsi data buffer length to extract transfer size Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 003/122] ibmvscsi: Abort init sequence during error recovery Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 004/122] ibmvscsi: Add memory barriers for send / receive Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 005/122] virtio-scsi: avoid cancelling uninitialized work items Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 006/122] scsi_error: fix invalid setting of host byte Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 007/122] virtio-scsi: fix various bad behavior on aborted requests Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 008/122] xhci: Use correct SLOT ID when handling a reset device command Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 009/122] xhci: correct burst count field for isoc transfers on 1.0 xhci hosts Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 010/122] xhci: Fix runtime suspended xhci from blocking system suspend Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 011/122] USB: option: add device ID for SpeedUp SU9800 usb 3g modem Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 013/122] usb: musb: ux500: dont propagate the OF node Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 014/122] usb: musb: Ensure that cppi41 timer gets armed on premature DMA TX irq Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 015/122] usb: musb: Fix panic upon musb_am335x module removal Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 016/122] usb: chipidea: udc: delete td from reqs td list at ep_dequeue Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 017/122] USB: ftdi_sio: fix null deref at port probe Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 020/122] rt2x00: disable TKIP on USB Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 021/122] rt2x00: fix rfkill regression on rt2500pci Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 022/122] mtd: eLBC NAND: fix subpage write support Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 023/122] mtd: nand: omap: fix BCHx ecc.correct to return detected bit-flips in erased-page Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 024/122] mtd: pxa3xx_nand: make the driver work on big-endian systems Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 025/122] vgaswitcheroo: switch the mux to the igp on power down when runpm is enabled Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 026/122] drm/nouveau/kms/nv04-nv40: fix pageflip events via special case Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 027/122] drm/nouveau/disp/nv04-nv40: abort scanoutpos query on vga analog Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 028/122] drm/nouveau/kms: reference vblank for crtc during pageflip Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 029/122] drm/radeon: only apply hdmi bpc pll flags when encoder mode is hdmi Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 030/122] drm/radeon: fix typo in radeon_connector_is_dp12_capable() Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 031/122] drm/radeon/dp: fix lane/clock setup for dp 1.2 capable devices Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 032/122] drm/radeon/atom: fix dithering on certain panels Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 033/122] drm/radeon: add missing vce init case for hawaii Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 034/122] drm/radeon/dpm: fix typo in vddci setup for eg/btc Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 036/122] drm/radeon/cik: fix typo in EOP packet Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 037/122] drm/nv50-/mc: fix kms pageflip events by reordering irq handling order Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 038/122] drm/gk208/gr: add missing registers to grctx init Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 039/122] drm/i915/bdw: Only use 2g GGTT for 32b platforms Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 040/122] drm/i915: Reorder semaphore deadlock check Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 041/122] drm/i915: Disable FBC by default also on Haswell and later Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 043/122] drm/i915: set backlight duty cycle after backlight enable for gen4 Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 044/122] drm/i915, HD-audio: Dont continue probing when nomodeset is given Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 045/122] drm/i915: Hold the table lock whilst walking the files idr and counting the objects in debugfs Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 046/122] drm/i915: default to having backlight if VBT not available Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 047/122] drm/i95: Initialize active ring->pid to -1 Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 048/122] drm: fix NULL pointer access by wrong ioctl Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 049/122] drm/i915: provide interface for audio driver to query cdclk Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 050/122] ALSA: hda - restore BCLK M/N value as per CDCLK for HSW/BDW display HDA controller Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 051/122] drm/vmwgfx: Fix incorrect write to read-only register v2: Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 053/122] Bluetooth: Fix incorrectly overriding conn->src_type Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 054/122] Bluetooth: Fix SSP acceptor just-works confirmation without MITM Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 055/122] Bluetooth: Fix check for connection encryption Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 056/122] Bluetooth: Fix indicating discovery state when canceling inquiry Greg Kroah-Hartman
2014-07-07 23:56 ` [PATCH 3.15 057/122] Bluetooth: Refactor discovery stopping into its own function Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 058/122] Bluetooth: Reuse hci_stop_discovery function when cleaning up HCI state Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 059/122] Bluetooth: Fix setting correct authentication information for SMP STK Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 060/122] Bluetooth: Fix deadlock in l2cap_conn_del() Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 061/122] Bluetooth: Fix locking of hdev when calling into SMP code Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 062/122] Bluetooth: Allow change security level on ATT_CID in slave role Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 063/122] dm era: check for a non-NULL metadata object before closing it Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 064/122] dm thin: update discard_granularity to reflect the thin-pool blocksize Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 065/122] rbd: use reference counts for image requests Greg Kroah-Hartman
2014-07-07 23:57 ` Greg Kroah-Hartman [this message]
2014-07-07 23:57 ` [PATCH 3.15 067/122] hwmon: (ina2xx) Cast to s16 on shunt and current regs Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 068/122] intel_pstate: Correct rounding in busy calculation Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 069/122] twl4030-madc: Request processed values in twl4030_get_madc_conversion Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 071/122] mac80211: dont check netdev state for debugfs read/write Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 073/122] iwlwifi: pcie: try to get ownership several times Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 074/122] mm: nommu: per-thread vma cache fix Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 075/122] hugetlb: fix copy_hugetlb_page_range() to handle migration/hwpoisoned entry Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 076/122] mm, pcp: allow restoring percpu_pagelist_fraction default Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 077/122] ia64: arch/ia64/include/uapi/asm/fcntl.h needs personality.h Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 078/122] ARM: mvebu: Fix the improper use of the compatible string armada38x using a wildcard Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 079/122] arm64: mm: Make icache synchronisation logic huge page aware Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 080/122] ARM: OMAP2+: Fix parser-bug in platform muxing code Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 082/122] net: allwinner: emac: Add missing free_irq Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 085/122] CIFS: fix mount failure with broken pathnames when smb3 mount with mapchars option Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 086/122] regulator: tps65218: Add the missing of_node assignment in probe Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 087/122] regulator: tps65218: Correct the the config register for LDO1 Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 088/122] iommu/vt-d: fix bug in handling multiple RMRRs for the same PCI device Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 089/122] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 090/122] ext4: Fix buffer double free in ext4_alloc_branch() Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 091/122] ext4: Fix hole punching for files with indirect blocks Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 093/122] zram: revalidate disk after capacity change Greg Kroah-Hartman
2014-07-08 10:56   ` Sergey Senozhatsky
2014-07-08 15:02     ` Greg Kroah-Hartman
2014-07-09  5:39       ` Minchan Kim
2014-07-07 23:57 ` [PATCH 3.15 094/122] KVM: x86: Increase the number of fixed MTRR regs to 10 Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 095/122] KVM: x86: preserve the high 32-bits of the PAT register Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 096/122] kvm: fix wrong address when writing Hyper-V tsc page Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 097/122] iio: of_iio_channel_get_by_name() returns non-null pointers for error legs Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 098/122] staging: iio/ad7291: fix error code in ad7291_probe() Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 099/122] nfsd: fix rare symlink decoding bug Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 100/122] tools: ffs-test: fix header values endianess Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 101/122] staging: tidspbridge: fix an erroneous removal of parentheses Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 102/122] tracing: Remove ftrace_stop/start() from reading the trace file Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 103/122] tracing/uprobes: Revert "Support mix of ftrace and perf" Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 104/122] tracing/uprobes: Fix the usage of uprobe_buffer_enable() in probe_event_enable() Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 105/122] btrfs: only unlock block in verify_parent_transid if we locked it Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 106/122] md: flush writes before starting a recovery Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 107/122] irqchip: spear_shirq: Fix interrupt offset Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 108/122] ARC: Fix build breakage for !CONFIG_ARC_DW2_UNWIND Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 109/122] mlx4_core: Fix incorrect FLAGS1 bitmap test in mlx4_QUERY_FUNC_CAP Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 110/122] net/mlx4_core: Keep only one driver entry release mlx4_priv Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 111/122] clk: qcom: Fix clk_rcg2_is_enabled() check Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 112/122] clk: qcom: Fix mmcc-8974s PLL configurations Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 113/122] serial: Fix IGNBRK handling Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 114/122] tty: Correct INPCK handling Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 115/122] netfilter: ctnetlink: fix dumping of dying/unconfirmed conntracks Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 116/122] netfilter: nf_nat: fix oops on netns removal Greg Kroah-Hartman
2014-07-07 23:57 ` [PATCH 3.15 117/122] netfilter: ctnetlink: fix refcnt leak in dying/unconfirmed list dumper Greg Kroah-Hartman
2014-07-07 23:58 ` [PATCH 3.15 118/122] mmc: rtsx: add R1-no-CRC mmc command type handle Greg Kroah-Hartman
2014-07-07 23:58 ` [PATCH 3.15 119/122] drm/i915: fix display power sw state reporting Greg Kroah-Hartman
2014-07-07 23:58 ` [PATCH 3.15 120/122] arch/unicore32/mm/alignment.c: include "asm/pgtable.h" to avoid compiling error Greg Kroah-Hartman
2014-07-07 23:58 ` [PATCH 3.15 121/122] drivers/video/fbdev/fb-puv3.c: Add header files for function unifb_mmap Greg Kroah-Hartman
2014-07-07 23:58 ` [PATCH 3.15 122/122] mm/numa: Remove BUG_ON() in __handle_mm_fault() Greg Kroah-Hartman
2014-07-08 13:26 ` [PATCH 3.15 000/122] 3.15.5-stable review Guenter Roeck
2014-07-08 16:50   ` Satoru Takeuchi
2014-07-08 22:16     ` Greg Kroah-Hartman
2014-07-12  6:03   ` Guenter Roeck
2014-07-08 19:30 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140707235736.249418951@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=ilya.dryomov@inktank.com \
    --cc=josh.durgin@inktank.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).