Re: [GIT PULL] Fixes for 5.4-rc8/final

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/15/19 2:17 PM, Linus Torvalds wrote:
> On Fri, Nov 15, 2019 at 11:40 AM Jens Axboe <axboe@xxxxxxxxx> wrote:
>>
>> - Fix impossible-to-hit overflow merge condition, that still hit some
>>    folks very rarely (Junichi)
> 
> Hmm. This sounded intriguing, so I looked at it.
> 
> It sounds like the 32-bit "bi_size" overflowed, which is one of the
> things that bio_full() checks for.
> 
> However.
> 
> Looking at the *users* of bio_full(), it's not obvious that everything
> is ok. For example, in __bio_add_pc_page(), the code does that
> 
>          if (((bio->bi_iter.bi_size + len) >> 9) > queue_max_hw_sectors(q))
>                  return 0;
> 
> *before* checking for the overflow condition.
> 
> So it could cause that bio_try_merge_pc_page() to be done despite the
> overflow, and happily that path ends up having the bio_full() test
> later anyway, but it does look a bit worrisome.
> 
> There's also __bio_add_page(), which does have a WARN_ON_ONCE(), but
> then goes on and does the bi_size update regardless. Hmm.. It does
> look like all callers either check bio_full() before, or do it with a
> newly allocated bio.

We'll go over these asap. As a note, the 'pc' variants are not for
normal file system IO, they are only for requests submitted through some
sort of packet command, generally ioctls and such. Should of course be
correct, but it's not as critical as the normal IO path.

-- 
Jens Axboe




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux