On Tue, Aug 11, 2020 at 09:43:26PM +0800, Ming Lei wrote:
> On Tue, Aug 11, 2020 at 03:39:25PM +0200, Stefano Garzarella wrote:
> > On Tue, Aug 11, 2020 at 09:09:53PM +0800, Ming Lei wrote:
> > > On Tue, Aug 11, 2020 at 02:30:44PM +0200, Stefano Garzarella wrote:
> > > > Hi Ming,
> > > >
> > > > On Tue, Aug 11, 2020 at 05:21:34PM +0800, Ming Lei wrote:
> > > > > 1f23816b8eb8 ("virtio_blk: add discard and write zeroes support") starts
> > > > > to support multi-range discard for virtio-blk. However, the virtio-blk
> > > > > disk may report max discard segment as 1, at least that is exactly what
> > > > > qemu is doing.
> > > > >
> > > > > So far, block layer switches to normal request merge if max discard segment
> > > > > limit is 1, and multiple bios can be merged to single segment. This way may
> > > > > cause memory corruption in virtblk_setup_discard_write_zeroes().
> > > > >
> > > > > Fix the issue by handling single max discard segment in straightforward
> > > > > way.
> > > > >
> > > > > Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
> > > > > Fixes: 1f23816b8eb8 ("virtio_blk: add discard and write zeroes support")
> > > > > Cc: Christoph Hellwig <hch@xxxxxx>
> > > > > Cc: Changpeng Liu <changpeng.liu@xxxxxxxxx>
> > > > > Cc: Daniel Verkamp <dverkamp@xxxxxxxxxxxx>
> > > > > Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
> > > > > Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
> > > > > ---
> > > > > drivers/block/virtio_blk.c | 23 +++++++++++++++--------
> > > > > 1 file changed, 15 insertions(+), 8 deletions(-)
> > > > >
> > > > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
> > > > > index 63b213e00b37..05b01903122b 100644
> > > > > --- a/drivers/block/virtio_blk.c
> > > > > +++ b/drivers/block/virtio_blk.c'
> > > > > @@ -126,14 +126,21 @@ static int virtblk_setup_discard_write_zeroes(struct request *req, bool unmap)
> > > > > if (!range)
> > > > > return -ENOMEM;
> > > >
> > > > We are allocating the 'range' array to contain 'segments' elements.
> > > > When queue_max_discard_segments() returns 1, should we limit 'segments'
> > > > to 1?
> > >
> > > That is block layer's responsibility to make sure that 'segments' is <=
> > > 1, and we can double check & warn here.
> >
> > So, IIUC, the number of bio in a request may not be the same as
> > the return value of blk_rq_nr_discard_segments(). Is it right?
>
> In case that queue_max_discard_segments() is 1, it is right. If
> queue_max_discard_segments() is > 1, nr_range is supposed to be
> same with number of bios in a request.
Got it. Thanks for clarify.
In the meantime I took a look at nvme_setup_discard() and there is
WARN_ON_ONCE(n != segments), maybe we should do the same.
Thanks,
Stefano
