On Mon, Jun 22, 2015 at 03:02:11PM +0300, Andrey Ryabinin wrote:
> On 06/22/2015 12:12 AM, Al Viro wrote:
> > On Thu, Apr 23, 2015 at 01:16:15PM +0300, Andrey Ryabinin wrote:
> >> This change caused following:
> >
> >> This could happen when p9pdu_readf() changes 'count' to some value > iov_iter_count(from):
> >>
> >> p9_client_write():
> >> <...>
> >> int count = iov_iter_count(from);
> >> <...>
> >> *err = p9pdu_readf(req->rc, clnt->proto_version, "d", &count);
> >> <...>
> >> iov_iter_advance(from, count);
> >
> > *blink*
> >
> > That's a bug, all right, but I would love to see how you trigger it.
> > It would require server to respond to "write that many bytes" with "OK,
> > <greater number> bytes written". We certainly need to cope with that
> > (we can't trust the server to be sane), but if that's what is going on,
> > you've got a server bug as well.
> >
> > Could you check if the patch below triggers WARN_ON() in it on your
> > reproducer? p9_client_read() has a similar issue as well...
> >
>
> I've tried something like your patch before to check the read side
> and I haven't seen anything before and don't see it right now.
> Though, this doesn't mean that there is no problem with read.
> I mean that trinity hits this on write and may just not hit this on read.
"This" being the WARN_ON() in that patch? Could you please run the same
test with the following delta and post its printks? It's one thing if
you are hitting a buggy server, it gets confused and tells you it has
written more bytes than you told it to write. Quite a different story
in case if we are miscalculating the size we are putting into RWRITE
packet and/or advancing the iterator when we shouldn't...
What server are you using, BTW? And which transport (virtio or network -
IOW, is it zero-copy path or not)?
diff --git a/net/9p/client.c b/net/9p/client.c
index 6f4c4c8..80e45a5 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -1638,6 +1638,9 @@ p9_client_write(struct p9_fid *fid, u64 offset, struct iov_iter *from, int *err)
req = p9_client_rpc(clnt, P9_TWRITE, "dqV", fid->fid,
offset, rsize, from);
}
+ if (iov_iter_count(from) != count)
+ printk(KERN_ERR "fucked: iterator got advanced [%d -> %zd]\n",
+ count, iov_iter_count(from));
if (IS_ERR(req)) {
*err = PTR_ERR(req);
break;
@@ -1649,6 +1652,10 @@ p9_client_write(struct p9_fid *fid, u64 offset, struct iov_iter *from, int *err)
p9_free_req(clnt, req);
}
+ if (count > rsize)
+ printk(KERN_ERR "fucked: sent %d, server says it got %d (err = %d)\n",
+ rsize, count, *err);
+
p9_debug(P9_DEBUG_9P, "<<< RWRITE count %d\n", count);
p9_free_req(clnt, req);
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
