Public bug reported:
[Impact]
When mounting LVM snapshots using xfs, it's possible to hit a BUG_ON() in nvme
driver.
Upstream commit 729204ef49ec ("block: relax check on sg gap") introduced
a way to merge bios if they are physically contiguous. This can lead to
issues if one rq starts with a non-aligned buffer, as it can cause the
merged segment to end in an unaligned virtual boundary. In some AWS
instances, it's possible to craft such a request when attempting to
mount LVM snapshots using xfs. This will then cause a kernel spew due to
a BUG_ON in nvme_setup_prps(), which checks if dma_len is aligned to the
page size.
[Fix]
Upstream commit 5a8d75a1b8c9 ("block: fix bio_will_gap() for first bvec with
offset") disallows requests that begin with an unaligned buffer from being
merged.
[Test Case]
This has been verified on AWS with c5d.large instances:
1) Prepare the LVM device + snapshot
$ sudo vgcreate vg0 /dev/nvme1n1
$ sudo lvcreate -L5G -n data0 vg0
$ sudo mkfs.xfs /dev/vg0/data0
$ sudo mount /dev/vg0/data0 /mnt
$ sudo touch /mnt/test
$ sudo touch /mnt/test2
$ sudo ls /mnt
$ sudo umount /mnt
$ sudo lvcreate -l100%FREE -s /dev/vg0/data0 -n data0_snap
2) Attempting to mount the previously created snapshot results in the Oops:
$ sudo mount /dev/vg0/data0_snap /mnt
Segmentation fault (core dumped)
[Regression Potential]
The fix prevents some bios from being merged, so it can have a performance
impact in certain scenarios. The patch only targets misaligned segments, so the
impact should be less noticeable in the general case.
The commit is also present in mainline kernels since 4.13, and hasn't been
changed significantly, so potential for other regressions should be low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Tags: sts
** Changed in: linux (Ubuntu)
Assignee: Heitor Alves de Siqueira (halves) => (unassigned)
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1869229
Title:
Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
New
Bug description:
[Impact]
When mounting LVM snapshots using xfs, it's possible to hit a BUG_ON() in
nvme driver.
Upstream commit 729204ef49ec ("block: relax check on sg gap")
introduced a way to merge bios if they are physically contiguous. This
can lead to issues if one rq starts with a non-aligned buffer, as it
can cause the merged segment to end in an unaligned virtual boundary.
In some AWS instances, it's possible to craft such a request when
attempting to mount LVM snapshots using xfs. This will then cause a
kernel spew due to a BUG_ON in nvme_setup_prps(), which checks if
dma_len is aligned to the page size.
[Fix]
Upstream commit 5a8d75a1b8c9 ("block: fix bio_will_gap() for first bvec with
offset") disallows requests that begin with an unaligned buffer from being
merged.
[Test Case]
This has been verified on AWS with c5d.large instances:
1) Prepare the LVM device + snapshot
$ sudo vgcreate vg0 /dev/nvme1n1
$ sudo lvcreate -L5G -n data0 vg0
$ sudo mkfs.xfs /dev/vg0/data0
$ sudo mount /dev/vg0/data0 /mnt
$ sudo touch /mnt/test
$ sudo touch /mnt/test2
$ sudo ls /mnt
$ sudo umount /mnt
$ sudo lvcreate -l100%FREE -s /dev/vg0/data0 -n data0_snap
2) Attempting to mount the previously created snapshot results in the Oops:
$ sudo mount /dev/vg0/data0_snap /mnt
Segmentation fault (core dumped)
[Regression Potential]
The fix prevents some bios from being merged, so it can have a performance
impact in certain scenarios. The patch only targets misaligned segments, so the
impact should be less noticeable in the general case.
The commit is also present in mainline kernels since 4.13, and hasn't been
changed significantly, so potential for other regressions should be low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1869229/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
