Bug#696650: [PATCH v5] md: protect against crash upon fsync on ro array

2013-02-04 Thread NeilBrown 
On Thu, 31 Jan 2013 20:35:22 +0100 Sebastian Riemer
sebastian.rie...@profitbricks.com wrote:

 Hi Neil,
 
 please apply this patch! It is correct, now.
 
 It applies to 3.2.y, 3.4.y, 3.7.y and latest 3.8-rc5. All these versions
 are affected by this bug.
 
 3.0.y and 2.6.34.y are also affected. Please also find the patches for
 these versions attached. I've tested them. They work.
 
 The strange thing is that 2.6.32.y is immune against this bug. So it
 must be a regression. The patch restores the same behavior as present in
 2.6.32: fsync receives success.
 
 I've tested against the following versions: 3.8-rc5, 3.7.5, 3.4.28,
 3.2.37, 3.0.61, 2.6.34.14 and 2.6.32.60.
 
 Cheers,
 Sebastian

Thanks!
I've added Cc: sta...@vger.kernel.org and will forward it to Linus shortly.

NeilBrown


signature.asc
Description: PGP signature

Bug#696650: [PATCH v5] md: protect against crash upon fsync on ro array

2013-01-31 Thread Sebastian Riemer 
Hi Neil,

please apply this patch! It is correct, now.

It applies to 3.2.y, 3.4.y, 3.7.y and latest 3.8-rc5. All these versions
are affected by this bug.

3.0.y and 2.6.34.y are also affected. Please also find the patches for
these versions attached. I've tested them. They work.

The strange thing is that 2.6.32.y is immune against this bug. So it
must be a regression. The patch restores the same behavior as present in
2.6.32: fsync receives success.

I've tested against the following versions: 3.8-rc5, 3.7.5, 3.4.28,
3.2.37, 3.0.61, 2.6.34.14 and 2.6.32.60.

Cheers,
Sebastian


On 29.01.2013 13:29, Paul Menzel wrote:
 Any further objection?
 
 Small typo (occurs) in commit message.

From adfac4df99edc1a83dced9c732464634d3381a9f Mon Sep 17 00:00:00 2001
From: Sebastian Riemer sebastian.rie...@profitbricks.com
Date: Fri, 25 Jan 2013 12:46:59 +0100
Subject: [PATCH v5] md: protect against crash upon fsync on ro array

If an fsync occurs on a read-only array, we need to send a
completion for the IO and may not increment the active IO count.
Otherwise, we hit a bug trace and can't stop the MD array anymore.

By advice of Christoph Hellwig we return success upon a flush
request but we return -EROFS for other writes.
We detect flush requests by checking if the bio has zero sectors.

Cc: Christoph Hellwig h...@infradead.org
Cc: Ben Hutchings b...@decadent.org.uk
Cc: NeilBrown ne...@suse.de
Signed-off-by: Sebastian Riemer sebastian.rie...@profitbricks.com
Reported-by: Ben Hutchings b...@decadent.org.uk
Acked-by: Paul Menzel paulepan...@users.sourceforge.net
---
 drivers/md/md.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 3db3d1b..1e634a6 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -307,6 +307,10 @@ static void md_make_request(struct request_queue *q, 
struct bio *bio)
bio_io_error(bio);
return;
}
+   if (mddev-ro == 1  unlikely(rw == WRITE)) {
+   bio_endio(bio, bio_sectors(bio) == 0 ? 0 : -EROFS);
+   return;
+   }
smp_rmb(); /* Ensure implications of  'active' are visible */
rcu_read_lock();
if (mddev-suspended) {
-- 
1.7.1
From 58ecc54ef2ea1692b2a608183901708d3cad5120 Mon Sep 17 00:00:00 2001
From: Sebastian Riemer sebastian.rie...@profitbricks.com
Date: Fri, 25 Jan 2013 12:46:59 +0100
Subject: [PATCH 3.0.y] md: protect against crash upon fsync on ro array
Reply-To: linux-raid linux-r...@vger.kernel.org

If an fsync occurs on a read-only array, we need to send a
completion for the IO and may not increment the active IO count.
Otherwise, we hit a bug trace and can't stop the MD array anymore.

By advice of Christoph Hellwig we return success upon a flush
request but we return -EROFS for other writes.
We detect flush requests by checking if the bio has zero sectors.

Cc: Christoph Hellwig h...@infradead.org
Cc: Ben Hutchings b...@decadent.org.uk
Cc: NeilBrown ne...@suse.de
Signed-off-by: Sebastian Riemer sebastian.rie...@profitbricks.com
Reported-by: Ben Hutchings b...@decadent.org.uk
Acked-by: Paul Menzel paulepan...@users.sourceforge.net
---
 drivers/md/md.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 98262e5..4ef75e9 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -299,6 +299,10 @@ static int md_make_request(struct request_queue *q, struct 
bio *bio)
bio_io_error(bio);
return 0;
}
+   if (mddev-ro == 1  unlikely(rw == WRITE)) {
+   bio_endio(bio, bio_sectors(bio) == 0 ? 0 : -EROFS);
+   return 0;
+   }
smp_rmb(); /* Ensure implications of  'active' are visible */
rcu_read_lock();
if (mddev-suspended) {
-- 
1.7.1

From 58ecc54ef2ea1692b2a608183901708d3cad5120 Mon Sep 17 00:00:00 2001
From: Sebastian Riemer sebastian.rie...@profitbricks.com
Date: Fri, 25 Jan 2013 12:46:59 +0100
Subject: [PATCH 2.6.34.y] md: protect against crash upon fsync on ro array
Reply-To: linux-raid linux-r...@vger.kernel.org

If an fsync occurs on a read-only array, we need to send a
completion for the IO and may not increment the active IO count.
Otherwise, we hit a bug trace and can't stop the MD array anymore.

By advice of Christoph Hellwig we return success upon a flush
request but we return -EROFS for other writes.
We detect flush requests by checking if the bio has zero sectors.

Cc: Christoph Hellwig h...@infradead.org
Cc: Ben Hutchings b...@decadent.org.uk
Cc: NeilBrown ne...@suse.de
Signed-off-by: Sebastian Riemer sebastian.rie...@profitbricks.com
Reported-by: Ben Hutchings b...@decadent.org.uk
Acked-by: Paul Menzel paulepan...@users.sourceforge.net
---
 drivers/md/md.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index d8e5adc..ba1c0be 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -221,6 +221,10 @@ static int

Bug#696650: [PATCH v5] md: protect against crash upon fsync on ro array

2013-01-29 Thread Paul Menzel 
Am Dienstag, den 29.01.2013, 12:19 +0100 schrieb Sebastian Riemer:

[…]

 Any further objection?

Small typo (occurs) in commit message.


Thanks,

Paul

From adfac4df99edc1a83dced9c732464634d3381a9f Mon Sep 17 00:00:00 2001
From: Sebastian Riemer sebastian.rie...@profitbricks.com
Date: Fri, 25 Jan 2013 12:46:59 +0100
Subject: [PATCH v5] md: protect against crash upon fsync on ro array

If an fsync occurs on a read-only array, we need to send a
completion for the IO and may not increment the active IO count.
Otherwise, we hit a bug trace and can't stop the MD array anymore.

By advice of Christoph Hellwig we return success upon a flush
request but we return -EROFS for other writes.
We detect flush requests by checking if the bio has zero sectors.

Cc: Christoph Hellwig h...@infradead.org
Cc: Ben Hutchings b...@decadent.org.uk
Cc: NeilBrown ne...@suse.de
Signed-off-by: Sebastian Riemer sebastian.rie...@profitbricks.com
Reported-by: Ben Hutchings b...@decadent.org.uk
Acked-by: Paul Menzel paulepan...@users.sourceforge.net
---
 drivers/md/md.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 3db3d1b..1e634a6 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -307,6 +307,10 @@ static void md_make_request(struct request_queue *q, 
struct bio *bio)
bio_io_error(bio);
return;
}
+   if (mddev-ro == 1  unlikely(rw == WRITE)) {
+   bio_endio(bio, bio_sectors(bio) == 0 ? 0 : -EROFS);
+   return;
+   }
smp_rmb(); /* Ensure implications of  'active' are visible */
rcu_read_lock();
if (mddev-suspended) {
-- 
1.7.1


signature.asc
Description: This is a digitally signed message part