This is a note to let you know that I've just added the patch titled
nfs: disallow duplicate pages in pgio page vectors
to the 3.16-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfs-disallow-duplicate-pages-in-pgio-page-vectors.patch
and it can be found in the queue-3.16 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From [email protected] Thu Oct 2 16:50:02 2014
From: Trond Myklebust <[email protected]>
Date: Mon, 15 Sep 2014 14:14:44 -0400
Subject: nfs: disallow duplicate pages in pgio page vectors
To: [email protected]
Cc: Weston Andros Adamson <[email protected]>, [email protected]
Message-ID: <1410804885-17228-14-git-send-email-trond.mykleb...@primarydata.com>
From: Weston Andros Adamson <[email protected]>
commit bba5c1887a925a9945d22217d38d58d8b3ba1043 upstream.
Adjacent requests that share the same page are allowed, but should only
use one entry in the page vector. This avoids overruning the page
vector - it is sized based on how many bytes there are, not by
request count.
This fixes issues that manifest as "Redzone overwritten" bugs (the
vector overrun) and hangs waiting on page read / write, as it waits on
the same page more than once.
This also adds bounds checking to the page vector with a graceful failure
(WARN_ON_ONCE and pgio error returned to application).
Reported-by: Toralf Förster <[email protected]>
Signed-off-by: Weston Andros Adamson <[email protected]>
Signed-off-by: Trond Myklebust <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/nfs/pagelist.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -734,10 +734,11 @@ int nfs_generic_pgio(struct nfs_pageio_d
struct nfs_pgio_header *hdr)
{
struct nfs_page *req;
- struct page **pages;
+ struct page **pages,
+ *last_page;
struct list_head *head = &desc->pg_list;
struct nfs_commit_info cinfo;
- unsigned int pagecount;
+ unsigned int pagecount, pageused;
pagecount = nfs_page_array_len(desc->pg_base, desc->pg_count);
if (!nfs_pgarray_set(&hdr->page_array, pagecount))
@@ -745,12 +746,23 @@ int nfs_generic_pgio(struct nfs_pageio_d
nfs_init_cinfo(&cinfo, desc->pg_inode, desc->pg_dreq);
pages = hdr->page_array.pagevec;
+ last_page = NULL;
+ pageused = 0;
while (!list_empty(head)) {
req = nfs_list_entry(head->next);
nfs_list_remove_request(req);
nfs_list_add_request(req, &hdr->pages);
- *pages++ = req->wb_page;
+
+ if (WARN_ON_ONCE(pageused >= pagecount))
+ return nfs_pgio_error(desc, hdr);
+
+ if (!last_page || last_page != req->wb_page) {
+ *pages++ = last_page = req->wb_page;
+ pageused++;
+ }
}
+ if (WARN_ON_ONCE(pageused != pagecount))
+ return nfs_pgio_error(desc, hdr);
if ((desc->pg_ioflags & FLUSH_COND_STABLE) &&
(desc->pg_moreio || nfs_reqs_to_commit(&cinfo)))
Patches currently in stable-queue which might be from
[email protected] are
queue-3.16/nfs-move-nfs_pgio_data-and-remove-nfs_rw_header.patch
queue-3.16/nfs-use-blocking-page_group_lock-in-add_request.patch
queue-3.16/nfs-remove-pgio_header-refcount-related-cleanup.patch
queue-3.16/pnfs-add-pnfs_put_lseg_async.patch
queue-3.16/nfs-can_coalesce_requests-must-enforce-contiguity.patch
queue-3.16/nfs-disallow-duplicate-pages-in-pgio-page-vectors.patch
queue-3.16/nfs-fix-error-handling-in-lock_and_join_requests.patch
queue-3.16/nfs-change-nfs_page_group_lock-argument.patch
queue-3.16/nfsv4-nfs4_state_manager-vs.-nfs_server_remove_lists.patch
queue-3.16/nfsv4-fix-another-bug-in-the-close-open_downgrade-code.patch
queue-3.16/nfs-check-wait_on_bit_lock-err-in-page_group_lock.patch
queue-3.16/nfs-don-t-sleep-with-inode-lock-in-lock_and_join_requests.patch
queue-3.16/nfs-rename-members-of-nfs_pgio_data.patch
queue-3.16/nfs-fix-nonblocking-calls-to-nfs_page_group_lock.patch
queue-3.16/nfs-merge-nfs_pgio_data-into-_header.patch
queue-3.16/nfs-clear_request_commit-while-holding-i_lock.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
