| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Nov 2012 16:29:40 -0500 (EST)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
cc: Jens Axboe <axboe@...nel.dk>,
Jeff Chua <jeff.chua.linux@...il.com>,
Lai Jiangshan <laijs@...fujitsu.com>, Jan Kara <jack@...e.cz>,
lkml <linux-kernel@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH] Introduce a method to catch mmap_region (was: Recent
kernel "mount" slow)
On Wed, 28 Nov 2012, Linus Torvalds wrote:
> On Wed, Nov 28, 2012 at 12:03 PM, Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> >
> > mmap() is in *no* way special. The exact same thing happens for
> > regular read/write. Yet somehow the mmap code is special-cased, while
> > the normal read-write code is not.
>
> I just double-checked, because it's been a long time since I actually
> looked at the code.
>
> But yeah, block device read/write uses the pure page cache functions.
> IOW, it has the *exact* same IO engine as mmap() would have.
>
> So here's my suggestion:
>
> - get rid of *all* the locking in aio_read/write and the splice paths
> - get rid of all the stupid mmap games
>
> - instead, add them to the functions that actually use
> "blkdev_get_block()" and "blkdev_get_blocks()" and nowhere else.
>
> That's a fairly limited number of functions:
> blkdev_{read,write}page(), blkdev_direct_IO() and
> blkdev_write_{begin,end}()
>
> Doesn't that sounds simpler? And more logical: it protects the actual
> places that use the block size of the device.
>
> I dunno. Maybe there is some fundamental reason why the above is
> broken, but it seems to be a much simpler approach. Sure, you need to
> guarantee that the people who get the write-lock cannot possibly cause
> IO while holding it, but since the only reason to get the write lock
> would be to change the block size, that should be pretty simple, no?
>
> Yeah, yeah, I'm probably missing something fundamental, but the above
> sounds like the simple approach to fixing things. Aiming for having
> the block size read-lock be taken by the things that pass in the
> block-size itself.
>
> It would be nice for things to be logical and straightforward.
>
> Linus
The problem with this approach is that it is very easy to miss points
where it is assumed that the block size doesn't change - and if you miss a
point, it results in a hidden bug that has a little possibility of being
found.
For example, __block_write_full_page and __block_write_begin do
if (!page_has_buffers(page)) { create_empty_buffers... }
and then they do
WARN_ON(bh->b_size != blocksize)
err = get_block(inode, block, bh, 1)
... so if the buffers were left over from some previous call to
create_empty_buffers with a different blocksize, that WARN_ON is trigged.
And it's not only a harmless warning - now bh->b_size is left set to the
old block size, but bh->b_blocknr is set to a number, that was calculated
according to the new block size - and when you submit that buffer with
submit_bh, it is written to the wrong place!
Now, prove that there are no more bugs like this.
Locking the whole read/write/mmap operations is crude, but at least it can
be done without thorough review of all the memory management code.
Mikulas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists