lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+5PVA4W52hANs-=_4wo8R1nh1DSX9mcesUwrPL56onvYuR=7A@mail.gmail.com>
Date:	Mon, 3 Aug 2015 21:11:07 -0400
From:	Josh Boyer <jwboyer@...oraproject.org>
To:	Mike Snitzer <snitzer@...hat.com>
Cc:	ejt@...hat.com, Ming Lei <ming.lei@...onical.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Tejun Heo <tj@...nel.org>, Jens Axboe <axboe@...com>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: cgroup/loop Bad page state oops in Linux v4.2-rc3-136-g45b4b782e848

On Mon, Aug 3, 2015 at 12:56 PM, Josh Boyer <jwboyer@...oraproject.org> wrote:
> On Mon, Aug 3, 2015 at 10:28 AM, Mike Snitzer <snitzer@...hat.com> wrote:
>> On Sun, Aug 02 2015 at 10:01P -0400,
>> Josh Boyer <jwboyer@...oraproject.org> wrote:
>>
>>> On Fri, Jul 31, 2015 at 2:58 PM, Josh Boyer <jwboyer@...oraproject.org> wrote:
>>> > On Thu, Jul 30, 2015 at 8:19 PM, Mike Snitzer <snitzer@...hat.com> wrote:
>>> >>
>>> >> The only commit that looks even remotely related (given 32bit concerns)
>>> >> would be 1c220c69ce0dcc0f234a9f263ad9c0864f971852
>>> >
>>> > Confirmed.  I built kernels for our tester that started with the
>>> > working snapshot and applied the patches above one at a time.  The
>>> > failing patch was the commit you suspected.
>>> >
>>> > I can try and build a 4.2-rc4 kernel with that reverted, but it would
>>> > be good if someone could start thinking about how that could cause
>>> > this issue.
>>>
>>> A revert on top of 4.2-rc4 booted.  So this is currently causing
>>> issues with upstream as well.
>>
>> Hi Josh,
>>
>> I've staged the following fix in linux-next (for 4.2-rc6 inclusion):
>> https://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=76270d574acc897178a5c8be0bd2a743a77e4bac
>>
>> Can you please verify that it works for your 32bit testcase against
>> 4.2-rc4 (or rc5)?
>
> Sure, I'll get a kernel with this included spun up and ask Adam to test.

Adam tested this with success.  If you're still collecting patch
metadata, adding:

Tested-by: Adam Williamson <awilliam@...hat.com>

would be appreciated.

josh

>> From: Mike Snitzer <snitzer@...hat.com>
>> Date: Mon, 3 Aug 2015 09:54:58 -0400
>> Subject: [PATCH] dm: fix dm_merge_bvec regression on 32 bit systems
>>
>> A DM regression on 32 bit systems was reported against v4.2-rc3 here:
>> https://lkml.org/lkml/2015/7/29/401
>>
>> Fix this by reverting both commit 1c220c69 ("dm: fix casting bug in
>> dm_merge_bvec()") and 148e51ba ("dm: improve documentation and code
>> clarity in dm_merge_bvec").  This combined revert is done to eliminate
>> the possibility of a partial revert in stable@ kernels.
>>
>> In hindsight the correct fix, at the time 1c220c69 was applied to fix
>> the regression that 148e51ba introduced, should've been to simply revert
>> 148e51ba.
>>
>> Reported-by: Josh Boyer <jwboyer@...oraproject.org>
>> Acked-by: Joe Thornber <ejt@...hat.com>
>> Signed-off-by: Mike Snitzer <snitzer@...hat.com>
>> Cc: stable@...r.kernel.org # 3.19+
>> ---
>>  drivers/md/dm.c | 27 ++++++++++-----------------
>>  1 file changed, 10 insertions(+), 17 deletions(-)
>>
>> diff --git a/drivers/md/dm.c b/drivers/md/dm.c
>> index ab37ae1..0d7ab20 100644
>> --- a/drivers/md/dm.c
>> +++ b/drivers/md/dm.c
>> @@ -1729,7 +1729,8 @@ static int dm_merge_bvec(struct request_queue *q,
>>         struct mapped_device *md = q->queuedata;
>>         struct dm_table *map = dm_get_live_table_fast(md);
>>         struct dm_target *ti;
>> -       sector_t max_sectors, max_size = 0;
>> +       sector_t max_sectors;
>> +       int max_size = 0;
>>
>>         if (unlikely(!map))
>>                 goto out;
>> @@ -1742,18 +1743,10 @@ static int dm_merge_bvec(struct request_queue *q,
>>          * Find maximum amount of I/O that won't need splitting
>>          */
>>         max_sectors = min(max_io_len(bvm->bi_sector, ti),
>> -                         (sector_t) queue_max_sectors(q));
>> +                         (sector_t) BIO_MAX_SECTORS);
>>         max_size = (max_sectors << SECTOR_SHIFT) - bvm->bi_size;
>> -
>> -       /*
>> -        * FIXME: this stop-gap fix _must_ be cleaned up (by passing a sector_t
>> -        * to the targets' merge function since it holds sectors not bytes).
>> -        * Just doing this as an interim fix for stable@ because the more
>> -        * comprehensive cleanup of switching to sector_t will impact every
>> -        * DM target that implements a ->merge hook.
>> -        */
>> -       if (max_size > INT_MAX)
>> -               max_size = INT_MAX;
>> +       if (max_size < 0)
>> +               max_size = 0;
>>
>>         /*
>>          * merge_bvec_fn() returns number of bytes
>> @@ -1761,13 +1754,13 @@ static int dm_merge_bvec(struct request_queue *q,
>>          * max is precomputed maximal io size
>>          */
>>         if (max_size && ti->type->merge)
>> -               max_size = ti->type->merge(ti, bvm, biovec, (int) max_size);
>> +               max_size = ti->type->merge(ti, bvm, biovec, max_size);
>>         /*
>>          * If the target doesn't support merge method and some of the devices
>> -        * provided their merge_bvec method (we know this by looking for the
>> -        * max_hw_sectors that dm_set_device_limits may set), then we can't
>> -        * allow bios with multiple vector entries.  So always set max_size
>> -        * to 0, and the code below allows just one page.
>> +        * provided their merge_bvec method (we know this by looking at
>> +        * queue_max_hw_sectors), then we can't allow bios with multiple vector
>> +        * entries.  So always set max_size to 0, and the code below allows
>> +        * just one page.
>>          */
>>         else if (queue_max_hw_sectors(q) <= PAGE_SIZE >> 9)
>>                 max_size = 0;
>> --
>> 2.3.2 (Apple Git-55)
>>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ