lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 5 Mar 2021 15:28:34 +0800
From:   Jia-Ju Bai <baijiaju1990@...il.com>
To:     Coly Li <colyli@...e.de>
Cc:     linux-bcache@...r.kernel.org, linux-kernel@...r.kernel.org,
        kent.overstreet@...il.com
Subject: Re: [PATCH] md: bcache: fix error return code of
 cached_dev_cache_miss()

Hi Coly,

Thanks a lot for your detailed explanation :)


Best wishes,
Jia-Ju Bai

On 2021/3/5 12:05, Coly Li wrote:
> On 3/5/21 10:46 AM, Jia-Ju Bai wrote:
>> When bch_bio_alloc_pages() fails, no error return code of
>> cached_dev_cache_miss() is assigned.
>> To fix this bug, ret is assigned with -ENOMEN as error return code.
>>
>> Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
>> ---
>>   drivers/md/bcache/request.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
>> index 29c231758293..9ecaf26c8d60 100644
>> --- a/drivers/md/bcache/request.c
>> +++ b/drivers/md/bcache/request.c
>> @@ -930,8 +930,10 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s,
>>   	cache_bio->bi_private	= &s->cl;
>>   
>>   	bch_bio_map(cache_bio, NULL);
>> -	if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO))
>> +	if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO)) {
>> +		ret = -ENOMEM;
>>   		goto out_put;
>> +	}
>>   
>>   	if (reada)
>>   		bch_mark_cache_readahead(s->iop.c, s->d);
>>
> Thanks for looking at bcache :-)
>
> Without the above change, -EINTR will be returned. -EINTR is special in
> bache's btree iteration code. See bcache_btree_root() from bcache.h,
>
> 347 #define bcache_btree_root(fn, c, op, ...)	\
> 348 ({						\
> 349	int _r = -EINTR;			\
> 350	do {					\
> 351		struct btree *_b = (c)->root; 	\
> 352		bool _w = insert_lock(op, _b);	\
> 353		rw_lock(_w, _b, _b->level);	\
> 354		if (_b == (c)->root &&		\
> 355			_w == insert_lock(op, _b)) { \
> 356			_r = bch_btree_ ## fn(_b, op, ##__VA_ARGS__); \
> 357		}				\
> 358	rw_unlock(_w, _b);			\
> 359	bch_cannibalize_unlock(c);		\
> 360	if (_r == -EINTR)			\
> 361						\
> 362	} while (_r == -EINTR);			\
> 363						\
> 364	finish_wait(&(c)->btree_cache_wait, &(op)->wait); \
> 365	_r;					\
> 366 })
>
> cached_dev_cache_miss() is called by the following code path,
>
> cache_lookup() ==> bch_btree_map_keys() ==> bcache_btree_root() ==>
> bch_btree_map_keys_recurse() ==> cache_lookup_fn()
>
> Therefore the return value of cached_dev_cache_miss() will be returned
> from where s->d->cache_miss() is called from cache_lookup_fn(). And in
> macro bcache_btree_root() this return value will be checked. If the
> return value is -EINTR, then the whole iteration will be re-do again.
>
> Returning -ENOMEM works but if the memory allocation failed, there is no
> chance to re-do the cache lookup again from bcache_btree_root(). When
> system memory is in heavy usage, we want the lookup to try more times
> (because GFP_NOIO is set), which is much better then returning -EIO
> immediately to caller.
>
> Therefore NOT setting ret to -ENOMEM in the patching location should be
> an on-purpose coding, IMHO.
>
> Thanks.
>
> Coly Li
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ