Re: [git pull] vfs part 2

From: Andrey Ryabinin
Date: Wed Jul 01 2015 - 03:51:14 EST

Next message: Thomas Gleixner: "Re: [PATCH v2 4/9] arm: twr-k70f120m: timer driver for Kinetis SoC"
Previous message: Teo En Ming: "Re: Singapore Government Hackers Have Hacked Into Teo En Ming's Computer Again"
In reply to: Al Viro: "Re: [git pull] vfs part 2"
Next in thread: Al Viro: "Re: [git pull] vfs part 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/01/2015 09:27 AM, Al Viro wrote:
> On Mon, Jun 22, 2015 at 03:02:11PM +0300, Andrey Ryabinin wrote:
>> On 06/22/2015 12:12 AM, Al Viro wrote:
>>> On Thu, Apr 23, 2015 at 01:16:15PM +0300, Andrey Ryabinin wrote:
>>>> This change caused following:
>>>
>>>> This could happen when p9pdu_readf() changes 'count' to some value > iov_iter_count(from):
>>>>
>>>> p9_client_write():
>>>> <...>
>>>> int count = iov_iter_count(from);
>>>> <...>
>>>> *err = p9pdu_readf(req->rc, clnt->proto_version, "d", &count);
>>>> <...>
>>>> iov_iter_advance(from, count);
>>>
>>> *blink*
>>>
>>> That's a bug, all right, but I would love to see how you trigger it.
>>> It would require server to respond to "write that many bytes" with "OK,
>>> <greater number> bytes written". We certainly need to cope with that
>>> (we can't trust the server to be sane), but if that's what is going on,
>>> you've got a server bug as well.
>>>
>>> Could you check if the patch below triggers WARN_ON() in it on your
>>> reproducer? p9_client_read() has a similar issue as well...
>>>
>>
>> I've tried something like your patch before to check the read side
>> and I haven't seen anything before and don't see it right now.
>> Though, this doesn't mean that there is no problem with read.
>> I mean that trinity hits this on write and may just not hit this on read.
>
> "This" being the WARN_ON() in that patch?

Yes.

> Could you please run the same
> test with the following delta and post its printks?

# dmesg | grep fucked

[ 114.732166] fucked: sent 2037, server says it got 2047 (err = 0)
[ 124.937105] fucked: sent 27, server says it got 4096 (err = 0)
[ 154.075400] fucked: sent 19, server says it got 4096 (err = 0)

> It's one thing if
> you are hitting a buggy server, it gets confused and tells you it has
> written more bytes than you told it to write. Quite a different story
> in case if we are miscalculating the size we are putting into RWRITE
> packet and/or advancing the iterator when we shouldn't...
>
> What server are you using, BTW? And which transport (virtio or network -
> IOW, is it zero-copy path or not)?

qemu v2.2.1, virtio transport.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [PATCH v2 4/9] arm: twr-k70f120m: timer driver for Kinetis SoC"
Previous message: Teo En Ming: "Re: Singapore Government Hackers Have Hacked Into Teo En Ming's Computer Again"
In reply to: Al Viro: "Re: [git pull] vfs part 2"
Next in thread: Al Viro: "Re: [git pull] vfs part 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]