llite: safely duplicate iov_iter (was: pin_user_pages on unaligned DIO/AIO)

Peter Jones added a comment - 25/Jun/24 12:48 PM Merged for 2.16

Gerrit Updater added a comment - 25/Jun/24 3:25 AM "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/52266/ Subject: LU-17085 llite: safely duplicate iov_iter Project: fs/lustre-release Branch: master Current Patch Set: Commit: d144cd055b48027b3d045c2566f4b180327a1a13

Gerrit Updater added a comment - 09/Feb/24 5:06 AM - edited Abandoned. https://review.whamcloud.com/c/fs/lustre-release/+/53984

Gerrit Updater added a comment - 30/Jan/24 5:36 AM - edited Abandoned: https://review.whamcloud.com/c/fs/lustre-release/+/53857

Shaun Tancheff added a comment - 07/Dec/23 7:29 AM Linux kernel 6.6.1 without this patch crashes on sanity/119e: ====================================================== 14:17:54 \(1701933474\) [ 1342.270948] Lustre: DEBUG MARKER: == sanity test 119e: Basic tests of dio read and write at various sizes ========================================================== 14:17:54 (1701933474) [ 1342.521229] BUG: unable to handle page fault for address: 00005602d6898008 [ 1342.521535] #PF: supervisor read access in kernel mode [ 1342.521812] #PF: error_code(0x0000) - not-present page [ 1342.522108] PGD 8000000338f23067 P4D 8000000338f23067 PUD 2ff105067 PMD 106016067 PTE 0 [ 1342.522403] Oops: 0000 [#1] PREEMPT SMP PTI [ 1342.522666] CPU: 3 PID: 10225 Comm: dd Kdump: loaded Tainted: G OE 6.6.1-1.ldiskfs.el9.x86_64 #1 [ 1342.522959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 1342.523241] RIP: 0010:cl_sub_dio_alloc+0x169/0x330 [obdclass] [ 1342.523571] Code: 00 00 31 f6 e8 28 67 fc ff 49 8b 8f 88 00 00 00 f6 05 e2 a7 d5 ff 10 0f 85 8d 00 00 00 48 85 c9 0f 84 ac 01 00 00 49 8b 45 10 <48> 8b 50 08 48 8b 00 48 89 51 08 48 89 01 48 83 c4 08 4c 89 f8 5b [ 1342.524147] RSP: 0018:ffffa7fd4068bb00 EFLAGS: 00010282 [ 1342.524436] RAX: 00005602d6898000 RBX: 0000000000000004 RCX: ffff9c4648ab2780 [ 1342.524726] RDX: 0000000000000000 RSI: ffffffffc1303120 RDI: 00000000ffffffff [ 1342.525030] RBP: ffffa7fd4068bb30 R08: 645f6275735f6c63 R09: 636f6c6c615f6f69 [ 1342.525326] R10: ffffa7fd4068bb00 R11: 636f6c6c615f6f69 R12: ffff9c48963c6540 [ 1342.525619] R13: ffffa7fd4068bc40 R14: 0000000000000001 R15: ffff9c487943a690 [ 1342.525932] FS: 00007f8472e42740(0000) GS:ffff9c49afd80000(0000) knlGS:0000000000000000 [ 1342.526253] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1342.526552] CR2: 00005602d6898008 CR3: 0000000102366001 CR4: 0000000000370ee0 [ 1342.526863] Call Trace: [ 1342.527158] <TASK> [ 1342.527447] ? __die+0x20/0x70 [ 1342.527731] ? page_fault_oops+0x82/0x160 [ 1342.528059] ? do_user_addr_fault+0x65/0x690 [ 1342.528364] ? exc_page_fault+0x6a/0x150 [ 1342.528641] ? asm_exc_page_fault+0x22/0x30 [ 1342.528910] ? cl_sub_dio_alloc+0x169/0x330 [obdclass] [ 1342.529261] ll_direct_IO_impl+0x321/0xc50 [lustre] [ 1342.529559] generic_file_read_iter+0x81/0x120 [ 1342.529841] vvp_io_read_start+0x68a/0x830 [lustre] [ 1342.530137] cl_io_start+0x5a/0x120 [obdclass] [ 1342.530449] cl_io_loop+0x95/0x1e0 [obdclass] [ 1342.530770] ll_file_io_generic+0x4f4/0xee0 [lustre] [ 1342.531055] ll_file_read_iter+0x5a1/0x8d0 [lustre] [ 1342.531349] vfs_read+0x1c0/0x300 [ 1342.531621] ksys_read+0x5f/0xe0 [ 1342.531902] do_syscall_64+0x38/0x90 [ 1342.532197] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 1342.532460] RIP: 0033:0x7f8472d3e882 [ 1342.532713] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 1a 0f 08 00 e8 35 eb 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 [ 1342.533230] RSP: 002b:00007ffc4d695f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1342.533492] RAX: ffffffffffffffda RBX: 0000000000000fff RCX: 00007f8472d3e882 [ 1342.533755] RDX: 0000000000000fff RSI: 00005602d6898000 RDI: 0000000000000000 [ 1342.534014] RBP: 00005602d6898000 R08: 00005602d6898000 R09: 0000000000000000 [ 1342.534267] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000004 [ 1342.534514] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc4d697d05 [ 1342.534771] </TASK> [ 1342.535008] Modules linked in: lustre(OE) obdecho(OE) mgc(OE) mdc(OE) lov(OE) osc(OE) lmv(OE) fid(OE) fld(OE) ptlrpc_gss(OE) ptlrpc(OE) obdclass(OE) ksocklnd(OE) lnet(OE) sunrpc(E) libcfs(OE) rfkill(E) intel_rapl_msr(E) intel_rapl_common(E) intel_pmc_core(E) snd_hda_codec_generic(E) ledtrig_audio(E) snd_hda_intel(E) snd_intel_dspcfg(E) snd_hda_codec(E) kvm_intel(E) snd_hda_core(E) snd_hwdep(E) snd_seq(E) snd_seq_device(E) kvm(E) iTCO_wdt(E) snd_pcm(E) intel_pmc_bxt(E) iTCO_vendor_support(E) irqbypass(E) qxl(E) rapl(E) drm_ttm_helper(E) snd_timer(E) ttm(E) i2c_i801(E) i2c_smbus(E) pcspkr(E) snd(E) drm_kms_helper(E) lpc_ich(E) soundcore(E) virtio_balloon(E) joydev(E) drm(E) fuse(E) ext4(E) mbcache(E) jbd2(E) sr_mod(E) cdrom(E) sg(E) ahci(E) libahci(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) polyval_generic(E) virtio_console(E) libata(E) ghash_clmulni_intel(E) virtio_net(E) virtio_blk(E) net_failover(E) failover(E) serio_raw(E) [ 1342.537190] CR2: 00005602d6898008 Due to the memcpy in cl_sub_dio_alloc: struct cl_sub_dio *cl_sub_dio_alloc(struct cl_dio_aio *ll_aio, struct iov_iter *iter, bool write, bool unaligned, bool sync) ... if (unaligned) { ... memcpy((void *) sdio->csd_iter.__iov, iter->__iov, sizeof(struct iovec)); } ...

Gerrit Updater added a comment - 04/Sep/23 6:24 PM "Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/52266 Subject: LU-17085 llite: Use copy_from_user if user_backed_iter Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: ccaaaf5323856ec8969075427a91bc45be0aeeda