diff options
| author | Jeremy Cline <jcline@redhat.com> | 2018-12-05 09:48:42 -0500 |
|---|---|---|
| committer | Jeremy Cline <jcline@redhat.com> | 2018-12-05 09:51:03 -0500 |
| commit | c0dbaa3cc58c41175d5889120d83e60b53b83af4 (patch) | |
| tree | a23013748fd2657bcf30302611cdcd8941dbe4f1 | |
| parent | 4d43220d694eee2fc3a09a8323bfb27d1efa6727 (diff) | |
| download | kernel-c0dbaa3cc58c41175d5889120d83e60b53b83af4.tar.gz kernel-c0dbaa3cc58c41175d5889120d83e60b53b83af4.tar.xz kernel-c0dbaa3cc58c41175d5889120d83e60b53b83af4.zip | |
Fix corruption bug in direct dispatch for blk-mq
| -rw-r--r-- | blk-mq-fix-corruption-with-direct-issue.patch | 99 | ||||
| -rw-r--r-- | kernel.spec | 6 |
2 files changed, 105 insertions, 0 deletions
diff --git a/blk-mq-fix-corruption-with-direct-issue.patch b/blk-mq-fix-corruption-with-direct-issue.patch new file mode 100644 index 000000000..71b9da110 --- /dev/null +++ b/blk-mq-fix-corruption-with-direct-issue.patch @@ -0,0 +1,99 @@ +From ffe81d45322cc3cb140f0db080a4727ea284661e Mon Sep 17 00:00:00 2001 +From: Jens Axboe <axboe@kernel.dk> +Date: Tue, 4 Dec 2018 20:06:48 -0700 +Subject: [PATCH] blk-mq: fix corruption with direct issue + +If we attempt a direct issue to a SCSI device, and it returns BUSY, then +we queue the request up normally. However, the SCSI layer may have +already setup SG tables etc for this particular command. If we later +merge with this request, then the old tables are no longer valid. Once +we issue the IO, we only read/write the original part of the request, +not the new state of it. + +This causes data corruption, and is most often noticed with the file +system complaining about the just read data being invalid: + +[ 235.934465] EXT4-fs error (device sda1): ext4_iget:4831: inode #7142: comm dpkg-query: bad extra_isize 24937 (inode size 256) + +because most of it is garbage... + +This doesn't happen from the normal issue path, as we will simply defer +the request to the hardware queue dispatch list if we fail. Once it's on +the dispatch list, we never merge with it. + +Fix this from the direct issue path by flagging the request as +REQ_NOMERGE so we don't change the size of it before issue. + +See also: + https://bugzilla.kernel.org/show_bug.cgi?id=201685 + +Tested-by: Guenter Roeck <linux@roeck-us.net> +Fixes: 6ce3dd6eec1 ("blk-mq: issue directly if hw queue isn't busy in case of 'none'") +Cc: stable@vger.kernel.org +Signed-off-by: Jens Axboe <axboe@kernel.dk> +Signed-off-by: Jeremy Cline <jcline@redhat.com> +--- + block/blk-mq.c | 26 +++++++++++++++++++++++++- + 1 file changed, 25 insertions(+), 1 deletion(-) + +diff --git a/block/blk-mq.c b/block/blk-mq.c +index 3f91c6e5b17a..3262d83b9e07 100644 +--- a/block/blk-mq.c ++++ b/block/blk-mq.c +@@ -1715,6 +1715,15 @@ static blk_status_t __blk_mq_issue_directly(struct blk_mq_hw_ctx *hctx, + break; + case BLK_STS_RESOURCE: + case BLK_STS_DEV_RESOURCE: ++ /* ++ * If direct dispatch fails, we cannot allow any merging on ++ * this IO. Drivers (like SCSI) may have set up permanent state ++ * for this request, like SG tables and mappings, and if we ++ * merge to it later on then we'll still only do IO to the ++ * original part. ++ */ ++ rq->cmd_flags |= REQ_NOMERGE; ++ + blk_mq_update_dispatch_busy(hctx, true); + __blk_mq_requeue_request(rq); + break; +@@ -1727,6 +1736,18 @@ static blk_status_t __blk_mq_issue_directly(struct blk_mq_hw_ctx *hctx, + return ret; + } + ++/* ++ * Don't allow direct dispatch of anything but regular reads/writes, ++ * as some of the other commands can potentially share request space ++ * with data we need for the IO scheduler. If we attempt a direct dispatch ++ * on those and fail, we can't safely add it to the scheduler afterwards ++ * without potentially overwriting data that the driver has already written. ++ */ ++static bool blk_rq_can_direct_dispatch(struct request *rq) ++{ ++ return req_op(rq) == REQ_OP_READ || req_op(rq) == REQ_OP_WRITE; ++} ++ + static blk_status_t __blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, + struct request *rq, + blk_qc_t *cookie, +@@ -1748,7 +1769,7 @@ static blk_status_t __blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, + goto insert; + } + +- if (q->elevator && !bypass_insert) ++ if (!blk_rq_can_direct_dispatch(rq) || (q->elevator && !bypass_insert)) + goto insert; + + if (!blk_mq_get_dispatch_budget(hctx)) +@@ -1810,6 +1831,9 @@ void blk_mq_try_issue_list_directly(struct blk_mq_hw_ctx *hctx, + struct request *rq = list_first_entry(list, struct request, + queuelist); + ++ if (!blk_rq_can_direct_dispatch(rq)) ++ break; ++ + list_del_init(&rq->queuelist); + ret = blk_mq_request_issue_directly(rq); + if (ret != BLK_STS_OK) { +-- +2.19.2 + diff --git a/kernel.spec b/kernel.spec index 717c41c19..ba693a61e 100644 --- a/kernel.spec +++ b/kernel.spec @@ -609,6 +609,9 @@ Patch504: iio-accel-kxcjk1013-Add-more-hardware-ids.patch # rhbz 1645070 patch queued upstream for merging into 4.21 Patch505: asus-fx503-keyb.patch +# https://bugzilla.kernel.org/show_bug.cgi?id=201685 +Patch506: blk-mq-fix-corruption-with-direct-issue.patch + # END OF PATCH DEFINITIONS %endif @@ -1881,6 +1884,9 @@ fi # # %changelog +* Wed Dec 05 2018 Jeremy Cline <jeremy@jcline.org> +- Fix corruption bug in direct dispatch for blk-mq + * Tue Dec 04 2018 Justin M. Forbes <jforbes@fedoraproject.org> - 4.20.0-0.rc5.git1.1 - Linux v4.20-rc5-21-g0072a0c14d5b - Reenable debugging options. |