From: Greg Kroah-Hartman Date: Thu, 6 Dec 2018 05:38:02 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.19.8~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3637ce2a20fd4e30c0973bb8fd26bb57f15c821;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: blk-mq-fix-corruption-with-direct-issue.patch --- diff --git a/queue-4.19/blk-mq-fix-corruption-with-direct-issue.patch b/queue-4.19/blk-mq-fix-corruption-with-direct-issue.patch new file mode 100644 index 00000000000..3313b04c74d --- /dev/null +++ b/queue-4.19/blk-mq-fix-corruption-with-direct-issue.patch @@ -0,0 +1,99 @@ +From ffe81d45322cc3cb140f0db080a4727ea284661e Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Tue, 4 Dec 2018 20:06:48 -0700 +Subject: blk-mq: fix corruption with direct issue + +From: Jens Axboe + +commit ffe81d45322cc3cb140f0db080a4727ea284661e upstream. + +If we attempt a direct issue to a SCSI device, and it returns BUSY, then +we queue the request up normally. However, the SCSI layer may have +already setup SG tables etc for this particular command. If we later +merge with this request, then the old tables are no longer valid. Once +we issue the IO, we only read/write the original part of the request, +not the new state of it. + +This causes data corruption, and is most often noticed with the file +system complaining about the just read data being invalid: + +[ 235.934465] EXT4-fs error (device sda1): ext4_iget:4831: inode #7142: comm dpkg-query: bad extra_isize 24937 (inode size 256) + +because most of it is garbage... + +This doesn't happen from the normal issue path, as we will simply defer +the request to the hardware queue dispatch list if we fail. Once it's on +the dispatch list, we never merge with it. + +Fix this from the direct issue path by flagging the request as +REQ_NOMERGE so we don't change the size of it before issue. + +See also: + https://bugzilla.kernel.org/show_bug.cgi?id=201685 + +Tested-by: Guenter Roeck +Fixes: 6ce3dd6eec1 ("blk-mq: issue directly if hw queue isn't busy in case of 'none'") +Cc: stable@vger.kernel.org +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/blk-mq.c | 26 +++++++++++++++++++++++++- + 1 file changed, 25 insertions(+), 1 deletion(-) + +--- a/block/blk-mq.c ++++ b/block/blk-mq.c +@@ -1698,6 +1698,15 @@ static blk_status_t __blk_mq_issue_direc + break; + case BLK_STS_RESOURCE: + case BLK_STS_DEV_RESOURCE: ++ /* ++ * If direct dispatch fails, we cannot allow any merging on ++ * this IO. Drivers (like SCSI) may have set up permanent state ++ * for this request, like SG tables and mappings, and if we ++ * merge to it later on then we'll still only do IO to the ++ * original part. ++ */ ++ rq->cmd_flags |= REQ_NOMERGE; ++ + blk_mq_update_dispatch_busy(hctx, true); + __blk_mq_requeue_request(rq); + break; +@@ -1710,6 +1719,18 @@ static blk_status_t __blk_mq_issue_direc + return ret; + } + ++/* ++ * Don't allow direct dispatch of anything but regular reads/writes, ++ * as some of the other commands can potentially share request space ++ * with data we need for the IO scheduler. If we attempt a direct dispatch ++ * on those and fail, we can't safely add it to the scheduler afterwards ++ * without potentially overwriting data that the driver has already written. ++ */ ++static bool blk_rq_can_direct_dispatch(struct request *rq) ++{ ++ return req_op(rq) == REQ_OP_READ || req_op(rq) == REQ_OP_WRITE; ++} ++ + static blk_status_t __blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, + struct request *rq, + blk_qc_t *cookie, +@@ -1731,7 +1752,7 @@ static blk_status_t __blk_mq_try_issue_d + goto insert; + } + +- if (q->elevator && !bypass_insert) ++ if (!blk_rq_can_direct_dispatch(rq) || (q->elevator && !bypass_insert)) + goto insert; + + if (!blk_mq_get_dispatch_budget(hctx)) +@@ -1793,6 +1814,9 @@ void blk_mq_try_issue_list_directly(stru + struct request *rq = list_first_entry(list, struct request, + queuelist); + ++ if (!blk_rq_can_direct_dispatch(rq)) ++ break; ++ + list_del_init(&rq->queuelist); + ret = blk_mq_request_issue_directly(rq); + if (ret != BLK_STS_OK) { diff --git a/queue-4.19/series b/queue-4.19/series index e69de29bb2d..9fa52e38e9f 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -0,0 +1 @@ +blk-mq-fix-corruption-with-direct-issue.patch