From patchwork Sat Jul 21 00:41:45 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sage Weil <sage@inktank.com>
X-Patchwork-Id: 1222901
Return-Path: <ceph-devel-owner@vger.kernel.org>
X-Original-To: patchwork-ceph-devel@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork2.kernel.org (Postfix) with ESMTP id 1605AE0038
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Sat, 21 Jul 2012 00:33:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752904Ab2GUAdQ (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Fri, 20 Jul 2012 20:33:16 -0400
Received: from cobra.newdream.net ([66.33.216.30]:46571 "EHLO
	cobra.newdream.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752903Ab2GUAdK (ORCPT
	<rfc822; ceph-devel@vger.kernel.org>); Fri, 20 Jul 2012 20:33:10 -0400
Received: from fatty.ops.newdream.net (unknown [38.122.20.226])
	by cobra.newdream.net (Postfix) with ESMTPA id 26B2481359;
	Fri, 20 Jul 2012 17:33:10 -0700 (PDT)
From: Sage Weil <sage@inktank.com>
To: ceph-devel@vger.kernel.org
Cc: Sage Weil <sage@inktank.com>
Subject: [PATCH 6/9] libceph: (re)initialize bio_iter on start of message
	receive
Date: Fri, 20 Jul 2012 17:41:45 -0700
Message-Id: <1342831308-18815-7-git-send-email-sage@inktank.com>
X-Mailer: git-send-email 1.7.9
In-Reply-To: <1342831308-18815-1-git-send-email-sage@inktank.com>
References: <1342831308-18815-1-git-send-email-sage@inktank.com>
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

Previously, we were opportunistically initializing the bio_iter if it
appeared to be uninitialized in the middle of the read path.  The problem
is that a sequence like:

 - start reading message
 - initialize bio_iter
 - read half a message
 - messenger fault, reconnect
 - restart reading message
 - ** bio_iter now non-NULL, not reinitialized **
 - read past end of bio, crash

Instead, initialize the bio_iter unconditionally when we allocate/claim
the message for read.

Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
---
 net/ceph/messenger.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index e24310e..efa369f 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -1876,6 +1876,11 @@ static int read_partial_message(struct ceph_connection *con)
 		else
 			con->in_msg_pos.page_pos = 0;
 		con->in_msg_pos.data_pos = 0;
+
+#ifdef CONFIG_BLOCK
+		if (m->bio)
+			init_bio_iter(m->bio, &m->bio_iter, &m->bio_seg);
+#endif
 	}
 
 	/* front */
@@ -1892,10 +1897,6 @@ static int read_partial_message(struct ceph_connection *con)
 		if (ret <= 0)
 			return ret;
 	}
-#ifdef CONFIG_BLOCK
-	if (m->bio && !m->bio_iter)
-		init_bio_iter(m->bio, &m->bio_iter, &m->bio_seg);
-#endif
 
 	/* (page) data */
 	while (con->in_msg_pos.data_pos < data_len) {
@@ -1906,7 +1907,7 @@ static int read_partial_message(struct ceph_connection *con)
 				return ret;
 #ifdef CONFIG_BLOCK
 		} else if (m->bio) {
-
+			BUG_ON(!m->bio_iter);
 			ret = read_partial_message_bio(con,
 						 &m->bio_iter, &m->bio_seg,
 						 data_len, do_datacrc);