Introduce and use sendpages_ok() instead of sendpage_ok() in nvme-tcp and drbd
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Medium
|
Matthew Ruffell | ||
| Oracular |
Fix Released
|
Medium
|
Matthew Ruffell | ||
Bug Description
BugLink: https:/
[Impact]
Currently the nvme-tcp and drbd subsystems try to enable the MSG_SPLICE_PAGES
flag on pages to be written, and when MSG_SPLICE_PAGES is set, eventually it
calls skb_splice_
to see if all the pages are sendable.
At the moment, both subsystems only check the first page in a potentially
contiguous block of pages, if they are sendpage_ok(), and if the first page is,
then it just assumes all the rest are sendpage_ok() too, and sends the I/O off
to eventually be found out by skb_splice_
pages in the contiguous block is not sendpage_ok(), then we get a warn printed,
data transfer is aborted. In the nvme-tcp case, IO then hangs.
This patchset introduces sendpages_ok() which iterates over each page in a
contiguous block, checks if it is sendpage_ok(), and only returns true if all
of them are.
This resolves the whole MSG_SPLICE_PAGES flag situation, since you can now
depend on the result of sendpages_ok(), instead of just assuming everything is
okay.
This issue is what caused bug 2075110 [0] to be discovered in the first place,
since it was responsible for contigious blocks of pages where the first was
sendpage_ok(), but pages further into the block were not.
[0] https:/
Even with "md/md-bitmap: fix writing non bitmap pages" applied, the issue can
still happen, e.g. with merged IO pages, so this fix is still needed to
eliminate the issue.
[Fix]
The fixes landed in mainline 6.12-rc1:
commit 23a55f4492fcf86
Author: Ofir Gal <email address hidden>
Date: Thu Jul 18 11:45:12 2024 +0300
Subject: net: introduce helper sendpages_ok()
Link: https:/
commit 6af7331a70b4888
Author: Ofir Gal <email address hidden>
Date: Thu Jul 18 11:45:13 2024 +0300
Subject: nvme-tcp: use sendpages_ok() instead of sendpage_ok()
Link: https:/
commit 7960af373ade3b3
Author: Ofir Gal <email address hidden>
Date: Thu Jul 18 11:45:14 2024 +0300
Subject: drbd: use sendpages_ok() instead of sendpage_ok()
Link: https:/
They are needed for noble and oracular.
[Testcase]
This is the same testcase as the original bug 2075110 [0], as the fix is
designed to prevent it or similar other bugs from happening again.
[0] https:/
Because of this, the fix:
commit ab99a87542f194f
Author: Ofir Gal <email address hidden>
Date: Fri Jun 7 10:27:44 2024 +0300
Subject: md/md-bitmap: fix writing non bitmap pages
Link: https:/
needs to be reverted during your test runs, or you won't see the issue
reproduce.
You can use this ppa for updated kernels with the revert to trigger the issue:
https:/
This can be reproduced by running blktests md/001 [1], which the author of the fix created to act as a regression test for this issue.
[1] https:/
Deploy a fresh Noble VM, that has a scratch NVME disk.
$ sudo apt install build-essential fio
$ git clone https:/
$ cd blktests
$ make
$ echo "TEST_DEVS=
$ sudo ./check md/001
The md/001 test will hang an affected system, and the above oops message will be visible in dmesg.
A test kernel is available in the following ppa:
https:/
This has both the fixes for this bug, and also bug 2075110. The issue will not
reproduce.
There is also a test kernel available with the fix for this bug present, and the
fix for bug 2075110 reverted, so you can see the impact of these patches only:
https:/
This will also not reproduce the issue anymore.
[Where problems could occur]
What we are changing is rather simple. Instead of checking the first page and
assuming all the rest in the contiguous block are sendpage_ok(), we now
check each page in the contiguous block to see if all of them are sendpage_ok().
If any aren't, then we abort the write to the driver, and try again later. This
saves us time.
However, it does take longer to call sendpage_ok() on each of the pages in the
contiguous block, so there will be a minor performance hit.
Small performance hit for correctness should be okay.
Currently we are only applying to nvme-tcp and drbd subsystems. If a regression
were to occur, it would affect users of those subsystems only.
[Other info]
Upstream mailing list:
https://<email address hidden>/T/#u
CVE References
- 2022-49034
- 2024-41014
- 2024-41932
- 2024-41935
- 2024-42122
- 2024-43098
- 2024-44955
- 2024-45828
- 2024-47141
- 2024-47143
- 2024-47794
- 2024-47809
- 2024-48873
- 2024-48875
- 2024-48876
- 2024-48881
- 2024-49569
- 2024-49899
- 2024-49906
- 2024-50051
- 2024-50167
- 2024-50215
- 2024-50216
- 2024-50218
- 2024-50220
- 2024-50221
- 2024-50222
- 2024-50223
- 2024-50224
- 2024-50225
- 2024-50226
- 2024-50230
- 2024-50231
- 2024-50232
- 2024-50234
- 2024-50235
- 2024-50236
- 2024-50237
- 2024-50238
- 2024-50239
- 2024-50240
- 2024-50242
- 2024-50243
- 2024-50244
- 2024-50245
- 2024-50246
- 2024-50247
- 2024-50248
- 2024-50249
- 2024-50250
- 2024-50251
- 2024-50252
- 2024-50255
- 2024-50256
- 2024-50257
- 2024-50258
- 2024-50259
- 2024-50261
- 2024-50262
- 2024-50263
- 2024-50265
- 2024-50267
- 2024-50268
- 2024-50269
- 2024-50270
- 2024-50271
- 2024-50272
- 2024-50273
- 2024-50274
- 2024-50275
- 2024-50276
- 2024-50278
- 2024-50279
- 2024-50280
- 2024-50282
- 2024-50283
- 2024-50284
- 2024-50285
- 2024-50286
- 2024-50287
- 2024-50288
- 2024-50289
- 2024-50290
- 2024-50291
- 2024-50292
- 2024-50294
- 2024-50295
- 2024-50296
- 2024-50297
- 2024-50298
- 2024-50299
- 2024-50300
- 2024-50301
- 2024-50302
- 2024-50303
- 2024-50304
- 2024-52332
- 2024-53042
- 2024-53043
- 2024-53044
- 2024-53045
- 2024-53046
- 2024-53047
- 2024-53048
- 2024-53050
- 2024-53051
- 2024-53052
- 2024-53053
- 2024-53055
- 2024-53058
- 2024-53059
- 2024-53060
- 2024-53061
- 2024-53062
- 2024-53063
- 2024-53066
- 2024-53067
- 2024-53068
- 2024-53072
- 2024-53076
- 2024-53081
- 2024-53082
- 2024-53083
- 2024-53084
- 2024-53085
- 2024-53086
- 2024-53087
- 2024-53088
- 2024-53140
- 2024-53142
- 2024-53145
- 2024-53146
- 2024-53147
- 2024-53148
- 2024-53150
- 2024-53151
- 2024-53154
- 2024-53155
- 2024-53157
- 2024-53158
- 2024-53160
- 2024-53161
- 2024-53162
- 2024-53163
- 2024-53166
- 2024-53168
- 2024-53169
- 2024-53171
- 2024-53172
- 2024-53173
- 2024-53174
- 2024-53175
- 2024-53176
- 2024-53177
- 2024-53178
- 2024-53180
- 2024-53181
- 2024-53183
- 2024-53184
- 2024-53185
- 2024-53187
- 2024-53188
- 2024-53190
- 2024-53191
- 2024-53194
- 2024-53195
- 2024-53196
- 2024-53197
- 2024-53198
- 2024-53200
- 2024-53201
- 2024-53202
- 2024-53203
- 2024-53208
- 2024-53209
- 2024-53210
- 2024-53213
- 2024-53214
- 2024-53215
- 2024-53216
- 2024-53217
- 2024-53218
- 2024-53219
- 2024-53220
- 2024-53221
- 2024-53222
- 2024-53223
- 2024-53224
- 2024-53226
- 2024-53227
- 2024-53228
- 2024-53229
- 2024-53230
- 2024-53231
- 2024-53232
- 2024-53233
- 2024-53234
- 2024-53236
- 2024-53237
- 2024-53239
- 2024-56531
- 2024-56532
- 2024-56533
- 2024-56538
- 2024-56539
- 2024-56540
- 2024-56543
- 2024-56545
- 2024-56546
- 2024-56548
- 2024-56549
- 2024-56550
- 2024-56551
- 2024-56557
- 2024-56558
- 2024-56561
- 2024-56562
- 2024-56565
- 2024-56566
- 2024-56567
- 2024-56568
- 2024-56569
- 2024-56570
- 2024-56572
- 2024-56573
- 2024-56574
- 2024-56575
- 2024-56576
- 2024-56577
- 2024-56578
- 2024-56579
- 2024-56580
- 2024-56581
- 2024-56583
- 2024-56584
- 2024-56585
- 2024-56586
- 2024-56587
- 2024-56588
- 2024-56589
- 2024-56590
- 2024-56592
- 2024-56593
- 2024-56594
- 2024-56595
- 2024-56596
- 2024-56597
- 2024-56598
- 2024-56599
- 2024-56600
- 2024-56601
- 2024-56602
- 2024-56603
- 2024-56604
- 2024-56605
- 2024-56606
- 2024-56607
- 2024-56608
- 2024-56609
- 2024-56610
- 2024-56611
- 2024-56613
- 2024-56615
- 2024-56616
- 2024-56619
- 2024-56620
- 2024-56621
- 2024-56622
- 2024-56623
- 2024-56625
- 2024-56626
- 2024-56627
- 2024-56628
- 2024-56629
- 2024-56630
- 2024-56631
- 2024-56632
- 2024-56633
- 2024-56634
- 2024-56635
- 2024-56636
- 2024-56637
- 2024-56638
- 2024-56640
- 2024-56641
- 2024-56642
- 2024-56643
- 2024-56644
- 2024-56645
- 2024-56647
- 2024-56648
- 2024-56649
- 2024-56650
- 2024-56651
- 2024-56658
- 2024-56661
- 2024-56672
- 2024-56677
- 2024-56678
- 2024-56679
- 2024-56681
- 2024-56683
- 2024-56685
- 2024-56687
- 2024-56688
- 2024-56689
- 2024-56690
- 2024-56691
- 2024-56692
- 2024-56693
- 2024-56694
- 2024-56698
- 2024-56700
- 2024-56701
- 2024-56703
- 2024-56704
- 2024-56705
- 2024-56707
- 2024-56708
- 2024-56720
- 2024-56721
- 2024-56722
- 2024-56723
- 2024-56724
- 2024-56725
- 2024-56726
- 2024-56727
- 2024-56728
- 2024-56729
- 2024-56739
- 2024-56741
- 2024-56742
- 2024-56744
- 2024-56745
- 2024-56746
- 2024-56747
- 2024-56748
- 2024-56751
- 2024-56752
- 2024-56754
- 2024-56755
- 2024-56756
- 2024-56765
- 2024-56771
- 2024-56772
- 2024-56773
- 2024-56774
- 2024-56775
- 2024-56776
- 2024-56777
- 2024-56778
- 2024-56779
- 2024-56780
- 2024-56781
- 2024-56782
- 2024-56783
- 2024-56785
- 2024-56786
- 2024-56787
- 2024-57798
- 2024-57838
- 2024-57843
- 2024-57849
- 2024-57850
- 2024-57872
- 2024-57874
- 2024-57876
- 2025-21700
- 2025-21701
- 2025-21702
- 2025-21703
- 2025-21756
| Masahiro Yamada (myamada) wrote | #2 |
| Meir Elisha (meireli) wrote | #3 |
| Masahiro Yamada (myamada) wrote | #4 |
| Meir Elisha (meireli) wrote | #5 |
| Masahiro Yamada (myamada) wrote | #6 |
| Changed in linux (Ubuntu Noble): | |
| status: | New → In Progress |
| Changed in linux (Ubuntu Oracular): | |
| status: | New → In Progress |
| Changed in linux (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux (Ubuntu Noble): | |
| importance: | Undecided → Medium |
| Changed in linux (Ubuntu Oracular): | |
| importance: | Undecided → Medium |
| Changed in linux (Ubuntu Noble): | |
| assignee: | nobody → Matthew Ruffell (mruffell) |
| Changed in linux (Ubuntu Oracular): | |
| assignee: | nobody → Matthew Ruffell (mruffell) |
| summary: |
- Using sendpages_ok() in nvme_tcp_try_send_data() + Introduce and use sendpages_ok() instead of sendpage_ok() in nvme-tcp + and drbg |
| description: | updated |
| Matthew Ruffell (mruffell) wrote Re: Introduce and use sendpages_ok() instead of sendpage_ok() in nvme-tcp and drbg | #7 |
| summary: |
Introduce and use sendpages_ok() instead of sendpage_ok() in nvme-tcp - and drbg + and drbd |
| description: | updated |
| Changed in linux (Ubuntu Oracular): | |
| status: | In Progress → Fix Committed |
| Changed in linux (Ubuntu Noble): | |
| status: | In Progress → Fix Committed |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #8 |
| tags: | added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #9 |
| tags: | added: kernel-spammed-oracular-linux-v2 verification-needed-oracular-linux |
| Matthew Ruffell (mruffell) wrote | #10 |
| tags: |
added: verification-done-noble-linux removed: verification-needed-noble-linux |
| Matthew Ruffell (mruffell) wrote | #11 |
| tags: |
added: verification-done-oracular-linux removed: verification-needed-oracular-linux |
| Launchpad Janitor (janitor) wrote | #12 |
| Changed in linux (Ubuntu Oracular): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote | #13 |
| Changed in linux (Ubuntu Noble): | |
| status: | Fix Committed → Fix Released |
| tags: | added: kernel-daily-bug |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #14 |
| tags: | added: kernel-spammed-noble-linux-nvidia-6.11-v2 verification-needed-noble-linux-nvidia-6.11 |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #15 |
| tags: | added: kernel-spammed-noble-linux-aws-6.11-v2 verification-needed-noble-linux-aws-6.11 |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #16 |
| tags: | added: kernel-spammed-noble-linux-raspi-v2 verification-needed-noble-linux-raspi |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #17 |
| tags: | added: kernel-spammed-oracular-linux-intel-v2 verification-needed-oracular-linux-intel |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #18 |
| tags: | added: kernel-spammed-noble-linux-nvidia-tegra-v2 verification-needed-noble-linux-nvidia-tegra |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #19 |
| tags: | added: kernel-spammed-noble-linux-fips-v2 verification-needed-noble-linux-fips |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #20 |
| tags: | added: kernel-spammed-noble-linux-aws-fips-v2 verification-needed-noble-linux-aws-fips |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #21 |
| tags: | added: kernel-spammed-noble-linux-gcp-fips-v2 verification-needed-noble-linux-gcp-fips |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #22 |
| tags: | added: kernel-spammed-noble-linux-xilinx-v2 verification-needed-noble-linux-xilinx |
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote | #23 |
| tags: | added: kernel-spammed-noble-linux-azure-fips-v2 verification-needed-noble-linux-azure-fips |
Does it fix any bug?