Add iotype sanity check to avoid potential memory corruption.
This is to fix the compile error below:
fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
'io_lat->peak_lat[type]' 3 <= 3
vim +228 fs/f2fs/iostat.c
211 static inline void __update_iostat_latency(struct bio_iostat_ctx
*iostat_ctx,
212 enum iostat_lat_type type)
213 {
214 unsigned long ts_diff;
215 unsigned int page_type = iostat_ctx->type;
216 struct f2fs_sb_info *sbi = iostat_ctx->sbi;
217 struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
218 unsigned long flags;
219
220 if (!sbi->iostat_enable)
221 return;
222
223 ts_diff = jiffies - iostat_ctx->submit_ts;
224 if (page_type >= META_FLUSH)
^^^^^^^^^^
225 page_type = META;
226
227 spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
@228 io_lat->sum_lat[type][page_type] += ts_diff;
^^^^^^^^^
Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.
Fixes: a4b6817625e7 ("f2fs: introduce periodic iostat io latency traces")
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Suggested-by: Chao Yu <[email protected]>
Suggested-by: Jaegeuk Kim <[email protected]>
Signed-off-by: Yangtao Li <[email protected]>
---
v3:
-convert to warn
fs/f2fs/iostat.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
index ed8176939aa5..96637756eae8 100644
--- a/fs/f2fs/iostat.c
+++ b/fs/f2fs/iostat.c
@@ -223,8 +223,12 @@ static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
return;
ts_diff = jiffies - iostat_ctx->submit_ts;
- if (iotype >= META_FLUSH)
+ if (iotype == META_FLUSH) {
iotype = META;
+ } else if (iotype >= NR_PAGE_TYPE) {
+ f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
+ return;
+ }
if (rw == 0) {
idx = READ_IO;
--
2.25.1
Convert to use iostat_lat_type as parameter instead of raw number.
BTW, move NUM_PREALLOC_IOSTAT_CTXS to the header file, and rename
iotype to page_type to match the definition.
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Yangtao Li <[email protected]>
---
v3:
-convert to f2fs_warn()
fs/f2fs/data.c | 4 ++--
fs/f2fs/iostat.c | 39 ++++++++++++++++-----------------------
fs/f2fs/iostat.h | 19 ++++++++++---------
3 files changed, 28 insertions(+), 34 deletions(-)
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index 1645b8a1b904..710d4acde187 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -292,7 +292,7 @@ static void f2fs_read_end_io(struct bio *bio)
struct bio_post_read_ctx *ctx;
bool intask = in_task();
- iostat_update_and_unbind_ctx(bio, 0);
+ iostat_update_and_unbind_ctx(bio, READ_IO);
ctx = bio->bi_private;
if (time_to_inject(sbi, FAULT_READ_IO))
@@ -330,7 +330,7 @@ static void f2fs_write_end_io(struct bio *bio)
struct bio_vec *bvec;
struct bvec_iter_all iter_all;
- iostat_update_and_unbind_ctx(bio, 1);
+ iostat_update_and_unbind_ctx(bio, bio->bi_opf & REQ_SYNC ? WRITE_SYNC_IO : WRITE_ASYNC_IO);
sbi = bio->bi_private;
if (time_to_inject(sbi, FAULT_WRITE_IO))
diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
index 96637756eae8..c767a2e7d5a9 100644
--- a/fs/f2fs/iostat.c
+++ b/fs/f2fs/iostat.c
@@ -14,7 +14,6 @@
#include "iostat.h"
#include <trace/events/f2fs.h>
-#define NUM_PREALLOC_IOSTAT_CTXS 128
static struct kmem_cache *bio_iostat_ctx_cache;
static mempool_t *bio_iostat_ctx_pool;
@@ -210,53 +209,47 @@ void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
}
static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
- int rw, bool is_sync)
+ enum iostat_lat_type lat_type)
{
unsigned long ts_diff;
- unsigned int iotype = iostat_ctx->type;
+ unsigned int page_type = iostat_ctx->type;
struct f2fs_sb_info *sbi = iostat_ctx->sbi;
struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
- int idx;
unsigned long flags;
if (!sbi->iostat_enable)
return;
ts_diff = jiffies - iostat_ctx->submit_ts;
- if (iotype == META_FLUSH) {
- iotype = META;
- } else if (iotype >= NR_PAGE_TYPE) {
- f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
+ if (page_type == META_FLUSH) {
+ page_type = META;
+ } else if (page_type >= NR_PAGE_TYPE) {
+ f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, page_type);
return;
}
- if (rw == 0) {
- idx = READ_IO;
- } else {
- if (is_sync)
- idx = WRITE_SYNC_IO;
- else
- idx = WRITE_ASYNC_IO;
+ if (lat_type >= MAX_IO_TYPE) {
+ f2fs_warn(sbi, "%s: %d over MAX_IO_TYPE", __func__, lat_type);
+ return;
}
spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
- io_lat->sum_lat[idx][iotype] += ts_diff;
- io_lat->bio_cnt[idx][iotype]++;
- if (ts_diff > io_lat->peak_lat[idx][iotype])
- io_lat->peak_lat[idx][iotype] = ts_diff;
+ io_lat->sum_lat[lat_type][page_type] += ts_diff;
+ io_lat->bio_cnt[lat_type][page_type]++;
+ if (ts_diff > io_lat->peak_lat[lat_type][page_type])
+ io_lat->peak_lat[lat_type][page_type] = ts_diff;
spin_unlock_irqrestore(&sbi->iostat_lat_lock, flags);
}
-void iostat_update_and_unbind_ctx(struct bio *bio, int rw)
+void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type lat_type)
{
struct bio_iostat_ctx *iostat_ctx = bio->bi_private;
- bool is_sync = bio->bi_opf & REQ_SYNC;
- if (rw == 0)
+ if (lat_type == READ_IO)
bio->bi_private = iostat_ctx->post_read_ctx;
else
bio->bi_private = iostat_ctx->sbi;
- __update_iostat_latency(iostat_ctx, rw, is_sync);
+ __update_iostat_latency(iostat_ctx, lat_type);
mempool_free(iostat_ctx, bio_iostat_ctx_pool);
}
diff --git a/fs/f2fs/iostat.h b/fs/f2fs/iostat.h
index 2c048307b6e0..1f827a2fe6b2 100644
--- a/fs/f2fs/iostat.h
+++ b/fs/f2fs/iostat.h
@@ -8,20 +8,21 @@
struct bio_post_read_ctx;
+enum iostat_lat_type {
+ READ_IO = 0,
+ WRITE_SYNC_IO,
+ WRITE_ASYNC_IO,
+ MAX_IO_TYPE,
+};
+
#ifdef CONFIG_F2FS_IOSTAT
+#define NUM_PREALLOC_IOSTAT_CTXS 128
#define DEFAULT_IOSTAT_PERIOD_MS 3000
#define MIN_IOSTAT_PERIOD_MS 100
/* maximum period of iostat tracing is 1 day */
#define MAX_IOSTAT_PERIOD_MS 8640000
-enum {
- READ_IO,
- WRITE_SYNC_IO,
- WRITE_ASYNC_IO,
- MAX_IO_TYPE,
-};
-
struct iostat_lat_info {
unsigned long sum_lat[MAX_IO_TYPE][NR_PAGE_TYPE]; /* sum of io latencies */
unsigned long peak_lat[MAX_IO_TYPE][NR_PAGE_TYPE]; /* peak io latency */
@@ -57,7 +58,7 @@ static inline struct bio_post_read_ctx *get_post_read_ctx(struct bio *bio)
return iostat_ctx->post_read_ctx;
}
-extern void iostat_update_and_unbind_ctx(struct bio *bio, int rw);
+extern void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type);
extern void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
struct bio *bio, struct bio_post_read_ctx *ctx);
extern int f2fs_init_iostat_processing(void);
@@ -67,7 +68,7 @@ extern void f2fs_destroy_iostat(struct f2fs_sb_info *sbi);
#else
static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
enum iostat_type type, unsigned long long io_bytes) {}
-static inline void iostat_update_and_unbind_ctx(struct bio *bio, int rw) {}
+static inline void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type) {}
static inline void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
struct bio *bio, struct bio_post_read_ctx *ctx) {}
static inline void iostat_update_submit_ctx(struct bio *bio,
--
2.25.1
On 2023/1/21 0:16, Yangtao Li wrote:
> Add iotype sanity check to avoid potential memory corruption.
> This is to fix the compile error below:
>
> fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
> 'io_lat->peak_lat[type]' 3 <= 3
>
> vim +228 fs/f2fs/iostat.c
>
> 211 static inline void __update_iostat_latency(struct bio_iostat_ctx
> *iostat_ctx,
> 212 enum iostat_lat_type type)
> 213 {
> 214 unsigned long ts_diff;
> 215 unsigned int page_type = iostat_ctx->type;
> 216 struct f2fs_sb_info *sbi = iostat_ctx->sbi;
> 217 struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
> 218 unsigned long flags;
> 219
> 220 if (!sbi->iostat_enable)
> 221 return;
> 222
> 223 ts_diff = jiffies - iostat_ctx->submit_ts;
> 224 if (page_type >= META_FLUSH)
> ^^^^^^^^^^
>
> 225 page_type = META;
> 226
> 227 spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
> @228 io_lat->sum_lat[type][page_type] += ts_diff;
> ^^^^^^^^^
> Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.
>
> Fixes: a4b6817625e7 ("f2fs: introduce periodic iostat io latency traces")
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Dan Carpenter <[email protected]>
> Suggested-by: Chao Yu <[email protected]>
> Suggested-by: Jaegeuk Kim <[email protected]>
> Signed-off-by: Yangtao Li <[email protected]>
Reviewed-by: Chao Yu <[email protected]>
Thanks,
On 2023/1/21 0:16, Yangtao Li wrote:
> Convert to use iostat_lat_type as parameter instead of raw number.
> BTW, move NUM_PREALLOC_IOSTAT_CTXS to the header file, and rename
> iotype to page_type to match the definition.
>
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Dan Carpenter <[email protected]>
> Signed-off-by: Yangtao Li <[email protected]>
> ---
> v3:
> -convert to f2fs_warn()
> fs/f2fs/data.c | 4 ++--
> fs/f2fs/iostat.c | 39 ++++++++++++++++-----------------------
> fs/f2fs/iostat.h | 19 ++++++++++---------
> 3 files changed, 28 insertions(+), 34 deletions(-)
>
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index 1645b8a1b904..710d4acde187 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -292,7 +292,7 @@ static void f2fs_read_end_io(struct bio *bio)
> struct bio_post_read_ctx *ctx;
> bool intask = in_task();
>
> - iostat_update_and_unbind_ctx(bio, 0);
> + iostat_update_and_unbind_ctx(bio, READ_IO);
> ctx = bio->bi_private;
>
> if (time_to_inject(sbi, FAULT_READ_IO))
> @@ -330,7 +330,7 @@ static void f2fs_write_end_io(struct bio *bio)
> struct bio_vec *bvec;
> struct bvec_iter_all iter_all;
>
> - iostat_update_and_unbind_ctx(bio, 1);
> + iostat_update_and_unbind_ctx(bio, bio->bi_opf & REQ_SYNC ? WRITE_SYNC_IO : WRITE_ASYNC_IO);
> sbi = bio->bi_private;
>
> if (time_to_inject(sbi, FAULT_WRITE_IO))
> diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
> index 96637756eae8..c767a2e7d5a9 100644
> --- a/fs/f2fs/iostat.c
> +++ b/fs/f2fs/iostat.c
> @@ -14,7 +14,6 @@
> #include "iostat.h"
> #include <trace/events/f2fs.h>
>
> -#define NUM_PREALLOC_IOSTAT_CTXS 128
> static struct kmem_cache *bio_iostat_ctx_cache;
> static mempool_t *bio_iostat_ctx_pool;
>
> @@ -210,53 +209,47 @@ void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
> }
>
> static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
> - int rw, bool is_sync)
> + enum iostat_lat_type lat_type)
> {
> unsigned long ts_diff;
> - unsigned int iotype = iostat_ctx->type;
> + unsigned int page_type = iostat_ctx->type;
> struct f2fs_sb_info *sbi = iostat_ctx->sbi;
> struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
> - int idx;
> unsigned long flags;
>
> if (!sbi->iostat_enable)
> return;
>
> ts_diff = jiffies - iostat_ctx->submit_ts;
> - if (iotype == META_FLUSH) {
> - iotype = META;
> - } else if (iotype >= NR_PAGE_TYPE) {
> - f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
> + if (page_type == META_FLUSH) {
> + page_type = META;
> + } else if (page_type >= NR_PAGE_TYPE) {
> + f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, page_type);
> return;
> }
>
> - if (rw == 0) {
> - idx = READ_IO;
> - } else {
> - if (is_sync)
> - idx = WRITE_SYNC_IO;
> - else
> - idx = WRITE_ASYNC_IO;
> + if (lat_type >= MAX_IO_TYPE) {
> + f2fs_warn(sbi, "%s: %d over MAX_IO_TYPE", __func__, lat_type);
> + return;
> }
>
> spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
> - io_lat->sum_lat[idx][iotype] += ts_diff;
> - io_lat->bio_cnt[idx][iotype]++;
> - if (ts_diff > io_lat->peak_lat[idx][iotype])
> - io_lat->peak_lat[idx][iotype] = ts_diff;
> + io_lat->sum_lat[lat_type][page_type] += ts_diff;
> + io_lat->bio_cnt[lat_type][page_type]++;
> + if (ts_diff > io_lat->peak_lat[lat_type][page_type])
> + io_lat->peak_lat[lat_type][page_type] = ts_diff;
> spin_unlock_irqrestore(&sbi->iostat_lat_lock, flags);
> }
>
> -void iostat_update_and_unbind_ctx(struct bio *bio, int rw)
> +void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type lat_type)
> {
> struct bio_iostat_ctx *iostat_ctx = bio->bi_private;
> - bool is_sync = bio->bi_opf & REQ_SYNC;
>
> - if (rw == 0)
> + if (lat_type == READ_IO)
> bio->bi_private = iostat_ctx->post_read_ctx;
> else
> bio->bi_private = iostat_ctx->sbi;
> - __update_iostat_latency(iostat_ctx, rw, is_sync);
> + __update_iostat_latency(iostat_ctx, lat_type);
> mempool_free(iostat_ctx, bio_iostat_ctx_pool);
> }
>
> diff --git a/fs/f2fs/iostat.h b/fs/f2fs/iostat.h
> index 2c048307b6e0..1f827a2fe6b2 100644
> --- a/fs/f2fs/iostat.h
> +++ b/fs/f2fs/iostat.h
> @@ -8,20 +8,21 @@
>
> struct bio_post_read_ctx;
>
> +enum iostat_lat_type {
> + READ_IO = 0,
> + WRITE_SYNC_IO,
> + WRITE_ASYNC_IO,
> + MAX_IO_TYPE,
> +};
How about adjusting iostat_lat[{0,1,2}] to iostat_lat[{READ_IO,WRITE_SYNC_IO,WRITE_ASYNC_IO}]
in tracepoint function.
TP_fast_assign(
__entry->dev = sbi->sb->s_dev;
__entry->d_rd_peak = iostat_lat[0][DATA].peak_lat;
__entry->d_rd_avg = iostat_lat[0][DATA].avg_lat;
__entry->d_rd_cnt = iostat_lat[0][DATA].cnt;
__entry->n_rd_peak = iostat_lat[0][NODE].peak_lat;
__entry->n_rd_avg = iostat_lat[0][NODE].avg_lat;
__entry->n_rd_cnt = iostat_lat[0][NODE].cnt;
__entry->m_rd_peak = iostat_lat[0][META].peak_lat;
__entry->m_rd_avg = iostat_lat[0][META].avg_lat;
__entry->m_rd_cnt = iostat_lat[0][META].cnt;
__entry->d_wr_s_peak = iostat_lat[1][DATA].peak_lat;
__entry->d_wr_s_avg = iostat_lat[1][DATA].avg_lat;
__entry->d_wr_s_cnt = iostat_lat[1][DATA].cnt;
__entry->n_wr_s_peak = iostat_lat[1][NODE].peak_lat;
__entry->n_wr_s_avg = iostat_lat[1][NODE].avg_lat;
__entry->n_wr_s_cnt = iostat_lat[1][NODE].cnt;
__entry->m_wr_s_peak = iostat_lat[1][META].peak_lat;
__entry->m_wr_s_avg = iostat_lat[1][META].avg_lat;
__entry->m_wr_s_cnt = iostat_lat[1][META].cnt;
__entry->d_wr_as_peak = iostat_lat[2][DATA].peak_lat;
__entry->d_wr_as_avg = iostat_lat[2][DATA].avg_lat;
__entry->d_wr_as_cnt = iostat_lat[2][DATA].cnt;
__entry->n_wr_as_peak = iostat_lat[2][NODE].peak_lat;
__entry->n_wr_as_avg = iostat_lat[2][NODE].avg_lat;
__entry->n_wr_as_cnt = iostat_lat[2][NODE].cnt;
__entry->m_wr_as_peak = iostat_lat[2][META].peak_lat;
__entry->m_wr_as_avg = iostat_lat[2][META].avg_lat;
__entry->m_wr_as_cnt = iostat_lat[2][META].cnt;
),
Thanks,
> +
> #ifdef CONFIG_F2FS_IOSTAT
>
> +#define NUM_PREALLOC_IOSTAT_CTXS 128
> #define DEFAULT_IOSTAT_PERIOD_MS 3000
> #define MIN_IOSTAT_PERIOD_MS 100
> /* maximum period of iostat tracing is 1 day */
> #define MAX_IOSTAT_PERIOD_MS 8640000
>
> -enum {
> - READ_IO,
> - WRITE_SYNC_IO,
> - WRITE_ASYNC_IO,
> - MAX_IO_TYPE,
> -};
> -
> struct iostat_lat_info {
> unsigned long sum_lat[MAX_IO_TYPE][NR_PAGE_TYPE]; /* sum of io latencies */
> unsigned long peak_lat[MAX_IO_TYPE][NR_PAGE_TYPE]; /* peak io latency */
> @@ -57,7 +58,7 @@ static inline struct bio_post_read_ctx *get_post_read_ctx(struct bio *bio)
> return iostat_ctx->post_read_ctx;
> }
>
> -extern void iostat_update_and_unbind_ctx(struct bio *bio, int rw);
> +extern void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type);
> extern void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
> struct bio *bio, struct bio_post_read_ctx *ctx);
> extern int f2fs_init_iostat_processing(void);
> @@ -67,7 +68,7 @@ extern void f2fs_destroy_iostat(struct f2fs_sb_info *sbi);
> #else
> static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
> enum iostat_type type, unsigned long long io_bytes) {}
> -static inline void iostat_update_and_unbind_ctx(struct bio *bio, int rw) {}
> +static inline void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type) {}
> static inline void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
> struct bio *bio, struct bio_post_read_ctx *ctx) {}
> static inline void iostat_update_submit_ctx(struct bio *bio,
On 01/31, Chao Yu wrote:
> On 2023/1/21 0:16, Yangtao Li wrote:
> > Convert to use iostat_lat_type as parameter instead of raw number.
> > BTW, move NUM_PREALLOC_IOSTAT_CTXS to the header file, and rename
> > iotype to page_type to match the definition.
> >
> > Reported-by: kernel test robot <[email protected]>
> > Reported-by: Dan Carpenter <[email protected]>
> > Signed-off-by: Yangtao Li <[email protected]>
> > ---
> > v3:
> > -convert to f2fs_warn()
> > fs/f2fs/data.c | 4 ++--
> > fs/f2fs/iostat.c | 39 ++++++++++++++++-----------------------
> > fs/f2fs/iostat.h | 19 ++++++++++---------
> > 3 files changed, 28 insertions(+), 34 deletions(-)
> >
> > diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> > index 1645b8a1b904..710d4acde187 100644
> > --- a/fs/f2fs/data.c
> > +++ b/fs/f2fs/data.c
> > @@ -292,7 +292,7 @@ static void f2fs_read_end_io(struct bio *bio)
> > struct bio_post_read_ctx *ctx;
> > bool intask = in_task();
> > - iostat_update_and_unbind_ctx(bio, 0);
> > + iostat_update_and_unbind_ctx(bio, READ_IO);
> > ctx = bio->bi_private;
> > if (time_to_inject(sbi, FAULT_READ_IO))
> > @@ -330,7 +330,7 @@ static void f2fs_write_end_io(struct bio *bio)
> > struct bio_vec *bvec;
> > struct bvec_iter_all iter_all;
> > - iostat_update_and_unbind_ctx(bio, 1);
> > + iostat_update_and_unbind_ctx(bio, bio->bi_opf & REQ_SYNC ? WRITE_SYNC_IO : WRITE_ASYNC_IO);
> > sbi = bio->bi_private;
> > if (time_to_inject(sbi, FAULT_WRITE_IO))
> > diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
> > index 96637756eae8..c767a2e7d5a9 100644
> > --- a/fs/f2fs/iostat.c
> > +++ b/fs/f2fs/iostat.c
> > @@ -14,7 +14,6 @@
> > #include "iostat.h"
> > #include <trace/events/f2fs.h>
> > -#define NUM_PREALLOC_IOSTAT_CTXS 128
> > static struct kmem_cache *bio_iostat_ctx_cache;
> > static mempool_t *bio_iostat_ctx_pool;
> > @@ -210,53 +209,47 @@ void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
> > }
> > static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
> > - int rw, bool is_sync)
> > + enum iostat_lat_type lat_type)
> > {
> > unsigned long ts_diff;
> > - unsigned int iotype = iostat_ctx->type;
> > + unsigned int page_type = iostat_ctx->type;
> > struct f2fs_sb_info *sbi = iostat_ctx->sbi;
> > struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
> > - int idx;
> > unsigned long flags;
> > if (!sbi->iostat_enable)
> > return;
> > ts_diff = jiffies - iostat_ctx->submit_ts;
> > - if (iotype == META_FLUSH) {
> > - iotype = META;
> > - } else if (iotype >= NR_PAGE_TYPE) {
> > - f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
> > + if (page_type == META_FLUSH) {
> > + page_type = META;
> > + } else if (page_type >= NR_PAGE_TYPE) {
> > + f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, page_type);
> > return;
> > }
> > - if (rw == 0) {
> > - idx = READ_IO;
> > - } else {
> > - if (is_sync)
> > - idx = WRITE_SYNC_IO;
> > - else
> > - idx = WRITE_ASYNC_IO;
> > + if (lat_type >= MAX_IO_TYPE) {
> > + f2fs_warn(sbi, "%s: %d over MAX_IO_TYPE", __func__, lat_type);
> > + return;
> > }
> > spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
> > - io_lat->sum_lat[idx][iotype] += ts_diff;
> > - io_lat->bio_cnt[idx][iotype]++;
> > - if (ts_diff > io_lat->peak_lat[idx][iotype])
> > - io_lat->peak_lat[idx][iotype] = ts_diff;
> > + io_lat->sum_lat[lat_type][page_type] += ts_diff;
> > + io_lat->bio_cnt[lat_type][page_type]++;
> > + if (ts_diff > io_lat->peak_lat[lat_type][page_type])
> > + io_lat->peak_lat[lat_type][page_type] = ts_diff;
> > spin_unlock_irqrestore(&sbi->iostat_lat_lock, flags);
> > }
> > -void iostat_update_and_unbind_ctx(struct bio *bio, int rw)
> > +void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type lat_type)
> > {
> > struct bio_iostat_ctx *iostat_ctx = bio->bi_private;
> > - bool is_sync = bio->bi_opf & REQ_SYNC;
> > - if (rw == 0)
> > + if (lat_type == READ_IO)
> > bio->bi_private = iostat_ctx->post_read_ctx;
> > else
> > bio->bi_private = iostat_ctx->sbi;
> > - __update_iostat_latency(iostat_ctx, rw, is_sync);
> > + __update_iostat_latency(iostat_ctx, lat_type);
> > mempool_free(iostat_ctx, bio_iostat_ctx_pool);
> > }
> > diff --git a/fs/f2fs/iostat.h b/fs/f2fs/iostat.h
> > index 2c048307b6e0..1f827a2fe6b2 100644
> > --- a/fs/f2fs/iostat.h
> > +++ b/fs/f2fs/iostat.h
> > @@ -8,20 +8,21 @@
> > struct bio_post_read_ctx;
> > +enum iostat_lat_type {
> > + READ_IO = 0,
> > + WRITE_SYNC_IO,
> > + WRITE_ASYNC_IO,
> > + MAX_IO_TYPE,
> > +};
>
> How about adjusting iostat_lat[{0,1,2}] to iostat_lat[{READ_IO,WRITE_SYNC_IO,WRITE_ASYNC_IO}]
> in tracepoint function.
>
> TP_fast_assign(
> __entry->dev = sbi->sb->s_dev;
> __entry->d_rd_peak = iostat_lat[0][DATA].peak_lat;
> __entry->d_rd_avg = iostat_lat[0][DATA].avg_lat;
> __entry->d_rd_cnt = iostat_lat[0][DATA].cnt;
> __entry->n_rd_peak = iostat_lat[0][NODE].peak_lat;
> __entry->n_rd_avg = iostat_lat[0][NODE].avg_lat;
> __entry->n_rd_cnt = iostat_lat[0][NODE].cnt;
> __entry->m_rd_peak = iostat_lat[0][META].peak_lat;
> __entry->m_rd_avg = iostat_lat[0][META].avg_lat;
> __entry->m_rd_cnt = iostat_lat[0][META].cnt;
> __entry->d_wr_s_peak = iostat_lat[1][DATA].peak_lat;
> __entry->d_wr_s_avg = iostat_lat[1][DATA].avg_lat;
> __entry->d_wr_s_cnt = iostat_lat[1][DATA].cnt;
> __entry->n_wr_s_peak = iostat_lat[1][NODE].peak_lat;
> __entry->n_wr_s_avg = iostat_lat[1][NODE].avg_lat;
> __entry->n_wr_s_cnt = iostat_lat[1][NODE].cnt;
> __entry->m_wr_s_peak = iostat_lat[1][META].peak_lat;
> __entry->m_wr_s_avg = iostat_lat[1][META].avg_lat;
> __entry->m_wr_s_cnt = iostat_lat[1][META].cnt;
> __entry->d_wr_as_peak = iostat_lat[2][DATA].peak_lat;
> __entry->d_wr_as_avg = iostat_lat[2][DATA].avg_lat;
> __entry->d_wr_as_cnt = iostat_lat[2][DATA].cnt;
> __entry->n_wr_as_peak = iostat_lat[2][NODE].peak_lat;
> __entry->n_wr_as_avg = iostat_lat[2][NODE].avg_lat;
> __entry->n_wr_as_cnt = iostat_lat[2][NODE].cnt;
> __entry->m_wr_as_peak = iostat_lat[2][META].peak_lat;
> __entry->m_wr_as_avg = iostat_lat[2][META].avg_lat;
> __entry->m_wr_as_cnt = iostat_lat[2][META].cnt;
> ),
Yangtao,
Could you please send another patch to address the Choa's suggestion?
Thanks,
>
> Thanks,
>
> > +
> > #ifdef CONFIG_F2FS_IOSTAT
> > +#define NUM_PREALLOC_IOSTAT_CTXS 128
> > #define DEFAULT_IOSTAT_PERIOD_MS 3000
> > #define MIN_IOSTAT_PERIOD_MS 100
> > /* maximum period of iostat tracing is 1 day */
> > #define MAX_IOSTAT_PERIOD_MS 8640000
> > -enum {
> > - READ_IO,
> > - WRITE_SYNC_IO,
> > - WRITE_ASYNC_IO,
> > - MAX_IO_TYPE,
> > -};
> > -
> > struct iostat_lat_info {
> > unsigned long sum_lat[MAX_IO_TYPE][NR_PAGE_TYPE]; /* sum of io latencies */
> > unsigned long peak_lat[MAX_IO_TYPE][NR_PAGE_TYPE]; /* peak io latency */
> > @@ -57,7 +58,7 @@ static inline struct bio_post_read_ctx *get_post_read_ctx(struct bio *bio)
> > return iostat_ctx->post_read_ctx;
> > }
> > -extern void iostat_update_and_unbind_ctx(struct bio *bio, int rw);
> > +extern void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type);
> > extern void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
> > struct bio *bio, struct bio_post_read_ctx *ctx);
> > extern int f2fs_init_iostat_processing(void);
> > @@ -67,7 +68,7 @@ extern void f2fs_destroy_iostat(struct f2fs_sb_info *sbi);
> > #else
> > static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi, struct inode *inode,
> > enum iostat_type type, unsigned long long io_bytes) {}
> > -static inline void iostat_update_and_unbind_ctx(struct bio *bio, int rw) {}
> > +static inline void iostat_update_and_unbind_ctx(struct bio *bio, enum iostat_lat_type type) {}
> > static inline void iostat_alloc_and_bind_ctx(struct f2fs_sb_info *sbi,
> > struct bio *bio, struct bio_post_read_ctx *ctx) {}
> > static inline void iostat_update_submit_ctx(struct bio *bio,
Hello:
This series was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim <[email protected]>:
On Sat, 21 Jan 2023 00:16:55 +0800 you wrote:
> Add iotype sanity check to avoid potential memory corruption.
> This is to fix the compile error below:
>
> fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
> 'io_lat->peak_lat[type]' 3 <= 3
>
> vim +228 fs/f2fs/iostat.c
>
> [...]
Here is the summary with links:
- [f2fs-dev,v3,1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
https://git.kernel.org/jaegeuk/f2fs/c/dcbf2ae5504f
- [f2fs-dev,v3,2/2] f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()
(no matching commit)
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html