When bch_bio_alloc_pages() fails, no error return code of
cached_dev_cache_miss() is assigned.
To fix this bug, ret is assigned with -ENOMEN as error return code.
Reported-by: TOTE Robot <[email protected]>
Signed-off-by: Jia-Ju Bai <[email protected]>
---
drivers/md/bcache/request.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
index 29c231758293..9ecaf26c8d60 100644
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -930,8 +930,10 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s,
cache_bio->bi_private = &s->cl;
bch_bio_map(cache_bio, NULL);
- if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO))
+ if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO)) {
+ ret = -ENOMEM;
goto out_put;
+ }
if (reada)
bch_mark_cache_readahead(s->iop.c, s->d);
--
2.17.1
On 3/5/21 10:46 AM, Jia-Ju Bai wrote:
> When bch_bio_alloc_pages() fails, no error return code of
> cached_dev_cache_miss() is assigned.
> To fix this bug, ret is assigned with -ENOMEN as error return code.
>
> Reported-by: TOTE Robot <[email protected]>
> Signed-off-by: Jia-Ju Bai <[email protected]>
> ---
> drivers/md/bcache/request.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
> index 29c231758293..9ecaf26c8d60 100644
> --- a/drivers/md/bcache/request.c
> +++ b/drivers/md/bcache/request.c
> @@ -930,8 +930,10 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s,
> cache_bio->bi_private = &s->cl;
>
> bch_bio_map(cache_bio, NULL);
> - if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO))
> + if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO)) {
> + ret = -ENOMEM;
> goto out_put;
> + }
>
> if (reada)
> bch_mark_cache_readahead(s->iop.c, s->d);
>
Thanks for looking at bcache :-)
Without the above change, -EINTR will be returned. -EINTR is special in
bache's btree iteration code. See bcache_btree_root() from bcache.h,
347 #define bcache_btree_root(fn, c, op, ...) \
348 ({ \
349 int _r = -EINTR; \
350 do { \
351 struct btree *_b = (c)->root; \
352 bool _w = insert_lock(op, _b); \
353 rw_lock(_w, _b, _b->level); \
354 if (_b == (c)->root && \
355 _w == insert_lock(op, _b)) { \
356 _r = bch_btree_ ## fn(_b, op, ##__VA_ARGS__); \
357 } \
358 rw_unlock(_w, _b); \
359 bch_cannibalize_unlock(c); \
360 if (_r == -EINTR) \
361 \
362 } while (_r == -EINTR); \
363 \
364 finish_wait(&(c)->btree_cache_wait, &(op)->wait); \
365 _r; \
366 })
cached_dev_cache_miss() is called by the following code path,
cache_lookup() ==> bch_btree_map_keys() ==> bcache_btree_root() ==>
bch_btree_map_keys_recurse() ==> cache_lookup_fn()
Therefore the return value of cached_dev_cache_miss() will be returned
from where s->d->cache_miss() is called from cache_lookup_fn(). And in
macro bcache_btree_root() this return value will be checked. If the
return value is -EINTR, then the whole iteration will be re-do again.
Returning -ENOMEM works but if the memory allocation failed, there is no
chance to re-do the cache lookup again from bcache_btree_root(). When
system memory is in heavy usage, we want the lookup to try more times
(because GFP_NOIO is set), which is much better then returning -EIO
immediately to caller.
Therefore NOT setting ret to -ENOMEM in the patching location should be
an on-purpose coding, IMHO.
Thanks.
Coly Li
Hi Coly,
Thanks a lot for your detailed explanation :)
Best wishes,
Jia-Ju Bai
On 2021/3/5 12:05, Coly Li wrote:
> On 3/5/21 10:46 AM, Jia-Ju Bai wrote:
>> When bch_bio_alloc_pages() fails, no error return code of
>> cached_dev_cache_miss() is assigned.
>> To fix this bug, ret is assigned with -ENOMEN as error return code.
>>
>> Reported-by: TOTE Robot <[email protected]>
>> Signed-off-by: Jia-Ju Bai <[email protected]>
>> ---
>> drivers/md/bcache/request.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
>> index 29c231758293..9ecaf26c8d60 100644
>> --- a/drivers/md/bcache/request.c
>> +++ b/drivers/md/bcache/request.c
>> @@ -930,8 +930,10 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s,
>> cache_bio->bi_private = &s->cl;
>>
>> bch_bio_map(cache_bio, NULL);
>> - if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO))
>> + if (bch_bio_alloc_pages(cache_bio, __GFP_NOWARN|GFP_NOIO)) {
>> + ret = -ENOMEM;
>> goto out_put;
>> + }
>>
>> if (reada)
>> bch_mark_cache_readahead(s->iop.c, s->d);
>>
> Thanks for looking at bcache :-)
>
> Without the above change, -EINTR will be returned. -EINTR is special in
> bache's btree iteration code. See bcache_btree_root() from bcache.h,
>
> 347 #define bcache_btree_root(fn, c, op, ...) \
> 348 ({ \
> 349 int _r = -EINTR; \
> 350 do { \
> 351 struct btree *_b = (c)->root; \
> 352 bool _w = insert_lock(op, _b); \
> 353 rw_lock(_w, _b, _b->level); \
> 354 if (_b == (c)->root && \
> 355 _w == insert_lock(op, _b)) { \
> 356 _r = bch_btree_ ## fn(_b, op, ##__VA_ARGS__); \
> 357 } \
> 358 rw_unlock(_w, _b); \
> 359 bch_cannibalize_unlock(c); \
> 360 if (_r == -EINTR) \
> 361 \
> 362 } while (_r == -EINTR); \
> 363 \
> 364 finish_wait(&(c)->btree_cache_wait, &(op)->wait); \
> 365 _r; \
> 366 })
>
> cached_dev_cache_miss() is called by the following code path,
>
> cache_lookup() ==> bch_btree_map_keys() ==> bcache_btree_root() ==>
> bch_btree_map_keys_recurse() ==> cache_lookup_fn()
>
> Therefore the return value of cached_dev_cache_miss() will be returned
> from where s->d->cache_miss() is called from cache_lookup_fn(). And in
> macro bcache_btree_root() this return value will be checked. If the
> return value is -EINTR, then the whole iteration will be re-do again.
>
> Returning -ENOMEM works but if the memory allocation failed, there is no
> chance to re-do the cache lookup again from bcache_btree_root(). When
> system memory is in heavy usage, we want the lookup to try more times
> (because GFP_NOIO is set), which is much better then returning -EIO
> immediately to caller.
>
> Therefore NOT setting ret to -ENOMEM in the patching location should be
> an on-purpose coding, IMHO.
>
> Thanks.
>
> Coly Li
>