From: Jeff Layton <jlayton@redhat.com>
Date: Wed, 12 Nov 2008 10:06:47 -0500
Subject: [fs] cifs: corrupt data due to interleaved write calls
Message-id: 1226502407-8962-1-git-send-email-jlayton@redhat.com
O-Subject: [RHEL5.3 PATCH] BZ#470267: cifs: fix data corruption due to interleaved write calls when one times out
Bugzilla: 470267
RH-Acked-by: Peter Staubach <staubach@redhat.com>
RH-Acked-by: Jeff Moyer <jmoyer@redhat.com>
From: Steve French <sfrench@us.ibm.com>
This is a late-breaking patchset to fix a data corruption problem in
CIFS. When CIFS attempts to send a large amount of data to the server
(say, in a large write), it's possible for only part of the data to be
sent. When this happens, the sending routines will return -EAGAIN to the
caller and the send of the remaining data is generally retried,
depending on the call.
It's possible however for another SMB call to the same server to be sent
before this retry can occur. If this happens, the server can get
confused and think that the second call is actually part of the first.
This usually manifests itself as data corruption in writes. The
file being written will contain the SMB headers of the second call.
This patch represents 3 different patches that went upstream recently.
The first one was intended to fix the problem and the other two fixed
smaller bugs in the first patch. It fixes the bug by doing the
following:
1) It changes the CIFS code not to tune the send and receive buffer
sizes, and instead to let them autotune. The fact that we tune their
sizes artificially limits the buffer size and makes it generally more
likely that kernel_sendmsg will return an error.
2) We convert CIFS to use blocking I/O by default. It currently retries
non-blocking I/O over a certain period of time. This is unecessarily
complex. Blocking I/O should make it slightly less likely that we'll
return error from kernel_sendmsg.
3) If we end up sending some, but not all of the data in smb_send2, we
mark the socket as needing to be reconnected. This forces a disconnect
and reconnect before any more data can be sent, and should prevent the
problems with overlapping data.
While I can verify that this fixes the data corruption using the
reproducer that was provided, I'll note that I'm not terribly thrilled
with the patchset below:
1) It adds a couple of mount options that I consider to be pointless.
2) It leaves the code using the same retry logic in the blocking I/O
case as in the non-blocking, which could just as easily be done by
setting the send timeout correctly.
3) It also seems like the retry when we return -EAGAIN is done at the
wrong layer, but that's more of a design issue with CIFS.
4) It doesn't reconnect the socket if smb_send fails, only if we're
doing a smb_send2 (which takes an iovec as an arg). This means that the
patch isn't complete. Fixing it the right way means making a number of
cascading changes. The function args for smb_send() will need to change,
for instance. The upside here is that that function generally is for
sending smaller frames, and if they do get interleaved I don't think
data corruption is likely (the read and write codepaths don't use it).
I'm discussing the problems above with the upstream maintainer and the
person who wrote the patch. It's probably going to take some time before
I can convince them however and we're running short on that for 5.3. So
for now, this is better than nothing and should fix the known issue.
Patch description from the first patch in the series follows.
-----------------[snip]----------------
CIFS in some heavy stress conditions cifs could get EAGAIN
repeatedly in smb_send2 which led to repeated retries and eventually
failure of large writes which could lead to data corruption.
There are three changes that were suggested by various network
developers:
1) convert cifs from non-blocking to blocking tcp sendmsg
(we left in the retry on failure)
2) change cifs to not set sendbuf and rcvbuf size for the socket
(let tcp autotune the buffer sizes since that works much better
in the TCP stack now)
3) if we have a partial frame sent in smb_send2, mark the tcp
session as invalid (close the socket and reconnect) so we do
not corrupt the remaining part of the SMB with the beginning
of the next SMB.
This does not appear to hurt performance measurably and has
been run in various scenarios, but it definately removes
a corruption that we were seeing in some high stress
test cases.
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 09b3bc3..be2b547 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -150,6 +150,8 @@ struct TCP_Server_Info {
char versionMajor;
char versionMinor;
bool svlocal:1; /* local server or remote */
+ bool noblocksnd; /* use blocking sendmsg */
+ bool noautotune; /* do not autotune send buf sizes */
atomic_t socketUseCount; /* number of open cifs sessions on socket */
atomic_t inFlight; /* number of requests on the wire to server */
#ifdef CONFIG_CIFS_STATS2
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 0955988..5cfb30f 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -49,7 +49,7 @@ extern void cifs_buf_release(void *);
extern struct smb_hdr *cifs_small_buf_get(void);
extern void cifs_small_buf_release(void *);
extern int smb_send(struct socket *, struct smb_hdr *,
- unsigned int /* length */ , struct sockaddr *);
+ unsigned int /* length */ , struct sockaddr *, bool);
extern unsigned int _GetXid(void);
extern void _FreeXid(unsigned int);
#define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current->fsuid));
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 83ca395..2095f5b 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1552,7 +1552,7 @@ CIFSSMBWrite(const int xid, struct cifsTconInfo *tcon,
__u32 bytes_sent;
__u16 byte_count;
- /* cFYI(1,("write at %lld %d bytes",offset,count));*/
+ /* cFYI(1, ("write at %lld %d bytes", offset, count));*/
if (tcon->ses == NULL)
return -ECONNABORTED;
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 02bd05c..7122c35 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -105,6 +105,8 @@ struct smb_vol {
bool nocase:1; /* request case insensitive filenames */
bool nobrl:1; /* disable sending byte range locks to srv */
bool seal:1; /* request transport encryption on share */
+ bool noblocksnd:1;
+ bool noautotune:1;
unsigned int rsize;
unsigned int wsize;
unsigned int sockopt;
@@ -115,9 +117,11 @@ struct smb_vol {
static int ipv4_connect(struct sockaddr_in *psin_server,
struct socket **csocket,
char *netb_name,
- char *server_netb_name);
+ char *server_netb_name,
+ bool noblocksnd,
+ bool nosndbuf); /* ipv6 never set sndbuf size */
static int ipv6_connect(struct sockaddr_in6 *psin_server,
- struct socket **csocket);
+ struct socket **csocket, bool noblocksnd);
/*
@@ -205,12 +209,13 @@ cifs_reconnect(struct TCP_Server_Info *server)
#endif
if (server->protocolType == IPV6) {
rc = ipv6_connect(&server->addr.sockAddr6,
- &server->ssocket);
+ &server->ssocket, server->noautotune);
} else {
rc = ipv4_connect(&server->addr.sockAddr,
&server->ssocket,
server->workstation_RFC1001_name,
- server->server_RFC1001_name);
+ server->server_RFC1001_name,
+ server->noblocksnd, server->noautotune);
}
if (rc) {
cFYI(1, ("reconnect error %d", rc));
@@ -451,9 +456,14 @@ incomplete_rcv:
msleep(1); /* minimum sleep to prevent looping
allowing socket to clear and app threads to set
tcpStatus CifsNeedReconnect if server hung */
- if (pdu_length < 4)
+ if (pdu_length < 4) {
+ iov.iov_base = (4 - pdu_length) +
+ (char *)smb_buffer;
+ iov.iov_len = pdu_length;
+ smb_msg.msg_control = NULL;
+ smb_msg.msg_controllen = 0;
goto incomplete_rcv;
- else
+ } else
continue;
} else if (length <= 0) {
if (server->tcpStatus == CifsNew) {
@@ -1246,6 +1256,10 @@ cifs_parse_mount_options(char *options, const char *devname,
/* ignore */
} else if (strnicmp(data, "rw", 2) == 0) {
vol->rw = true;
+ } else if (strnicmp(data, "noblocksend", 11) == 0) {
+ vol->noblocksnd = 1;
+ } else if (strnicmp(data, "noautotune", 10) == 0) {
+ vol->noautotune = 1;
} else if ((strnicmp(data, "suid", 4) == 0) ||
(strnicmp(data, "nosuid", 6) == 0) ||
(strnicmp(data, "exec", 4) == 0) ||
@@ -1566,7 +1580,8 @@ static void rfc1002mangle(char *target, char *source, unsigned int length)
static int
ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
- char *netbios_name, char *target_name)
+ char *netbios_name, char *target_name,
+ bool noblocksnd, bool noautotune)
{
int rc = 0;
int connected = 0;
@@ -1638,26 +1653,20 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
/* Eventually check for other socket options to change from
the default. sock_setsockopt not used because it expects
user space buffer */
-#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 5, 0)
cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
(*csocket)->sk->sk_sndbuf,
(*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
(*csocket)->sk->sk_rcvtimeo = 7 * HZ;
+ if (!noblocksnd)
+ (*csocket)->sk->sk_sndtimeo = 3 * HZ;
+
/* make the bufsizes depend on wsize/rsize and max requests */
- if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
- (*csocket)->sk->sk_sndbuf = 200 * 1024;
- if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
- (*csocket)->sk->sk_rcvbuf = 140 * 1024;
-#else
- cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sndbuf,
- (*csocket)->sk->rcvbuf, (*csocket)->sk->rcvtimeo));
- (*csocket)->sk->rcvtimeo = 7 * HZ;
- /* make the bufsizes depend on wsize/rsize and max requests */
- if((*csocket)->sk->sndbuf < (200 * 1024))
- (*csocket)->sk->sndbuf = 200 * 1024;
- if((*csocket)->sk->rcvbuf < (140 * 1024))
- (*csocket)->sk->rcvbuf = 140 * 1024;
-#endif
+ if (noautotune) {
+ if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
+ (*csocket)->sk->sk_sndbuf = 200 * 1024;
+ if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
+ (*csocket)->sk->sk_rcvbuf = 140 * 1024;
+ }
/* send RFC1001 sessinit */
if (psin_server->sin_port == htons(RFC1001_PORT)) {
@@ -1694,7 +1703,7 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
/* sizeof RFC1002_SESSION_REQUEST with no scope */
smb_buf->smb_buf_length = 0x81000044;
rc = smb_send(*csocket, smb_buf, 0x44,
- (struct sockaddr *)psin_server);
+ (struct sockaddr *)psin_server, noblocksnd);
kfree(ses_init_buf);
msleep(1); /* RFC1001 layer in at least one server
requires very short break before negprot
@@ -1714,7 +1723,8 @@ ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
}
static int
-ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
+ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket,
+ bool noblocksnd)
{
int rc = 0;
int connected = 0;
@@ -1786,11 +1796,9 @@ ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
/* Eventually check for other socket options to change from
the default. sock_setsockopt not used because it expects
user space buffer */
-#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 5, 0)
(*csocket)->sk->sk_rcvtimeo = 7 * HZ;
-#else
- (*csocket)->sk->rcvtimeo = 7 * HZ;
-#endif
+ if (!noblocksnd)
+ (*csocket)->sk->sk_sndtimeo = 3 * HZ;
return rc;
}
@@ -2048,11 +2056,14 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
cFYI(1, ("attempting ipv6 connect"));
/* BB should we allow ipv6 on port 139? */
/* other OS never observed in Wild doing 139 with v6 */
- rc = ipv6_connect(&sin_server6, &csocket);
+ rc = ipv6_connect(&sin_server6, &csocket,
+ volume_info.noblocksnd);
} else
rc = ipv4_connect(&sin_server, &csocket,
volume_info.source_rfc1001_name,
- volume_info.target_rfc1001_name);
+ volume_info.target_rfc1001_name,
+ volume_info.noblocksnd,
+ volume_info.noautotune);
if (rc < 0) {
cERROR(1, ("Error connecting to IPv4 socket. "
"Aborting operation"));
@@ -2067,6 +2078,8 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
sock_release(csocket);
goto out;
} else {
+ srvTcp->noblocksnd = volume_info.noblocksnd;
+ srvTcp->noautotune = volume_info.noautotune;
memcpy(&srvTcp->addr.sockAddr, &sin_server,
sizeof(struct sockaddr_in));
atomic_set(&srvTcp->inFlight, 0);
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index d969578..85e9425 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -2035,7 +2035,7 @@ static int cifs_readpages(struct file *file, struct address_space *mapping,
pTcon = cifs_sb->tcon;
pagevec_init(&lru_pvec, 0);
- cFYI(DBG2, ("rpages: num pages %d", num_pages));
+ cFYI(DBG2, ("rpages: num pages %d", num_pages));
for (i = 0; i < num_pages; ) {
unsigned contig_pages;
struct page *tmp_page;
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 71ad562..a344d31 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -178,7 +178,7 @@ void DeleteTconOplockQEntries(struct cifsTconInfo *tcon)
int
smb_send(struct socket *ssocket, struct smb_hdr *smb_buffer,
- unsigned int smb_buf_length, struct sockaddr *sin)
+ unsigned int smb_buf_length, struct sockaddr *sin, bool noblocksnd)
{
int rc = 0;
int i = 0;
@@ -202,7 +202,10 @@ smb_send(struct socket *ssocket, struct smb_hdr *smb_buffer,
#endif
smb_msg.msg_control = NULL;
smb_msg.msg_controllen = 0;
- smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; /* BB add more flags?*/
+ if (noblocksnd)
+ smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
+ else
+ smb_msg.msg_flags = MSG_NOSIGNAL;
/* smb header is converted in header_assemble. bcc and rest of SMB word
area, and byte area if necessary, is converted to littleendian in
@@ -264,8 +267,8 @@ smb_send(struct socket *ssocket, struct smb_hdr *smb_buffer,
}
static int
-smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
- struct sockaddr *sin)
+smb_send2(struct TCP_Server_Info *server, struct kvec *iov, int n_vec,
+ struct sockaddr *sin, bool noblocksnd)
{
int rc = 0;
int i = 0;
@@ -275,6 +278,7 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
unsigned int total_len;
int first_vec = 0;
unsigned int smb_buf_length = smb_buffer->smb_buf_length;
+ struct socket *ssocket = server->ssocket;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 8)
mm_segment_t temp_fs;
#endif
@@ -286,7 +290,10 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
smb_msg.msg_namelen = sizeof(struct sockaddr);
smb_msg.msg_control = NULL;
smb_msg.msg_controllen = 0;
- smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; /* BB add more flags?*/
+ if (noblocksnd)
+ smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
+ else
+ smb_msg.msg_flags = MSG_NOSIGNAL;
/* smb header is converted in header_assemble. bcc and rest of SMB word
area, and byte area if necessary, is converted to littleendian in
@@ -331,8 +338,11 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
if (rc < 0)
break;
- if (rc >= total_len) {
- WARN_ON(rc > total_len);
+ if (rc == total_len) {
+ total_len = 0;
+ break;
+ } else if (rc > total_len) {
+ cERROR(1, ("sent %d requested %d", rc, total_len));
break;
}
if (rc == 0) {
@@ -363,6 +373,16 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec,
set_fs(temp_fs);
#endif
+ if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
+ cFYI(1, ("partial send (%d remaining), terminating session",
+ total_len));
+ /* If we have only sent part of an SMB then the next SMB
+ could be taken as the remainder of this one. We need
+ to kill the socket so the server throws away the partial
+ SMB */
+ server->tcpStatus = CifsNeedReconnect;
+ }
+
if (rc < 0) {
cERROR(1, ("Error %d sending data on socket to server", rc));
} else
@@ -569,8 +589,9 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
#ifdef CONFIG_CIFS_STATS2
atomic_inc(&ses->server->inSend);
#endif
- rc = smb_send2(ses->server->ssocket, iov, n_vec,
- (struct sockaddr *) &(ses->server->addr.sockAddr));
+ rc = smb_send2(ses->server, iov, n_vec,
+ (struct sockaddr *) &(ses->server->addr.sockAddr),
+ ses->server->noblocksnd);
#ifdef CONFIG_CIFS_STATS2
atomic_dec(&ses->server->inSend);
midQ->when_sent = jiffies;
@@ -762,7 +783,8 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
atomic_inc(&ses->server->inSend);
#endif
rc = smb_send(ses->server->ssocket, in_buf, in_buf->smb_buf_length,
- (struct sockaddr *) &(ses->server->addr.sockAddr));
+ (struct sockaddr *) &(ses->server->addr.sockAddr),
+ ses->server->noblocksnd);
#ifdef CONFIG_CIFS_STATS2
atomic_dec(&ses->server->inSend);
midQ->when_sent = jiffies;
@@ -902,7 +924,8 @@ send_nt_cancel(struct cifsTconInfo *tcon, struct smb_hdr *in_buf,
return rc;
}
rc = smb_send(ses->server->ssocket, in_buf, in_buf->smb_buf_length,
- (struct sockaddr *) &(ses->server->addr.sockAddr));
+ (struct sockaddr *) &(ses->server->addr.sockAddr),
+ ses->server->noblocksnd);
up(&ses->server->tcpSem);
return rc;
}
@@ -992,7 +1015,8 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
atomic_inc(&ses->server->inSend);
#endif
rc = smb_send(ses->server->ssocket, in_buf, in_buf->smb_buf_length,
- (struct sockaddr *) &(ses->server->addr.sockAddr));
+ (struct sockaddr *) &(ses->server->addr.sockAddr),
+ ses->server->noblocksnd);
#ifdef CONFIG_CIFS_STATS2
atomic_dec(&ses->server->inSend);
midQ->when_sent = jiffies;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
89877e42827f16fa5f86b1df0c2860b1
>
files
>
507
