[DO NOT MERGE] libceph: vet page pointers passed to sendpage_ok

We've seen some crashes in teuthology that look like we were passed a
bogus page pointer from the upper layers. Dump some info about the
pointer if it turns out to be clearly bad.

URL: https://tracker.ceph.com/issues/55818
Signed-off-by: Jeff Layton <jlayton@kernel.org>

diff --git a/net/ceph/messenger_v1.c b/net/ceph/messenger_v1.c
index aead8264f50067409fe14ee0ae088000dd090a5a..4c88b116fc6160091b5ba518c55f77d180c4f874 100644 (file)
--- a/net/ceph/messenger_v1.c
+++ b/net/ceph/messenger_v1.c
@@ -496,6 +496,16 @@ static int write_partial_message_data(struct ceph_connection *con)
                }
 
                page = ceph_msg_data_next(cursor, &page_offset, &length);
+
+#if defined(__x86_64__)
+               if ((long)page > 0) {
+                       /* bogus page pointer! */
+                       pr_err("%s: page=%px offset=%zu len=%zu resid=%zu total_resid=%zu\n",
+                               __func__, page, page_offset, length,
+                               cursor->resid, cursor->total_resid);
+               }
+#endif
+
                if (length == cursor->total_resid)
                        more = MSG_MORE;
                ret = ceph_tcp_sendpage(con->sock, page, page_offset, length,

diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c
index d6fb13b273471bcc8cff50efed9ed3f31f8a0fd4..7a7d6af64d78af0239e27f81725c397b313c474d 100644 (file)
--- a/net/ceph/messenger_v2.c
+++ b/net/ceph/messenger_v2.c
@@ -156,6 +156,15 @@ static int do_try_sendpage(struct socket *sock, struct iov_iter *it)
                bv.bv_len = min(iov_iter_count(it),
                                it->bvec->bv_len - it->iov_offset);
 
+#if defined(__x86_64__)
+               if ((long)bv.bv_page > 0) {
+                       /* bogus page pointer! */
+                       pr_err("%s: page=%px offset=%u len=%u count=%zu\n",
+                               __func__, bv.bv_page, bv.bv_offset, bv.bv_len,
+                               iov_iter_count(it));
+               }
+#endif
+
                /*
                 * sendpage cannot properly handle pages with
                 * page_count == 0, we need to fall back to sendmsg if

diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index db8c83ebb5c22be53b01a248e8ea160a2996b522..86b6aad86310e38c5b3b7462979e33be4bf013c1 100644 (file)
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -139,6 +139,22 @@ static void ceph_osd_data_pages_init(struct ceph_osd_data *osd_data,
        osd_data->alignment = alignment;
        osd_data->pages_from_pool = pages_from_pool;
        osd_data->own_pages = own_pages;
+#if defined(__x86_64)
+       {
+               /* Vet the page array */
+               int i, alen = calc_pages_for(alignment, length);
+
+               for (i = 0; i < alen; ++i) {
+                       if ((long)pages[i] > 0) {
+                               pr_err("%s: [%d] page=%px len=0x%llx alignment=0x%x from_pool=%d owned=%d\n",
+                                       __func__, i, pages[i], length, alignment, pages_from_pool,
+                                       own_pages);
+                               dump_stack();
+                               break;
+                       }
+               }
+       }
+#endif
 }
 
 /*