From e5ca6280dd758865ebf7399574b06aadb258f159 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@kernel.org>
Date: Wed, 1 Jun 2022 16:13:12 -0400
Subject: [PATCH] [DO NOT MERGE] libceph: vet page pointers passed to
 sendpage_ok

We've seen some crashes in teuthology that look like we were passed a
bogus page pointer from the upper layers. Dump some info about the
pointer if it turns out to be clearly bad.

URL: https://tracker.ceph.com/issues/55818
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 net/ceph/messenger_v1.c | 10 ++++++++++
 net/ceph/messenger_v2.c |  9 +++++++++
 net/ceph/osd_client.c   | 16 ++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/net/ceph/messenger_v1.c b/net/ceph/messenger_v1.c
index aead8264f5006..4c88b116fc616 100644
--- a/net/ceph/messenger_v1.c
+++ b/net/ceph/messenger_v1.c
@@ -496,6 +496,16 @@ static int write_partial_message_data(struct ceph_connection *con)
 		}
 
 		page = ceph_msg_data_next(cursor, &page_offset, &length);
+
+#if defined(__x86_64__)
+		if ((long)page > 0) {
+			/* bogus page pointer! */
+			pr_err("%s: page=%px offset=%zu len=%zu resid=%zu total_resid=%zu\n",
+				__func__, page, page_offset, length,
+				cursor->resid, cursor->total_resid);
+		}
+#endif
+
 		if (length == cursor->total_resid)
 			more = MSG_MORE;
 		ret = ceph_tcp_sendpage(con->sock, page, page_offset, length,
diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c
index d6fb13b273471..7a7d6af64d78a 100644
--- a/net/ceph/messenger_v2.c
+++ b/net/ceph/messenger_v2.c
@@ -156,6 +156,15 @@ static int do_try_sendpage(struct socket *sock, struct iov_iter *it)
 		bv.bv_len = min(iov_iter_count(it),
 				it->bvec->bv_len - it->iov_offset);
 
+#if defined(__x86_64__)
+		if ((long)bv.bv_page > 0) {
+			/* bogus page pointer! */
+			pr_err("%s: page=%px offset=%u len=%u count=%zu\n",
+				__func__, bv.bv_page, bv.bv_offset, bv.bv_len,
+				iov_iter_count(it));
+		}
+#endif
+
 		/*
 		 * sendpage cannot properly handle pages with
 		 * page_count == 0, we need to fall back to sendmsg if
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index db8c83ebb5c22..86b6aad86310e 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -139,6 +139,22 @@ static void ceph_osd_data_pages_init(struct ceph_osd_data *osd_data,
 	osd_data->alignment = alignment;
 	osd_data->pages_from_pool = pages_from_pool;
 	osd_data->own_pages = own_pages;
+#if defined(__x86_64)
+	{
+		/* Vet the page array */
+		int i, alen = calc_pages_for(alignment, length);
+
+		for (i = 0; i < alen; ++i) {
+			if ((long)pages[i] > 0) {
+				pr_err("%s: [%d] page=%px len=0x%llx alignment=0x%x from_pool=%d owned=%d\n",
+					__func__, i, pages[i], length, alignment, pages_from_pool,
+					own_pages);
+				dump_stack();
+				break;
+			}
+		}
+	}
+#endif
 }
 
 /*
-- 
2.39.5