Project

General

Profile

Actions

Bug #14008

closed

off-by-one in dfl_iter()

Added by Yuri Pankov 10 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
kernel
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

We are hitting the following panic:

assertion failed: dfl->dfl_num_exts <= 256 (0x101 <= 0x100), file: ../../common/io/nvme/nvme.c, line: 4708

Adding some debug prints to dfl_iter() shows that we are incorrectly skipping (not counting) the current extent when splitting by max number of extents.

Attached patch should take care of the problem, and also updates the comment as we already checked the extent to the best of our ability.

Debugging prints I used to diagnose this now show that we correctly process large lists (>512 extents) where we would previously panic on second split attempt:

Aug  7 17:39:30 localhost genunix: [ID 412204 kern.notice] NOTICE: trim:numext=4797
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=0 i=256 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=256 i=512 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=512 i=768 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=768 i=1024 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=1024 i=1280 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=1280 i=1536 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=1536 i=1792 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=1792 i=2048 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=2048 i=2304 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=2304 i=2560 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=2560 i=2816 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=2816 i=3072 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=3072 i=3328 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=3328 i=3584 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=3584 i=3840 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=3840 i=4096 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=4096 i=4352 numext=256
Aug  7 17:39:30 localhost genunix: [ID 330441 kern.notice] NOTICE: 3:start=4352 i=4608 numext=256
Aug  7 17:39:30 localhost genunix: [ID 585576 kern.notice] NOTICE: 4:start=4608 i=4797 numext=189

P.S. I don't think this is easy to reproduce with illumos ZFS as it seems to only send a list with one extent (?).


Files

0001-off-by-one-in-dfl_iter.patch (1.4 KB) 0001-off-by-one-in-dfl_iter.patch Yuri Pankov, 2021-08-07 03:14 PM
Actions #1

Updated by Electric Monk 8 months ago

  • Gerrit CR set to 1667
Actions #2

Updated by Electric Monk 8 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 938b2fd3f9504b8ef9b2181faead7a4a7298730f

commit  938b2fd3f9504b8ef9b2181faead7a4a7298730f
Author: Yuri Pankov <ypankov@tintri.com>
Date:   2021-09-29T00:05:05.000Z

    14008 off-by-one in dfl_iter()
    Reviewed by: Andrew Giles <agiles@tintri.com>
    Reviewed by: Guy Morrogh <gmorrogh@tintri.com>
    Reviewed by: Joyce McIntosh <jmcintosh@tintri.com>
    Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Actions

Also available in: Atom PDF