lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Nov 2014 02:36:58 -0800
From:	Omar Sandoval <osandov@...ndov.com>
To:	linux-btrfs@...r.kernel.org
Cc:	Mel Gorman <mgorman@...e.de>, linux-kernel@...r.kernel.org,
	<linux-fsdevel@...r.kernel.org>,
	Omar Sandoval <osandov@...ndov.com>
Subject: [RFC PATCH 5/6] btrfs: don't mark extents used for swap as up to date

As pages in the swapcache get shuffled around and repurposed for different
pages in the swap file, the EXTENT_UPTODATE flag doesn't apply. This leads to
some really weird symptoms in userspace where pages in a process's address
space appear to get mixed up.

Signed-off-by: Omar Sandoval <osandov@...ndov.com>
---
 fs/btrfs/extent_io.c | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index b8dc256..ca696d5 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -2496,12 +2496,12 @@ static void end_bio_extent_writepage(struct bio *bio, int err)
 
 static void
 endio_readpage_release_extent(struct extent_io_tree *tree, u64 start, u64 len,
-			      int uptodate)
+			      int uptodate, int swapcache)
 {
 	struct extent_state *cached = NULL;
 	u64 end = start + len - 1;
 
-	if (uptodate && tree->track_uptodate)
+	if (likely(!swapcache) && uptodate && tree->track_uptodate)
 		set_extent_uptodate(tree, start, end, &cached, GFP_ATOMIC);
 	unlock_extent_cached(tree, start, end, &cached, GFP_ATOMIC);
 }
@@ -2532,6 +2532,7 @@ static void end_bio_extent_readpage(struct bio *bio, int err)
 	int mirror;
 	int ret;
 	int i;
+	int swapcache = 0;
 
 	if (err)
 		uptodate = 0;
@@ -2539,6 +2540,7 @@ static void end_bio_extent_readpage(struct bio *bio, int err)
 	bio_for_each_segment_all(bvec, bio, i) {
 		struct page *page = bvec->bv_page;
 		struct inode *inode = page_file_mapping(page)->host;
+		swapcache |= PageSwapCache(page);
 
 		pr_debug("end_bio_extent_readpage: bi_sector=%llu, err=%d, "
 			 "mirror=%u\n", (u64)bio->bi_iter.bi_sector, err,
@@ -2631,12 +2633,14 @@ readpage_ok:
 			if (extent_len) {
 				endio_readpage_release_extent(tree,
 							      extent_start,
-							      extent_len, 1);
+							      extent_len, 1,
+							      swapcache);
 				extent_start = 0;
 				extent_len = 0;
 			}
 			endio_readpage_release_extent(tree, start,
-						      end - start + 1, 0);
+						      end - start + 1, 0,
+						      swapcache);
 		} else if (!extent_len) {
 			extent_start = start;
 			extent_len = end + 1 - start;
@@ -2644,7 +2648,8 @@ readpage_ok:
 			extent_len += end + 1 - start;
 		} else {
 			endio_readpage_release_extent(tree, extent_start,
-						      extent_len, uptodate);
+						      extent_len, uptodate,
+						      swapcache);
 			extent_start = start;
 			extent_len = end + 1 - start;
 		}
@@ -2652,7 +2657,7 @@ readpage_ok:
 
 	if (extent_len)
 		endio_readpage_release_extent(tree, extent_start, extent_len,
-					      uptodate);
+					      uptodate, swapcache);
 	if (io_bio->end_io)
 		io_bio->end_io(io_bio, err);
 	bio_put(bio);
@@ -2942,8 +2947,10 @@ static int __do_readpage(struct extent_io_tree *tree,
 			memset(userpage + pg_offset, 0, iosize);
 			flush_dcache_page(page);
 			kunmap_atomic(userpage);
-			set_extent_uptodate(tree, cur, cur + iosize - 1,
-					    &cached, GFP_NOFS);
+			if (likely(!swapcache))
+				set_extent_uptodate(tree, cur,
+						    cur + iosize - 1,
+						    &cached, GFP_NOFS);
 			if (!parent_locked)
 				unlock_extent_cached(tree, cur,
 						     cur + iosize - 1,
@@ -2995,8 +3002,9 @@ static int __do_readpage(struct extent_io_tree *tree,
 			flush_dcache_page(page);
 			kunmap_atomic(userpage);
 
-			set_extent_uptodate(tree, cur, cur + iosize - 1,
-					    &cached, GFP_NOFS);
+			if (likely(!swapcache))
+				set_extent_uptodate(tree, cur, cur + iosize - 1,
+						    &cached, GFP_NOFS);
 			unlock_extent_cached(tree, cur, cur + iosize - 1,
 			                     &cached, GFP_NOFS);
 			cur = cur + iosize;
@@ -3006,6 +3014,7 @@ static int __do_readpage(struct extent_io_tree *tree,
 		/* the get_extent function already copied into the page */
 		if (test_range_bit(tree, cur, cur_end,
 				   EXTENT_UPTODATE, 1, NULL)) {
+			WARN_ON(swapcache);
 			check_page_uptodate(tree, page);
 			if (!parent_locked)
 				unlock_extent(tree, cur, cur + iosize - 1);
-- 
2.1.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ