| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D6538C6.4090004@redhat.com>
Date: Wed, 23 Feb 2011 10:41:42 -0600
From: Eric Sandeen <sandeen@...hat.com>
To: Yongqiang Yang <xiaoqiangnk@...il.com>
CC: linux-ext4@...r.kernel.org
Subject: Re: [PATCH] ext4:Fix a bug in ext4_ext_fiemap_cb().
On 2/23/11 9:59 AM, Yongqiang Yang wrote:
> 1] Delayed extents after a hole are neglected.
>
> By using find_get_pages() instead of find_get_page() to
> lookup pagecache, delayed extents can be found, because
> find_get_pages() with nr_pages=1 will return the next page
> in pagecache.
>
> 2] Extents after a delayed extent or a hole are neglected as well.
>
> Fix it by accurating the request range by the result of
> ext4_ext_next_allocated_block().
>
> Reported by Chris Mason <chris.mason@...cle.com>:
> We've had reports on btrfs that cp is giving us files full of zeros
> instead of actually copying them. It was tracked down to a bug with
> the btrfs fiemap implementation where it was returning holes for
> delalloc ranges.
>
> Newer versions of cp are trusting fiemap to tell it where the holes
> are, which does seem like a pretty neat trick.
>
> I decided to give xfs and ext4 a shot with a few tests cases too, xfs
> passed with all the ones btrfs was getting wrong, and ext4 got the basic
> delalloc case right.
> $ mkfs.ext4 /dev/xxx
> $ mount /dev/xxx /mnt
> $ dd if=/dev/zero of=/mnt/foo bs=1M count=1
> $ fiemap-test foo
> ext: 0 logical: [ 0.. 255] phys: 0.. 255
> flags: 0x007 tot: 256
>
> Horray! But once we throw a hole in, things go bad:
> $ mkfs.ext4 /dev/xxx
> $ mount /dev/xxx /mnt
> $ dd if=/dev/zero of=/mnt/foo bs=1M count=1 seek=1
> $ fiemap-test foo
> < no output >
>
> We've got a delalloc extent after the hole and ext4 fiemap didn't find
> it. If I run sync to kick the delalloc out:
> $sync
> $ fiemap-test foo
> ext: 0 logical: [ 256.. 511] phys: 34048.. 34303
> flags: 0x001 tot: 256
>
> fiemap-test is sitting in my /usr/local/bin, and I have no idea how it
> got there. It's full of pretty comments so I know it isn't mine, but
> you can grab it here:
>
> http://oss.oracle.com/~mason/fiemap-test.c
>
> xfsqa has a fiemap program too.
>
> After Fix, test results are as follows:
> ext: 0 logical: [ 256.. 511] phys: 0.. 255
> flags: 0x007 tot: 256
> ext: 0 logical: [ 256.. 511] phys: 33280.. 33535
> flags: 0x001 tot: 256
>
> Signe-off-by: Yongqiang Yang <xiaoqiangnk@...il.com>
> ---
> fs/ext4/extents.c | 26 +++++++++++++++++++++++---
> mm/filemap.c | 1 +
> 2 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index ccce8a7..ad455a0 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -3788,17 +3788,27 @@ static int ext4_ext_fiemap_cb(struct inode *inode, struct ext4_ext_path *path,
> __u64 physical;
> __u64 length;
> __u32 flags = 0;
> + ext4_lblk_t end;
> int error;
>
> logical = (__u64)newex->ec_block << blksize_bits;
>
> - if (newex->ec_start == 0) {
> + if (!newex->ec_start) {
> + /*
> + * There is no extent contains @newex->ec_block block.
> + * It implies that @newex->ec_block block lies 1)a hole
> + * or 2)delayed-allocated blocks that has not been
> + * allocated, so pagecache is needed to lookup.
> + *
> + * And if it is case 2, @newex->ec_len needs to be corrected.
> + *
> + */
> pgoff_t offset;
> struct page *page;
> struct buffer_head *bh = NULL;
>
> offset = logical >> PAGE_SHIFT;
> - page = find_get_page(inode->i_mapping, offset);
> + (void)find_get_pages(inode->i_mapping, offset, 1, &page);
> if (!page || !page_has_buffers(page))
> return EXT_CONTINUE;
>
> @@ -3807,8 +3817,13 @@ static int ext4_ext_fiemap_cb(struct inode *inode, struct ext4_ext_path *path,
> if (!bh)
> return EXT_CONTINUE;
>
> + /* Assume block-size equals page-size. */
> if (buffer_delay(bh)) {
> flags |= FIEMAP_EXTENT_DELALLOC;
> + if (page->index > offset) {
> + logical = ((__u64)page->index << PAGE_SHIFT);
> + newex->ec_block = logical >> blksize_bits;
> + }
> page_cache_release(page);
> } else {
> page_cache_release(page);
> @@ -3830,7 +3845,8 @@ static int ext4_ext_fiemap_cb(struct inode *inode, struct ext4_ext_path *path,
> *
> * XXX this might miss a single-block extent at EXT_MAX_BLOCK
> */
> - if (ext4_ext_next_allocated_block(path) == EXT_MAX_BLOCK ||
> + end = ext4_ext_next_allocated_block(path);
I think this will fall down if you have:
[ HOLE ][ DELALLOC ][ HOLE ][ ALLOCATED ] won't it?
i.e. your "end" will be the first block of "allocated" right?
-Eric
> + if (end == EXT_MAX_BLOCK ||
> newex->ec_block + newex->ec_len - 1 == EXT_MAX_BLOCK) {
> loff_t size = i_size_read(inode);
> loff_t bs = EXT4_BLOCK_SIZE(inode->i_sb);
> @@ -3839,8 +3855,12 @@ static int ext4_ext_fiemap_cb(struct inode *inode, struct ext4_ext_path *path,
> if ((flags & FIEMAP_EXTENT_DELALLOC) &&
> logical+length > size)
> length = (size - logical + bs - 1) & ~(bs-1);
> + } else {
> + newex->ec_len = end - newex->ec_block;
> + length = (__u64)newex->ec_len << blksize_bits;
> }
>
> +
> error = fiemap_fill_next_extent(fieinfo, logical, physical,
> length, flags);
> if (error < 0)
> diff --git a/mm/filemap.c b/mm/filemap.c
> index 83a45d3..1c01ffc 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -803,6 +803,7 @@ repeat:
> rcu_read_unlock();
> return ret;
> }
> +EXPORT_SYMBOL(find_get_pages);
>
> /**
> * find_get_pages_contig - gang contiguous pagecache lookup
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists