lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <x49h9e1991u.fsf@segfault.boston.devel.redhat.com>
Date:	Fri, 13 May 2016 13:12:13 -0400
From:	Jeff Moyer <jmoyer@...hat.com>
To:	Eryu Guan <guaneryu@...il.com>, viro@...IV.linux.org.uk
Cc:	linux-fsdevel@...r.kernel.org, linux-ext4@...r.kernel.org
Subject: Re: [PATCH v3] direct-io: fix direct write stale data exposure from concurrent buffered read

Eryu Guan <guaneryu@...il.com> writes:

> What we should really do is to disable block allocation for writes that
> could result in filling holes inside i_size.
>
> Reviewed-by: Jan Kara <jack@...e.cz>
> Signed-off-by: Eryu Guan <guaneryu@...il.com>

This looks good to me, Eryu, and it passes the aio/dio test cases in
xfstests and libaio.  Thanks a lot!

Al, can you take this through your tree?

Reviewed-by: Jeff Moyer <jmoyer@...hat.com>


> ---
>
> v3:
> - Kill unnecessary cleanup patch
> - Update comments a bit accordingly
>
> v2:
> - Fix the case Jeff pointed out as well
> - Update commit log
>
>  fs/direct-io.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/fs/direct-io.c b/fs/direct-io.c
> index 4720377..62921ce 100644
> --- a/fs/direct-io.c
> +++ b/fs/direct-io.c
> @@ -627,11 +627,11 @@ static int get_more_blocks(struct dio *dio, struct dio_submit *sdio,
>  		map_bh->b_size = fs_count << i_blkbits;
>  
>  		/*
> -		 * For writes inside i_size on a DIO_SKIP_HOLES filesystem we
> -		 * forbid block creations: only overwrites are permitted.
> -		 * We will return early to the caller once we see an
> -		 * unmapped buffer head returned, and the caller will fall
> -		 * back to buffered I/O.
> +		 * For writes that could fill holes inside i_size on a
> +		 * DIO_SKIP_HOLES filesystem we forbid block creations: only
> +		 * overwrites are permitted. We will return early to the caller
> +		 * once we see an unmapped buffer head returned, and the caller
> +		 * will fall back to buffered I/O.
>  		 *
>  		 * Otherwise the decision is left to the get_blocks method,
>  		 * which may decide to handle it or also return an unmapped
> @@ -639,8 +639,8 @@ static int get_more_blocks(struct dio *dio, struct dio_submit *sdio,
>  		 */
>  		create = dio->rw & WRITE;
>  		if (dio->flags & DIO_SKIP_HOLES) {
> -			if (sdio->block_in_file < (i_size_read(dio->inode) >>
> -							sdio->blkbits))
> +			if (fs_startblk <= ((i_size_read(dio->inode) - 1) >>
> +							i_blkbits))
>  				create = 0;
>  		}
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ