lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1554534793-31444-1-git-send-email-zhangxiaoxu5@huawei.com>
Date:   Sat, 6 Apr 2019 15:13:13 +0800
From:   ZhangXiaoxu <zhangxiaoxu5@...wei.com>
To:     <viro@...iv.linux.org.uk>, <tytso@....edu>,
        <adilger.kernel@...ger.ca>, <linux-fsdevel@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <linux-ext4@...r.kernel.org>,
        <zhangxiaoxu5@...wei.com>
CC:     <yi.zhang@...wei.com>
Subject: [PATCH] fs/buffer.c: Fix data corruption when buffer write with IO error

When the buffer write failed, 'end_buffer_write_sync' and
'end_buffer_async_write' will clear the uptodate flag. But the
data in the buffer maybe newer than disk. In some case, this
will lead data corruption.

For example: ext4 flush metadata to disk failed, it will clear
the uptodate flag. when a new coming call want the buffer, it will
read it from the disk(because the buffer no uptodate flag). But
the journal not checkpoint now, it will read old data from disk.
If read successfully, ext4 will write the old data to the new
journal, the data will corruption.

So, don't clear the uptodate flag when write the buffer failed.

Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@...wei.com>
---
 fs/buffer.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/buffer.c b/fs/buffer.c
index ce35760..9fe1827 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -172,7 +172,6 @@ void end_buffer_write_sync(struct buffer_head *bh, int uptodate)
 	} else {
 		buffer_io_error(bh, ", lost sync page write");
 		mark_buffer_write_io_error(bh);
-		clear_buffer_uptodate(bh);
 	}
 	unlock_buffer(bh);
 	put_bh(bh);
@@ -325,7 +324,6 @@ void end_buffer_async_write(struct buffer_head *bh, int uptodate)
 	} else {
 		buffer_io_error(bh, ", lost async page write");
 		mark_buffer_write_io_error(bh);
-		clear_buffer_uptodate(bh);
 		SetPageError(page);
 	}
 
-- 
2.7.4

Powered by blists - more mailing lists