lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 13 Jan 2020 16:34:20 +0530
From:   Ritesh Harjani <riteshh@...ux.ibm.com>
To:     linux-ext4@...r.kernel.org
Cc:     tytso@....edu, jack@...e.cz, Ritesh Harjani <riteshh@...ux.ibm.com>
Subject: [RFC 0/2] ext4: Fix stale data read exposure problem with DIO read/page_mkwrite

Hello All, 

Sorry for the delay on this patchset. I guess it's because there were
lot of other context switches while working at it.

Please note that this is a RFC patch and also a WIP (due to a open problem
listed below).
There is also another thread going on where making dioread_nolock as default
mount opt [1] is being discussed. That approach should also solve the given
race at hand. But since nothing is finalized yet, so I wanted to get this patch
out for early review/discussion.

About patch
===========

Currently there is a small race window as pointed out by Jan [2] where, when
ext4 tries to allocate a written block for mapped files and if DIO read is in
progress, then this may result into stale data read exposure problem.

This patch tries to fix the mentioned issue by:
1. For non-delalloc path, page_mkwrite will use unwritten blocks by
   default for extent based files.

2. For delalloc path, we check if DIO is in progress during writeback.
   If yes, then we use unwritten blocks method to avoid this race.

Patch-1: This moves the inode_dio_begin() call before calling for
filemap_write_and_wait_range.

Patch-2: This implementes the points (1) & (2) mentioned above.

Testing:
========
xfstests "-g auto" ran fine except one warn_on issue.

Below tests are giving kernel WARN_ON from "ext4_journalled_invalidatepage()",
with 1024 blocksize, 4K pagesize & with "nodelalloc,data=journal" mount opt.
- generic/013, generic/269, generic/270

In case if someone has any pointers around this, I could dig more deeper into
this. 

References
==========
[1] https://www.spinics.net/lists/linux-ext4/msg69224.html
[2] https://lore.kernel.org/linux-ext4/20190926134726.GA28555@quack2.suse.cz/ 


Ritesh Harjani (2):
  iomap: direct-io: Move inode_dio_begin before
    filemap_write_and_wait_range
  ext4: Fix stale data read issue with DIO read & ext4_page_mkwrite path

 fs/ext4/inode.c      | 45 +++++++++++++++++++++++++++++++-------------
 fs/iomap/direct-io.c | 17 +++++++++++++----
 2 files changed, 45 insertions(+), 17 deletions(-)

-- 
2.21.0

Powered by blists - more mailing lists