| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Jan 2021 16:54:40 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: linux-fsdevel@...r.kernel.org
Cc: linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-xfs@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
Christoph Hellwig <hch@....de>, stable@...r.kernel.org
Subject: [PATCH 01/13] fs: avoid double-writing inodes on lazytime expiration
From: Eric Biggers <ebiggers@...gle.com>
When lazytime is enabled and an inode with dirty timestamps is being
expired, either due to dirtytime_expire_interval being exceeded or due
to a sync or syncfs system call, we need to inform the filesystem that
the inode is dirty so that the inode's timestamps can be copied out to
the on-disk data structures. That's because if the filesystem supports
lazytime, it will have ignored the ->dirty_inode(inode, I_DIRTY_TIME)
notification when the timestamp was modified in memory.
Currently this is accomplished by calling mark_inode_dirty_sync() from
__writeback_single_inode(). However, this has the unfortunate side
effect of also putting the inode the writeback list. That's not
appropriate in this case, since the inode is already being written.
That causes the inode to remain dirty after a sync. Normally that's
just wasteful, as it causes the inode to be written twice. But when
fscrypt is used this bug also partially breaks the
FS_IOC_REMOVE_ENCRYPTION_KEY ioctl, as the ioctl reports that files are
still in-use when they aren't. For more details, see the original
report at https://lore.kernel.org/r/20200306004555.GB225345@gmail.com
Fix this by calling ->dirty_inode(inode, I_DIRTY_SYNC) directly instead
of mark_inode_dirty_sync().
This fixes xfstest generic/580 when lazytime is enabled.
A later patch will introduce a ->lazytime_expired method to cleanly
separate out the lazytime expiration case, in particular for XFS which
uses the VFS-level dirtiness tracking only for lazytime. But that's
separate from fixing this bug. Also, note that XFS will incorrectly
ignore the I_DIRTY_SYNC notification from __writeback_single_inode()
both before and after this patch, as I_DIRTY_TIME was already cleared in
i_state. Later patches will fix this separate bug.
Fixes: 0ae45f63d4ef ("vfs: add support for a lazytime mount option")
Cc: stable@...r.kernel.org
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
fs/fs-writeback.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index acfb55834af23..081e335cdee47 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1509,11 +1509,22 @@ __writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
spin_unlock(&inode->i_lock);
- if (dirty & I_DIRTY_TIME)
- mark_inode_dirty_sync(inode);
/* Don't write the inode if only I_DIRTY_PAGES was set */
if (dirty & ~I_DIRTY_PAGES) {
- int err = write_inode(inode, wbc);
+ int err;
+
+ /*
+ * If the inode is being written due to a lazytime timestamp
+ * expiration, then the filesystem needs to be notified about it
+ * so that e.g. the filesystem can update on-disk fields and
+ * journal the timestamp update. Just calling write_inode()
+ * isn't enough. Don't call mark_inode_dirty_sync(), as that
+ * would put the inode back on the dirty list.
+ */
+ if ((dirty & I_DIRTY_TIME) && inode->i_sb->s_op->dirty_inode)
+ inode->i_sb->s_op->dirty_inode(inode, I_DIRTY_SYNC);
+
+ err = write_inode(inode, wbc);
if (ret == 0)
ret = err;
}
base-commit: e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62
--
2.30.0
Powered by blists - more mailing lists