| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210415195850.GA16226@localhost.localdomain>
Date: Thu, 15 Apr 2021 15:58:50 -0400
From: Eric Whitney <enwlinux@...il.com>
To: Jan Kara <jack@...e.cz>
Cc: Ted Tso <tytso@....edu>, linux-ext4@...r.kernel.org,
Eric Whitney <enwlinux@...il.com>, stable@...r.kernel.org
Subject: Re: [PATCH v3] ext4: Fix occasional generic/418 failure
* Jan Kara <jack@...e.cz>:
> Eric has noticed that after pagecache read rework, generic/418 is
> occasionally failing for ext4 when blocksize < pagesize. In fact, the
> pagecache rework just made hard to hit race in ext4 more likely. The
> problem is that since ext4 conversion of direct IO writes to iomap
> framework (commit 378f32bab371), we update inode size after direct IO
> write only after invalidating page cache. Thus if buffered read sneaks
> at unfortunate moment like:
>
> CPU1 - write at offset 1k CPU2 - read from offset 0
> iomap_dio_rw(..., IOMAP_DIO_FORCE_WAIT);
> ext4_readpage();
> ext4_handle_inode_extension()
>
> the read will zero out tail of the page as it still sees smaller inode
> size and thus page cache becomes inconsistent with on-disk contents with
> all the consequences.
>
> Fix the problem by moving inode size update into end_io handler which
> gets called before the page cache is invalidated.
>
> Reported-and-tested-by: Eric Whitney <enwlinux@...il.com>
> Fixes: 378f32bab371 ("ext4: introduce direct I/O write using iomap infrastructure")
> CC: stable@...r.kernel.org
> Signed-off-by: Jan Kara <jack@...e.cz>
> ---
> fs/ext4/file.c | 25 +++++++++++++++++++++----
> 1 file changed, 21 insertions(+), 4 deletions(-)
>
> diff --git a/fs/ext4/file.c b/fs/ext4/file.c
> index 194f5d00fa32..7924634ab0bf 100644
> --- a/fs/ext4/file.c
> +++ b/fs/ext4/file.c
> @@ -371,15 +371,32 @@ static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset,
> static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size,
> int error, unsigned int flags)
> {
> - loff_t offset = iocb->ki_pos;
> + loff_t pos = iocb->ki_pos;
> struct inode *inode = file_inode(iocb->ki_filp);
>
> if (error)
> return error;
>
> - if (size && flags & IOMAP_DIO_UNWRITTEN)
> - return ext4_convert_unwritten_extents(NULL, inode,
> - offset, size);
> + if (size && flags & IOMAP_DIO_UNWRITTEN) {
> + error = ext4_convert_unwritten_extents(NULL, inode, pos, size);
> + if (error < 0)
> + return error;
> + }
> + /*
> + * If we are extending the file, we have to update i_size here before
> + * page cache gets invalidated in iomap_dio_rw(). Otherwise racing
> + * buffered reads could zero out too much from page cache pages. Update
> + * of on-disk size will happen later in ext4_dio_write_iter() where
> + * we have enough information to also perform orphan list handling etc.
> + * Note that we perform all extending writes synchronously under
> + * i_rwsem held exclusively so i_size update is safe here in that case.
> + * If the write was not extending, we cannot see pos > i_size here
> + * because operations reducing i_size like truncate wait for all
> + * outstanding DIO before updating i_size.
> + */
> + pos += size;
> + if (pos > i_size_read(inode))
> + i_size_write(inode, pos);
>
> return 0;
> }
> --
> 2.26.2
>
With additional data, the generic/068 failure I saw on the data=journal test
configuration when testing the v2 version of this patch doesn't appear to be
a regression. 100 runs of 068 on a v2 patched -rc7 kernel failed five times,
and it failed three times on an unpatched -rc7 kernel. So, that failure is
most likely a latent problem unrelated to this patch.
Thanks,
Eric
Powered by blists - more mailing lists