lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jul 2021 18:56:05 +0200 From: Jan Kara <jack@...e.cz> To: <linux-fsdevel@...r.kernel.org> Cc: <linux-ext4@...r.kernel.org>, Christoph Hellwig <hch@...radead.org>, "Darrick J. Wong" <djwong@...nel.org>, Ted Tso <tytso@....edu>, Dave Chinner <david@...morbit.com>, Matthew Wilcox <willy@...radead.org>, <linux-mm@...ck.org>, <linux-xfs@...r.kernel.org>, linux-f2fs-devel@...ts.sourceforge.net, linux-cifs@...r.kernel.org, ceph-devel@...r.kernel.org, Jan Kara <jack@...e.cz>, Steve French <sfrench@...ba.org> Subject: [PATCH 14/14] cifs: Fix race between hole punch and page fault Cifs has a following race between hole punching and page fault: CPU1 CPU2 smb3_fallocate() smb3_punch_hole() truncate_pagecache_range() filemap_fault() - loads old data into the page cache SMB2_ioctl(..., FSCTL_SET_ZERO_DATA, ...) And now we have stale data in the page cache. Fix the problem by locking out faults (as well as reads) using mapping->invalidate_lock while hole punch is running. CC: Steve French <sfrench@...ba.org> CC: linux-cifs@...r.kernel.org Signed-off-by: Jan Kara <jack@...e.cz> --- fs/cifs/smb2ops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index e4c8f603dd58..458c546ce8cd 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3588,6 +3588,7 @@ static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon, return rc; } + filemap_invalidate_lock(inode->i_mapping); /* * We implement the punch hole through ioctl, so we need remove the page * caches first, otherwise the data may be inconsistent with the server. @@ -3605,6 +3606,7 @@ static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon, sizeof(struct file_zero_data_information), CIFSMaxBufSize, NULL, NULL); free_xid(xid); + filemap_invalidate_unlock(inode->i_mapping); return rc; } -- 2.26.2
Powered by blists - more mailing lists