lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48deeadf-05cd-3535-a589-907cfa252799@huawei.com>
Date:   Mon, 20 Mar 2023 20:49:07 +0800
From:   Zhihao Cheng <chengzhihao1@...wei.com>
To:     Jan Kara <jack@...e.cz>
CC:     <tytso@....edu>, <adilger.kernel@...ger.ca>, <jack@...e.com>,
        <tudor.ambarus@...aro.org>, <linux-ext4@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <yi.zhang@...wei.com>
Subject: Re: [PATCH] ext4: Fix i_disksize exceeding i_size problem in
 paritally written case

[...]

>> BTW, I want send another patch as follows:
>> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
>> index bf0b7dea4900..570a687ae847 100644
>> --- a/fs/ext4/inode.c
>> +++ b/fs/ext4/inode.c
>> @@ -3149,7 +3149,7 @@ static int ext4_da_write_end(struct file *file,
>>                  return ext4_write_inline_data_end(inode, pos, len, copied,
>> page);
>>
>>          start = pos & (PAGE_SIZE - 1);
>> -       end = start + copied - 1;
>> +       end = start + (copied ? copied - 1 : copied);
>>
>>          /*
>>           * Since we are holding inode lock, we are sure i_disksize <=
>> @@ -3167,7 +3167,7 @@ static int ext4_da_write_end(struct file *file,
>>           * ext4_da_write_inline_data_end().
>>           */
>>          new_i_size = pos + copied;
>> -       if (copied && new_i_size > inode->i_size &&
>> +       if (new_i_size > inode->i_size &&
>>              ext4_da_should_update_i_disksize(page, end))
>>                  ext4_update_i_disksize(inode, new_i_size);
>>
>> This modification handle unconsistent i_size and i_disksize imported by
>> ea51d132dbf9 ("ext4: avoid hangs in ext4_da_should_update_i_disksize()").
>>
>> Paritially written may display a fake inode size for user, for example:
>>
>>
>>
>> i_disksize=1
>>
>> generic_perform_write
>>
>>   copied = iov_iter_copy_from_user_atomic(len) // copied = 0
>>
>>   ext4_da_write_end // skip updating i_disksize
>>
>>   generic_write_end
>>
>>    if (pos + copied > inode->i_size) {  // 10 + 0 > 1, true
>>
>>     i_size_write(inode, pos + copied);  // i_size = 10
>>
>>    }
>>
>>
>>
>>     0 1      10                4096
>>
>>     |_|_______|_________..._____|
>>
>>       |       |
>>
>>      i_size  pos
>>
>>
>>
>> Now, user see the i_size is 10 (i_disksize is still 1). After inode
>>
>> destroyed, user will get the i_size is 1 read from disk.
> 
> OK, but shouldn't we rather change generic_write_end() to not increase
> i_size if no write happened? Because that is what seems somewhat
> problematic...
> 
> 								Honza
> 

After looking through some code, I find some other places have similar 
problem:
1. In ext4_write_end(), i_size is updated by ext4 not generic_write_end().
2. The iommap framework, i_size is updated even copied is zero.
3. ubifs_write_end, i_size is updated even copied is zero.

It seems that fixing all places is not an easy work.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ