lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Nov 2023 12:37:03 +0530
From: Ritesh Harjani (IBM) <ritesh.list@...il.com>
To: Jan Kara <jack@...e.cz>, Ted Tso <tytso@....edu>
Cc: linux-ext4@...r.kernel.org, Jan Kara <jack@...e.cz>, syzbot+47479b71cdfc78f56d30@...kaller.appspotmail.com
Subject: Re: [PATCH] ext4: Fix warning in ext4_dio_write_end_io()

Jan Kara <jack@...e.cz> writes:

> The syzbot has reported that it can hit the warning in
> ext4_dio_write_end_io() because i_size < i_disksize. Indeed the
> reproducer creates a race between DIO IO completion and truncate
> expanding the file and thus ext4_dio_write_end_io() sees an inconsistent
> inode state where i_disksize is already updated but i_size is not
> updated yet. Since we are careful when setting up DIO write and consider
> it extending (and thus performing the IO synchronously with i_rwsem held
> exclusively) whenever it goes past either of i_size or i_disksize, we
> can use the same test during IO completion without risking entering
> ext4_handle_inode_extension() without i_rwsem held. This way we make it
> obvious both i_size and i_disksize are large enough when we report DIO
> completion without relying on unreliable WARN_ON.

Does it make sense to add this in ext4_handle_inode_extension()?
	WARN_ON_ONCE(!inode_is_locked(inode));
Ohk, we already have "lockdep_assert_held_write(&inode->i_rwsem)" so
hopefully it can catch via lockdep.


So, IIUC, the WARN happened when we were doing a non-extending
AIO-DIO write which was racing with truncate trying to expand the file
size. Because only then the DIO completion will not have i_rwsem held
which can race with truncate. Truncate since it is expanding the file
size, will not use inode_dio_wait() (since no block allocations).

Is this understanding correct?

>
> Reported-by: syzbot+47479b71cdfc78f56d30@...kaller.appspotmail.com
> Fixes: 91562895f803 ("ext4: properly sync file size update after O_SYNC direct IO")
> Signed-off-by: Jan Kara <jack@...e.cz>
> ---
>  fs/ext4/file.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/file.c b/fs/ext4/file.c
> index 0166bb9ca160..ba497aabdd1e 100644
> --- a/fs/ext4/file.c
> +++ b/fs/ext4/file.c
> @@ -386,10 +386,11 @@ static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size,
>  	 * blocks. But the code in ext4_iomap_alloc() is careful to use
>  	 * zeroed/unwritten extents if this is possible; thus we won't leave
>  	 * uninitialized blocks in a file even if we didn't succeed in writing
> -	 * as much as we intended.
> +	 * as much as we intended. Also we can race with truncate or write
> +	 * expanding the file so we have to be a bit careful here.
>  	 */
> -	WARN_ON_ONCE(i_size_read(inode) < READ_ONCE(EXT4_I(inode)->i_disksize));
> -	if (pos + size <= READ_ONCE(EXT4_I(inode)->i_disksize))
> +	if (pos + size <= READ_ONCE(EXT4_I(inode)->i_disksize) &&
> +	    pos + size <= i_size_read(inode))
>  		return size;
>  	return ext4_handle_inode_extension(inode, pos, size);
>  }
> -- 
> 2.35.3

Powered by blists - more mailing lists