lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240103100325.jmzlai2xegn4skwm@quack3> Date: Wed, 3 Jan 2024 11:03:25 +0100 From: Jan Kara <jack@...e.cz> To: Zhang Yi <yi.zhang@...weicloud.com> Cc: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org, tytso@....edu, adilger.kernel@...ger.ca, jack@...e.cz, ritesh.list@...il.com, hch@...radead.org, djwong@...nel.org, willy@...radead.org, yi.zhang@...wei.com, chengzhihao1@...wei.com, yukuai3@...wei.com, wangkefeng.wang@...wei.com Subject: Re: [RFC PATCH v2 02/25] ext4: convert to exclusive lock while inserting delalloc extents On Tue 02-01-24 20:38:55, Zhang Yi wrote: > From: Zhang Yi <yi.zhang@...wei.com> > > ext4_da_map_blocks() only hold i_data_sem in shared mode and i_rwsem > when inserting delalloc extents, it could be raced by another querying > path of ext4_map_blocks() without i_rwsem, .e.g buffered read path. > Suppose we buffered read a file containing just a hole, and without any > cached extents tree, then it is raced by another delayed buffered write > to the same area or the near area belongs to the same hole, and the new > delalloc extent could be overwritten to a hole extent. > > pread() pwrite() > filemap_read_folio() > ext4_mpage_readpages() > ext4_map_blocks() > down_read(i_data_sem) > ext4_ext_determine_hole() > //find hole > ext4_ext_put_gap_in_cache() > ext4_es_find_extent_range() > //no delalloc extent > ext4_da_map_blocks() > down_read(i_data_sem) > ext4_insert_delayed_block() > //insert delalloc extent > ext4_es_insert_extent() > //overwrite delalloc extent to hole > > This race could lead to inconsistent delalloc extents tree and > incorrect reserved space counter. Fix this by converting to hold > i_data_sem in exclusive mode when adding a new delalloc extent in > ext4_da_map_blocks(). > > Cc: stable@...r.kernel.org > Signed-off-by: Zhang Yi <yi.zhang@...wei.com> > Suggested-by: Jan Kara <jack@...e.cz> Looks good to me! Feel free to add: Reviewed-by: Jan Kara <jack@...e.cz> Honza > --- > fs/ext4/inode.c | 25 +++++++++++-------------- > 1 file changed, 11 insertions(+), 14 deletions(-) > > diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c > index 5b0d3075be12..142c67f5c7fc 100644 > --- a/fs/ext4/inode.c > +++ b/fs/ext4/inode.c > @@ -1703,10 +1703,8 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, > > /* Lookup extent status tree firstly */ > if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { > - if (ext4_es_is_hole(&es)) { > - down_read(&EXT4_I(inode)->i_data_sem); > + if (ext4_es_is_hole(&es)) > goto add_delayed; > - } > > /* > * Delayed extent could be allocated by fallocate. > @@ -1748,8 +1746,10 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, > retval = ext4_ext_map_blocks(NULL, inode, map, 0); > else > retval = ext4_ind_map_blocks(NULL, inode, map, 0); > - if (retval < 0) > - goto out_unlock; > + if (retval < 0) { > + up_read(&EXT4_I(inode)->i_data_sem); > + return retval; > + } > if (retval > 0) { > unsigned int status; > > @@ -1765,24 +1765,21 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, > EXTENT_STATUS_UNWRITTEN : EXTENT_STATUS_WRITTEN; > ext4_es_insert_extent(inode, map->m_lblk, map->m_len, > map->m_pblk, status); > - goto out_unlock; > + up_read(&EXT4_I(inode)->i_data_sem); > + return retval; > } > + up_read(&EXT4_I(inode)->i_data_sem); > > add_delayed: > - /* > - * XXX: __block_prepare_write() unmaps passed block, > - * is it OK? > - */ > + down_write(&EXT4_I(inode)->i_data_sem); > retval = ext4_insert_delayed_block(inode, map->m_lblk); > + up_write(&EXT4_I(inode)->i_data_sem); > if (retval) > - goto out_unlock; > + return retval; > > map_bh(bh, inode->i_sb, invalid_block); > set_buffer_new(bh); > set_buffer_delay(bh); > - > -out_unlock: > - up_read((&EXT4_I(inode)->i_data_sem)); > return retval; > } > > -- > 2.39.2 > -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists