lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240820140657.3685287-2-yangerkun@huaweicloud.com>
Date: Tue, 20 Aug 2024 22:06:57 +0800
From: yangerkun <yangerkun@...weicloud.com>
To: tytso@....edu,
	adilger.kernel@...ger.ca,
	jack@...e.cz
Cc: linux-ext4@...r.kernel.org,
	yangerkun@...wei.com,
	yangerkun@...weicloud.com,
	chengzhihao1@...wei.com
Subject: [PATCH 2/2] ext4: dax: keep orphan list before truncate overflow allocated blocks

From: yangerkun <yangerkun@...wei.com>

Any extended write for ext4 requires the inode to be placed on the
orphan list before the actual write. In addition, the inode can be
actually removed from the orphan list only after all writes are
completed. Otherwise, those overcommitted blocks (If the allocated
blocks are not written due to certain reasons, the inode size does not
exceed the offset of these blocks) The leak status is always retained,
and fsck reports an alarm for this scenario.

Currently, the dio and buffer IO comply with this logic. However, the
dax write will removed the inode from orphan list since
ext4_handle_inode_extension is unconditionally called during extend
write. Fix it with this patch. We open the code from
ext4_handle_inode_extension since we want to keep the blocks valid
has been allocated and write success.

Signed-off-by: yangerkun <yangerkun@...wei.com>
---
 fs/ext4/file.c | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index be061bb64067..fd8597eef75e 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -628,11 +628,12 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
 static ssize_t
 ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from)
 {
-	ssize_t ret;
+	ssize_t ret, written;
 	size_t count;
 	loff_t offset;
 	handle_t *handle;
 	bool extend = false;
+	bool need_trunc = true;
 	struct inode *inode = file_inode(iocb->ki_filp);
 
 	if (iocb->ki_flags & IOCB_NOWAIT) {
@@ -668,10 +669,36 @@ ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from)
 
 	ret = dax_iomap_rw(iocb, from, &ext4_iomap_ops);
 
-	if (extend) {
-		ret = ext4_handle_inode_extension(inode, offset, ret);
-		ext4_inode_extension_cleanup(inode, ret < (ssize_t)count);
+	if (!extend)
+		goto out;
+
+	if (ret <= 0)
+		goto err_trunc;
+
+	written = ret;
+	handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
+	if (IS_ERR(handle)) {
+		ret = PTR_ERR(handle);
+		goto err_trunc;
 	}
+
+	if (ext4_update_inode_size(inode, offset + written)) {
+		ret = ext4_mark_inode_dirty(handle, inode);
+		if (unlikely(ret)) {
+			ext4_journal_stop(handle);
+			goto err_trunc;
+		}
+	}
+
+	if (written == count)
+		need_trunc = false;
+
+	if (inode->i_nlink)
+		ext4_orphan_del(handle, inode);
+	ext4_journal_stop(handle);
+	ret = written;
+err_trunc:
+	ext4_inode_extension_cleanup(inode, need_trunc);
 out:
 	inode_unlock(inode);
 	if (ret > 0)
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ