lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241220102804.m2a4zkiypahqbuvz@quack3> Date: Fri, 20 Dec 2024 11:28:04 +0100 From: Jan Kara <jack@...e.cz> To: libaokun@...weicloud.com Cc: linux-ext4@...r.kernel.org, tytso@....edu, adilger.kernel@...ger.ca, jack@...e.cz, linux-kernel@...r.kernel.org, yi.zhang@...wei.com, yangerkun@...wei.com, Baokun Li <libaokun1@...wei.com> Subject: Re: [PATCH 2/5] ext4: do not convert the unwritten extents if data writeback fails On Fri 20-12-24 14:07:54, libaokun@...weicloud.com wrote: > From: Baokun Li <libaokun1@...wei.com> > > When dioread_nolock is turned on (the default), it will convert unwritten > extents to written at ext4_end_io_end(), even if the data writeback fails. > > It leads to the possibility that stale data may be exposed when the > physical block corresponding to the file data is read-only (i.e., writes > return -EIO, but reads are normal). > > Therefore a new ext4_io_end->flags EXT4_IO_END_FAILED is added, which > indicates that some bio write-back failed in the current ext4_io_end. > When this flag is set, the unwritten to written conversion is no longer > performed. Users can read the data normally until the caches are dropped, > after that, the failed extents can only be read to all 0. > > Signed-off-by: Baokun Li <libaokun1@...wei.com> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@...e.cz> Honza > --- > fs/ext4/ext4.h | 3 ++- > fs/ext4/page-io.c | 16 ++++++++++++++-- > 2 files changed, 16 insertions(+), 3 deletions(-) > > diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h > index 4e7de7eaa374..9da0e32af02a 100644 > --- a/fs/ext4/ext4.h > +++ b/fs/ext4/ext4.h > @@ -278,7 +278,8 @@ struct ext4_system_blocks { > /* > * Flags for ext4_io_end->flags > */ > -#define EXT4_IO_END_UNWRITTEN 0x0001 > +#define EXT4_IO_END_UNWRITTEN 0x0001 > +#define EXT4_IO_END_FAILED 0x0002 > > struct ext4_io_end_vec { > struct list_head list; /* list of io_end_vec */ > diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c > index f53b018ea259..6054ec27fb48 100644 > --- a/fs/ext4/page-io.c > +++ b/fs/ext4/page-io.c > @@ -181,14 +181,25 @@ static int ext4_end_io_end(ext4_io_end_t *io_end) > "list->prev 0x%p\n", > io_end, inode->i_ino, io_end->list.next, io_end->list.prev); > > - io_end->handle = NULL; /* Following call will use up the handle */ > - ret = ext4_convert_unwritten_io_end_vec(handle, io_end); > + /* > + * Do not convert the unwritten extents if data writeback fails, > + * or stale data may be exposed. > + */ > + io_end->handle = NULL; /* Following call will use up the handle */ > + if (unlikely(io_end->flag & EXT4_IO_END_FAILED)) { > + ret = -EIO; > + if (handle) > + jbd2_journal_free_reserved(handle); > + } else { > + ret = ext4_convert_unwritten_io_end_vec(handle, io_end); > + } > if (ret < 0 && !ext4_forced_shutdown(inode->i_sb)) { > ext4_msg(inode->i_sb, KERN_EMERG, > "failed to convert unwritten extents to written " > "extents -- potential data loss! " > "(inode %lu, error %d)", inode->i_ino, ret); > } > + > ext4_clear_io_unwritten_flag(io_end); > ext4_release_io_end(io_end); > return ret; > @@ -339,6 +350,7 @@ static void ext4_end_bio(struct bio *bio) > bio->bi_status, inode->i_ino, > (unsigned long long) > bi_sector >> (inode->i_blkbits - 9)); > + io_end->flag |= EXT4_IO_END_FAILED; > mapping_set_error(inode->i_mapping, > blk_status_to_errno(bio->bi_status)); > } > -- > 2.46.1 > -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists