| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170403171812.GK4864@birch.djwong.org>
Date: Mon, 3 Apr 2017 10:18:12 -0700
From: "Darrick J. Wong" <darrick.wong@...cle.com>
To: Calvin Owens <calvinowens@...com>
Cc: Brian Foster <bfoster@...hat.com>, linux-xfs@...r.kernel.org,
linux-kernel@...r.kernel.org, Christoph Hellwig <hch@....de>,
Dave Chinner <david@...morbit.com>, kernel-team@...com,
stable@...r.kernel.org
Subject: Re: [PATCH v3] xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of
files
On Mon, Apr 03, 2017 at 10:15:31AM -0700, Darrick J. Wong wrote:
> On Thu, Mar 30, 2017 at 09:18:00PM -0700, Calvin Owens wrote:
> > When punching past EOF on XFS, fallocate(mode=PUNCH_HOLE|KEEP_SIZE) will
> > round the file size up to the nearest multiple of PAGE_SIZE:
> >
> > calvinow@...disks/generic-xfs-1 ~$ dd if=/dev/urandom of=test bs=2048 count=1
> > calvinow@...disks/generic-xfs-1 ~$ stat test
> > Size: 2048 Blocks: 8 IO Block: 4096 regular file
> > calvinow@...disks/generic-xfs-1 ~$ fallocate -n -l 2048 -o 2048 -p test
> > calvinow@...disks/generic-xfs-1 ~$ stat test
> > Size: 4096 Blocks: 8 IO Block: 4096 regular file
> >
> > Commit 3c2bdc912a1cc050 ("xfs: kill xfs_zero_remaining_bytes") replaced
> > xfs_zero_remaining_bytes() with calls to iomap helpers. The new helpers
> > don't enforce that [pos,offset) lies strictly on [0,i_size) when being
> > called from xfs_free_file_space(), so by "leaking" these ranges into
> > xfs_zero_range() we get this buggy behavior.
> >
> > Fix this by reintroducing the checks xfs_zero_remaining_bytes() did
> > against i_size at the bottom of xfs_free_file_space().
> >
> > Reported-by: Aaron Gao <gzh@...com>
> > Fixes: 3c2bdc912a1cc050 ("xfs: kill xfs_zero_remaining_bytes")
> > Cc: Christoph Hellwig <hch@....de>
> > Cc: Brian Foster <bfoster@...hat.com>
> > Cc: <stable@...r.kernel.org> # 4.8+
> > Signed-off-by: Calvin Owens <calvinowens@...com>
> > ---
> > fs/xfs/xfs_bmap_util.c | 10 +++++++++-
> > 1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c
> > index 8b75dce..828532c 100644
> > --- a/fs/xfs/xfs_bmap_util.c
> > +++ b/fs/xfs/xfs_bmap_util.c
> > @@ -1311,8 +1311,16 @@ xfs_free_file_space(
> > /*
> > * Now that we've unmap all full blocks we'll have to zero out any
> > * partial block at the beginning and/or end. xfs_zero_range is
> > - * smart enough to skip any holes, including those we just created.
> > + * smart enough to skip any holes, including those we just created,
> > + * but we must take care not to zero beyond EOF and enlarge i_size.
> > */
> > +
> > + if (offset >= XFS_ISIZE(ip))
> > + return 0;
> > +
> > + if (offset + len > XFS_ISIZE(ip))
> > + len = XFS_ISIZE(ip) - offset;
> > +
>
> I'll pick this up for 4.12.
Bah, hit send too quickly.
I'll pick this up for 4.12, unless anyone wants me to push this for -rc6?
--D
> Reviewed-by: Darrick J. Wong <darrick.wong@...cle.com>
>
> --D
>
> > return xfs_zero_range(ip, offset, len, NULL);
> > }
> >
> > --
> > 2.9.3
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@...r.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists