| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Feb 2020 09:55:09 -0800
From: Ira Weiny <ira.weiny@...el.com>
To: Dave Chinner <david@...morbit.com>
Cc: linux-kernel@...r.kernel.org,
Alexander Viro <viro@...iv.linux.org.uk>,
"Darrick J. Wong" <darrick.wong@...cle.com>,
Dan Williams <dan.j.williams@...el.com>,
Christoph Hellwig <hch@....de>,
"Theodore Y. Ts'o" <tytso@....edu>, Jan Kara <jack@...e.cz>,
linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v3 06/12] fs/xfs: Check if the inode supports DAX under
lock
On Tue, Feb 11, 2020 at 05:16:39PM +1100, Dave Chinner wrote:
> On Sat, Feb 08, 2020 at 11:34:39AM -0800, ira.weiny@...el.com wrote:
> > From: Ira Weiny <ira.weiny@...el.com>
> >
> > One of the checks for an inode supporting DAX is if the inode is
> > reflinked. During a non-DAX to DAX state change we could race with
> > the file being reflinked and end up with a reflinked file being in DAX
> > state.
> >
> > Prevent this race by checking for DAX support under the MMAP_LOCK.
>
> The on disk inode flags are protected by the XFS_ILOCK, not the
> MMAP_LOCK. i.e. the MMAPLOCK provides data access serialisation, not
> metadata modification serialisation.
Ah...
>
> >
> > Signed-off-by: Ira Weiny <ira.weiny@...el.com>
> > ---
> > fs/xfs/xfs_ioctl.c | 11 +++++++----
> > 1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> > index da1eb2bdb386..4ff402fd6636 100644
> > --- a/fs/xfs/xfs_ioctl.c
> > +++ b/fs/xfs/xfs_ioctl.c
> > @@ -1194,10 +1194,6 @@ xfs_ioctl_setattr_dax_invalidate(
> >
> > *join_flags = 0;
> >
> > - if ((fa->fsx_xflags & FS_XFLAG_DAX) == FS_XFLAG_DAX &&
> > - !xfs_inode_supports_dax(ip))
> > - return -EINVAL;
> > -
> > /* If the DAX state is not changing, we have nothing to do here. */
> > if ((fa->fsx_xflags & FS_XFLAG_DAX) &&
> > (ip->i_d.di_flags2 & XFS_DIFLAG2_DAX))
> > @@ -1211,6 +1207,13 @@ xfs_ioctl_setattr_dax_invalidate(
> >
> > /* lock, flush and invalidate mapping in preparation for flag change */
> > xfs_ilock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL);
> > +
> > + if ((fa->fsx_xflags & FS_XFLAG_DAX) == FS_XFLAG_DAX &&
> > + !xfs_inode_supports_dax(ip)) {
> > + error = -EINVAL;
> > + goto out_unlock;
> > + }
>
> Yes, you might be able to get away with reflink vs dax flag
> serialisation on the inode flag modification, but it is not correct and
> leaves a landmine for future inode flag modifications that are done
> without holding either the MMAP or IOLOCK.
>
> e.g. concurrent calls to xfs_ioctl_setattr() setting/clearing flags
> other than the on disk DAX flag are all serialised by the ILOCK_EXCL
> and will no be serialised against this DAX check. Hence if there are
> other flags that we add in future that affect the result of
> xfs_inode_supports_dax(), this code will not be correctly
> serialised.
>
> This raciness in checking the DAX flags is the reason that
> xfs_ioctl_setattr_xflags() redoes all the reflink vs dax checks once
> it's called under the XFS_ILOCK_EXCL during the actual change
> transaction....
Ok I found this by trying to make sure that the xfs_inode_supports_dax() call
was always returning valid data. So I don't have a specific test which was
failing.
Looking at the code again, it sounds like I was wrong about which locks protect
what and with your explanation above it looks like there is nothing to be done
here and I can drop the patch.
Would you agree?
Thanks for the review!
Ira
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@...morbit.com
Powered by blists - more mailing lists