| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Feb 2020 17:54:35 -0800
From: Matthew Wilcox <willy@...radead.org>
To: "Darrick J. Wong" <darrick.wong@...cle.com>
Cc: linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, linux-btrfs@...r.kernel.org,
linux-erofs@...ts.ozlabs.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net, cluster-devel@...hat.com,
ocfs2-devel@....oracle.com, linux-xfs@...r.kernel.org
Subject: Re: [PATCH v7 21/24] iomap: Restructure iomap_readpages_actor
On Fri, Feb 21, 2020 at 04:44:25PM -0800, Darrick J. Wong wrote:
> On Wed, Feb 19, 2020 at 01:01:00PM -0800, Matthew Wilcox wrote:
> > From: "Matthew Wilcox (Oracle)" <willy@...radead.org>
> >
> > By putting the 'have we reached the end of the page' condition at the end
> > of the loop instead of the beginning, we can remove the 'submit the last
> > page' code from iomap_readpages(). Also check that iomap_readpage_actor()
> > didn't return 0, which would lead to an endless loop.
> >
> > Signed-off-by: Matthew Wilcox (Oracle) <willy@...radead.org>
> > ---
> > fs/iomap/buffered-io.c | 32 ++++++++++++++++++--------------
> > 1 file changed, 18 insertions(+), 14 deletions(-)
> >
> > diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
> > index cb3511eb152a..31899e6cb0f8 100644
> > --- a/fs/iomap/buffered-io.c
> > +++ b/fs/iomap/buffered-io.c
> > @@ -400,15 +400,9 @@ iomap_readpages_actor(struct inode *inode, loff_t pos, loff_t length,
> > void *data, struct iomap *iomap, struct iomap *srcmap)
> > {
> > struct iomap_readpage_ctx *ctx = data;
> > - loff_t done, ret;
> > -
> > - for (done = 0; done < length; done += ret) {
> > - if (ctx->cur_page && offset_in_page(pos + done) == 0) {
> > - if (!ctx->cur_page_in_bio)
> > - unlock_page(ctx->cur_page);
> > - put_page(ctx->cur_page);
> > - ctx->cur_page = NULL;
> > - }
> > + loff_t ret, done = 0;
> > +
> > + while (done < length) {
> > if (!ctx->cur_page) {
> > ctx->cur_page = iomap_next_page(inode, ctx->pages,
> > pos, length, &done);
> > @@ -418,6 +412,20 @@ iomap_readpages_actor(struct inode *inode, loff_t pos, loff_t length,
> > }
> > ret = iomap_readpage_actor(inode, pos + done, length - done,
> > ctx, iomap, srcmap);
> > + done += ret;
> > +
> > + /* Keep working on a partial page */
> > + if (ret && offset_in_page(pos + done))
> > + continue;
> > +
> > + if (!ctx->cur_page_in_bio)
> > + unlock_page(ctx->cur_page);
> > + put_page(ctx->cur_page);
> > + ctx->cur_page = NULL;
> > +
> > + /* Don't loop forever if we made no progress */
> > + if (WARN_ON(!ret))
> > + break;
> > }
> >
> > return done;
> > @@ -451,11 +459,7 @@ iomap_readpages(struct address_space *mapping, struct list_head *pages,
> > done:
> > if (ctx.bio)
> > submit_bio(ctx.bio);
> > - if (ctx.cur_page) {
> > - if (!ctx.cur_page_in_bio)
> > - unlock_page(ctx.cur_page);
> > - put_page(ctx.cur_page);
> > - }
> > + BUG_ON(ctx.cur_page);
>
> Whoah, is the system totally unrecoverably hosed at this point?
>
> I get that this /shouldn't/ happen, but should we somehow end up with a
> page here, are we unable either to release it or even just leak it? I'd
> have thought a WARN_ON would be just fine here.
If we do find a page here, we don't actually know what to do with it.
It might be (currently) locked, it might have the wrong refcount.
Whatever is going on, it's probably better that we stop everything right
here rather than allow things to go further and possibly present bad
data to the application. I mean, we could even be leaking the previous
contents of this page to userspace. Or maybe the future contents of a
page which shouldn't be in the page cache any more, but userspace gets
a mapping to it.
I'm not enthusiastic about putting in some code here to try to handle
a "can't happen" case, since it's never going to be tested, and might
end up causing more problems than it tries to solve. Let's just stop.
Powered by blists - more mailing lists