lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 9 Jan 2023 12:20:32 +0100
From:   Jan Kara <jack@...e.cz>
To:     Zhihao Cheng <chengzhihao1@...wei.com>
Cc:     Jan Kara <jack@...e.cz>, tytso@....edu, jack@...e.com,
        linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
        yi.zhang@...wei.com, libaokun1@...wei.com, zhanchengbin1@...wei.com
Subject: Re: [PATCH v2] jbd2: Fix data missing when reusing bh which is ready
 to be checkpointed

On Sat 07-01-23 17:16:10, Zhihao Cheng wrote:
> 在 2023/1/6 22:22, Jan Kara 写道:
> 
> Hi Jan, thanks for reviewing.Some discussions below:
> 
> 
> > > diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
> > > index 6a404ac1c178..06a5e7961ef2 100644
> > > --- a/fs/jbd2/transaction.c
> > > +++ b/fs/jbd2/transaction.c
> > > @@ -1010,36 +1010,37 @@ do_get_write_access(handle_t *handle, struct journal_head *jh,
> > >   	 * ie. locked but not dirty) or tune2fs (which may actually have
> > >   	 * the buffer dirtied, ugh.)  */
> > > -	if (buffer_dirty(bh)) {
> > > +	if (buffer_dirty(bh) && jh->b_transaction) {
> > >   		/*
> > >   		 * First question: is this buffer already part of the current
> > >   		 * transaction or the existing committing transaction?
> > >   		 */
> > > -		if (jh->b_transaction) {
> > > -			J_ASSERT_JH(jh,
> > > -				jh->b_transaction == transaction ||
> > > -				jh->b_transaction ==
> > > -					journal->j_committing_transaction);
> > > -			if (jh->b_next_transaction)
> > > -				J_ASSERT_JH(jh, jh->b_next_transaction ==
> > > -							transaction);
> > > -			warn_dirty_buffer(bh);
> > > -		}
> > > +		J_ASSERT_JH(jh, jh->b_transaction == transaction ||
> > > +			jh->b_transaction == journal->j_committing_transaction);
> > > +		if (jh->b_next_transaction)
> > > +			J_ASSERT_JH(jh, jh->b_next_transaction == transaction);
> > > +		warn_dirty_buffer(bh);
> > >   		/*
> > > -		 * In any case we need to clean the dirty flag and we must
> > > -		 * do it under the buffer lock to be sure we don't race
> > > -		 * with running write-out.
> > > +		 * We need to clean the dirty flag and we must do it under the
> > > +		 * buffer lock to be sure we don't race with running write-out.
> > >   		 */
> > >   		JBUFFER_TRACE(jh, "Journalling dirty buffer");
> > >   		clear_buffer_dirty(bh);
> > > +		/*
> > > +		 * Setting jbddirty after clearing buffer dirty is necessary.
> > > +		 * Function jbd2_journal_restart() could keep buffer on
> > > +		 * BJ_Reserved list until the transaction committing, then the
> > > +		 * buffer won't be dirtied by jbd2_journal_refile_buffer()
> > > +		 * after committing, the buffer couldn't fall on disk even
> > > +		 * last checkpoint finished, which may corrupt filesystem.
> > > +		 */
> > >   		set_buffer_jbddirty(bh);
> > >   	}
> > 
> > So I think the sequence:
> > 
> > 	if (buffer_dirty(bh)) {
> > 		warn_dirty_buffer(bh);
> > 		JBUFFER_TRACE(jh, "Journalling dirty buffer");
> > 		clear_buffer_dirty(bh);
> > 		set_buffer_jbddirty(bh);
> > 	}
> > 
> > can be moved into the branch
> > 
> >    	if (jh->b_transaction == transaction ||
> > 	    jh->b_next_transaction == transaction) {
> > 
> > below. That way you can drop the assertions as well because they happen
> > later in do_get_write_access() again anyway.
> 
> 1. If we move the squence:
>  	if (buffer_dirty(bh)) {
>  		warn_dirty_buffer(bh);
>  		JBUFFER_TRACE(jh, "Journalling dirty buffer");
>  		clear_buffer_dirty(bh);
>  		set_buffer_jbddirty(bh);
>  	}
> 
> into the branch
> 
>         if (jh->b_transaction == transaction ||
>  	    jh->b_next_transaction == transaction) {
> 
> , then we have a new situation(jh->b_transaction ==
> journal->j_committing_transaction) to clear buffer dirty, so we need to add
> an else-branch like(based on v2 patch):
> --- a/fs/jbd2/transaction.c
> +++ b/fs/jbd2/transaction.c
> @@ -1092,6 +1092,10 @@ do_get_write_access(handle_t *handle, struct
> journal_head *jh,
>                 spin_unlock(&journal->j_list_lock);
>                 unlock_buffer(bh);
>                 goto done;
> +       } else if (test_clear_buffer_dirty(bh)) {
> +               warn_dirty_buffer(bh);
> +               JBUFFER_TRACE(jh, "Journalling dirty buffer");
> +               set_buffer_jbddirty(bh);
>         }
>         unlock_buffer(bh);
> 
> I think we'd better not to move the sequence?

Oh, you're right. So yeah, keep this sequence where it was.

> 2. I agree that the assertions in branch 'if (jh->b_transaction)' are
> redundant, I will remove them in v3. Thanks for pointing that.

OK, thanks!

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ