lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 31 Jan 2023 15:06:16 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     Jan Kara <jack@...e.cz>, Andrew Morton <akpm@...ux-foundation.org>
Cc:     syzbot <syzbot+707bba7f823c7b02fa43@...kaller.appspotmail.com>,
        almaz.alexandrovich@...agon-software.com, brauner@...nel.org,
        dchinner@...hat.com, hirofumi@...l.parknet.co.jp, jack@...e.com,
        jfs-discussion@...ts.sourceforge.net, linkinjeon@...nel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        ntfs3@...ts.linux.dev, shaggy@...nel.org, sj1557.seo@...sung.com,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?]
 [ntfs3?] WARNING in __mpage_writepage

On Tue, Jan 31, 2023 at 01:14:23PM +0100, Jan Kara wrote:
> This is the warning Willy has added as part of "mpage: convert
> __mpage_writepage() to use a folio more fully" and that warning can indeed
> easily trigger. There's nothing that serializes writeback against racing
> truncate setting new i_size so it is perfectly normal to see pages beyond
> EOF in this place. And the traditional response to such pages is "silently
> do nothing" since they will be soon discarded by truncate_inode_pages().

Absolutely right.  Not sure what I was thinking; I may have been
confused by the label being called "confused".  How about this for
Andrew to squash into that commit?

diff --git a/fs/mpage.c b/fs/mpage.c
index 2efa393f0db7..89bcefb4553a 100644
--- a/fs/mpage.c
+++ b/fs/mpage.c
@@ -559,6 +559,9 @@ static int __mpage_writepage(struct folio *folio, struct writeback_control *wbc,
 	first_unmapped = page_block;
 
 page_is_mapped:
+	/* Don't bother writing beyond EOF, truncate will discard the folio */
+	if (folio_pos(folio) >= i_size)
+		goto confused;
 	length = folio_size(folio);
 	if (folio_pos(folio) + length > i_size) {
 		/*
@@ -570,8 +573,6 @@ static int __mpage_writepage(struct folio *folio, struct writeback_control *wbc,
 		 * written out to the file."
 		 */
 		length = i_size - folio_pos(folio);
-		if (WARN_ON_ONCE(folio_pos(folio) >= i_size))
-			goto confused;
 		folio_zero_segment(folio, length, folio_size(folio));
 	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ