| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 May 2024 17:51:58 +0800 From: Zhang Yi <yi.zhang@...weicloud.com> To: linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org Cc: linux-kernel@...r.kernel.org, djwong@...nel.org, hch@...radead.org, brauner@...nel.org, david@...morbit.com, chandanbabu@...nel.org, jack@...e.cz, willy@...radead.org, yi.zhang@...wei.com, yi.zhang@...weicloud.com, chengzhihao1@...wei.com, yukuai3@...wei.com Subject: [RFC PATCH v4 0/8] iomap/xfs: fix stale data exposure when truncating realtime inodes From: Zhang Yi <yi.zhang@...wei.com> Changes since v3: - Factor out a new helper to get the remainder in math64.h as Darrick suggested. - Adjust the truncating order to prevent too much redundant blocking writes as Dave suggested. - Improve to convert the tail extent to unwritten when truncating down an inode with large rtextsize as Darrick and Dave suggested. This series fix a stale data exposure issue reported by Chandan when running fstests generic/561 on xfs with realtime device[1]. The real problem is xfs_setattr_size() doesn't zero out enough range when truncating a realtime inode, please see the patch 6 or [1] for details. Patch 1 is from Dave, it improves truncate down performace by changing iomap_zero_iter() to aware dirty pages on unwritten extents, but for the case of the zeroing range that contains a cow mapping over a hole still needs to be handled. Patch 3-5 modify iomap_truncate_page() and dax_truncate_page() to pass filesystem identified blocksize, and drop the assumption of i_blocksize() as Dave suggested. Patch 6-7 adjust the truncating down processing order to first zero out the tail aligned blocks, then write back, update i_size and finally drop cache beyond aligned EOF. Fix the data exposure issue by zeroing out the entire EOF extent. Patch 8-9 add a rtextsize threshold (64k), improves truncate down performace on realtime inode with large rtextsize (beyonds this threshold) by converting the tail unaligned extent to unwritten. I've tested this series on fstests (1) with reflink=0, (2) with 28K RT device and (3) with 96K RT device (beyonds rtextsize threshold), no new failures detected. This series still needs to do furtuer tests with reflink=1 after Patch 1 covers the cow mapping over a hole case. [1] https://lore.kernel.org/linux-xfs/87ttj8ircu.fsf@debian-BULLSEYE-live-builder-AMD64/ Thanks, Yi. Dave Chinner (1): iomap: zeroing needs to be pagecache aware Zhang Yi (7): math64: add rem_u64() to just return the remainder iomap: pass blocksize to iomap_truncate_page() fsdax: pass blocksize to dax_truncate_page() xfs: refactor the truncating order xfs: correct the truncate blocksize of realtime inode xfs: reserve blocks for truncating realtime inode xfs: improve truncate on a realtime inode with huge extsize fs/dax.c | 8 +-- fs/ext2/inode.c | 4 +- fs/iomap/buffered-io.c | 50 ++++++++++++++-- fs/xfs/xfs_inode.c | 3 + fs/xfs/xfs_inode.h | 12 ++++ fs/xfs/xfs_iomap.c | 5 +- fs/xfs/xfs_iomap.h | 3 +- fs/xfs/xfs_iops.c | 133 +++++++++++++++++++++++++---------------- include/linux/dax.h | 4 +- include/linux/iomap.h | 4 +- include/linux/math64.h | 24 ++++++++ 11 files changed, 179 insertions(+), 71 deletions(-) -- 2.39.2
Powered by blists - more mailing lists