lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240619002444.GH103034@frogsfrogsfrogs>
Date: Tue, 18 Jun 2024 17:24:44 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: Zhang Yi <yi.zhang@...weicloud.com>
Cc: linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, hch@...radead.org, brauner@...nel.org,
	david@...morbit.com, chandanbabu@...nel.org, jack@...e.cz,
	yi.zhang@...wei.com, chengzhihao1@...wei.com, yukuai3@...wei.com
Subject: Re: [PATCH -next v6 0/2] iomap/xfs: fix stale data exposure when
 truncating realtime inodes

On Tue, Jun 18, 2024 at 10:21:10PM +0800, Zhang Yi wrote:
> Changes since v5:
>  - Drop all the code about zeroing out the whole allocation unitsize
>    on truncate down in xfs_setattr_size() as Christoph suggested, let's
>    just fix this issue for RT file by converting tail blocks to
>    unwritten now, and we could think about forced aligned extent and
>    atomic write later until it needs, so only pick patch 6 and 8 in
>    previous version, do some minor git log changes.

This mostly makes sense, let's see how it fares with overnight fstests.
For now, this is a provisional
Reviewed-by: Darrick J. Wong <djwong@...nel.org>

--D


> Changes since v4:
>  - Drop the first patch in v4 "iomap: zeroing needs to be pagecache
>    aware" since this series is not strongly depends on it, that patch
>    still needs furtuer analyse and also should add to handle the case of
>    a pending COW extent that extends over a data fork hole. This is a
>    big job, so let's fix the exposure stale data issue and brings back
>    the changes in iomap_write_end() first, don't block the ext4 buffered
>    iomap conversion.
>  - In patch 1, drop the 'ifndef rem_u64'.
>  - In patch 4, factor out a helper xfs_setattr_truncate_data() to handle
>    the zero out, update i_size, write back and drop pagecache on
>    truncate.
>  - In patch 5, switch to use xfs_inode_alloc_unitsize() in
>    xfs_itruncate_extents_flags().
>  - In patch 6, changes to reserve blocks for rtextsize > 1 realtime
>    inodes on truncate down.
>  - In patch 7, drop the unwritten convert threshold, always convert tail
>    blocks to unwritten on truncate down realtime inodes.
>  - Add patch 8 to bring back 'commit 943bc0882ceb ("iomap: don't
>    increase i_size if it's not a write operation")'.
> 
> Changes since v3:
>  - Factor out a new helper to get the remainder in math64.h as Darrick
>    suggested.
>  - Adjust the truncating order to prevent too much redundant blocking
>    writes as Dave suggested.
>  - Improve to convert the tail extent to unwritten when truncating down
>    an inode with large rtextsize as Darrick and Dave suggested.
> 
> Since 'commit 943bc0882ceb ("iomap: don't increase i_size if it's not a
> write operation")' merged, Chandan reported a stale data exposure issue
> when running fstests generic/561 on xfs with realtime device [1]. This
> issue has been fix in 6.10 by revert this commit through commit
> '0841ea4a3b41 ("iomap: keep on increasing i_size in iomap_write_end()")',
> but the real problem is xfs_setattr_size() doesn't zero out enough range
> when truncate down a realtime inode. So this series fix this problem by
> just converting the tail blocks to unwritten when truncate down realtime
> inodes, then we could bring commit 943bc0882ceb back.
> 
> I've tested this series on fstests (1) with reflink=0, (2) with
> reflink=1, (3) with 28K RT device, no new failures detected, and it
> passed generic/561 on RT device over 300+ rounds, please let me know if
> we need any other test.
> 
> [1] https://lore.kernel.org/linux-xfs/87ttj8ircu.fsf@debian-BULLSEYE-live-builder-AMD64/
> 
> Thanks,
> Yi.
> 
> Zhang Yi (2):
>   xfs: reserve blocks for truncating large realtime inode
>   iomap: don't increase i_size in iomap_write_end()
> 
>  fs/iomap/buffered-io.c | 53 +++++++++++++++++++++++-------------------
>  fs/xfs/xfs_iops.c      | 15 +++++++++++-
>  2 files changed, 43 insertions(+), 25 deletions(-)
> 
> -- 
> 2.39.2
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ