| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240621200408.GA103014@frogsfrogsfrogs>
Date: Fri, 21 Jun 2024 13:04:08 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: John Garry <john.g.garry@...cle.com>
Cc: chandan.babu@...cle.com, dchinner@...hat.com, hch@....de,
viro@...iv.linux.org.uk, brauner@...nel.org, jack@...e.cz,
linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, catherine.hoang@...cle.com,
martin.petersen@...cle.com
Subject: Re: [PATCH 01/13] xfs: only allow minlen allocations when near ENOSPC
On Fri, Jun 21, 2024 at 12:42:25PM -0700, Darrick J. Wong wrote:
> On Fri, Jun 21, 2024 at 10:05:28AM +0000, John Garry wrote:
> > From: Dave Chinner <dchinner@...hat.com>
> >
> > When we are near ENOSPC and don't have enough free
> > space for an args->maxlen allocation, xfs_alloc_space_available()
> > will trim args->maxlen to equal the available space. However, this
> > function has only checked that there is enough contiguous free space
> > for an aligned args->minlen allocation to succeed. Hence there is no
> > guarantee that an args->maxlen allocation will succeed, nor that the
> > available space will allow for correct alignment of an args->maxlen
> > allocation.
> >
> > Further, by trimming args->maxlen arbitrarily, it breaks an
> > assumption made in xfs_alloc_fix_len() that if the caller wants
> > aligned allocation, then args->maxlen will be set to an aligned
> > value. It then skips the tail alignment and so we end up with
> > extents that aren't aligned to extent size hint boundaries as we
> > approach ENOSPC.
> >
> > To avoid this problem, don't reduce args->maxlen by some random,
> > arbitrary amount. If args->maxlen is too large for the available
> > space, reduce the allocation to a minlen allocation as we know we
> > have contiguous free space available for this to succeed and always
> > be correctly aligned.
> >
> > Signed-off-by: Dave Chinner <dchinner@...hat.com>
> > Signed-off-by: John Garry <john.g.garry@...cle.com>
> > ---
> > fs/xfs/libxfs/xfs_alloc.c | 19 ++++++++++++++-----
> > 1 file changed, 14 insertions(+), 5 deletions(-)
> >
> > diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
> > index 6c55a6e88eba..5855a21d4864 100644
> > --- a/fs/xfs/libxfs/xfs_alloc.c
> > +++ b/fs/xfs/libxfs/xfs_alloc.c
> > @@ -2409,14 +2409,23 @@ xfs_alloc_space_available(
> > if (available < (int)max(args->total, alloc_len))
> > return false;
> >
> > + if (flags & XFS_ALLOC_FLAG_CHECK)
> > + return true;
> > +
> > /*
> > - * Clamp maxlen to the amount of free space available for the actual
> > - * extent allocation.
> > + * If we can't do a maxlen allocation, then we must reduce the size of
> > + * the allocation to match the available free space. We know how big
> > + * the largest contiguous free space we can allocate is, so that's our
> > + * upper bound. However, we don't exaclty know what alignment/size
> > + * constraints have been placed on the allocation, so we can't
> > + * arbitrarily select some new max size. Hence make this a minlen
> > + * allocation as we know that will definitely succeed and match the
> > + * callers alignment constraints.
> > */
> > - if (available < (int)args->maxlen && !(flags & XFS_ALLOC_FLAG_CHECK)) {
> > - args->maxlen = available;
> > + alloc_len = args->maxlen + (args->alignment - 1) + args->minalignslop;
>
> Didn't we already calculate alloc_len identically under "do we have
> enough contiguous free space for the allocation?"? AFAICT we haven't
> alter anything in @args since then, right?
Oops, the first computation uses minlen, whereas this one uses maxlen.
Disregard this question, please.
--D
> > + if (longest < alloc_len) {
> > + args->maxlen = args->minlen;
>
> Is it possible to reduce maxlen the largest multiple of the alignment
> that is still less than @longest?
>
> --D
>
> > ASSERT(args->maxlen > 0);
> > - ASSERT(args->maxlen >= args->minlen);
> > }
> >
> > return true;
> > --
> > 2.31.1
> >
> >
>
Powered by blists - more mailing lists