| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241220102804.m2a4zkiypahqbuvz@quack3>
Date: Fri, 20 Dec 2024 11:28:04 +0100
From: Jan Kara <jack@...e.cz>
To: libaokun@...weicloud.com
Cc: linux-ext4@...r.kernel.org, tytso@....edu, adilger.kernel@...ger.ca,
jack@...e.cz, linux-kernel@...r.kernel.org, yi.zhang@...wei.com,
yangerkun@...wei.com, Baokun Li <libaokun1@...wei.com>
Subject: Re: [PATCH 2/5] ext4: do not convert the unwritten extents if data
writeback fails
On Fri 20-12-24 14:07:54, libaokun@...weicloud.com wrote:
> From: Baokun Li <libaokun1@...wei.com>
>
> When dioread_nolock is turned on (the default), it will convert unwritten
> extents to written at ext4_end_io_end(), even if the data writeback fails.
>
> It leads to the possibility that stale data may be exposed when the
> physical block corresponding to the file data is read-only (i.e., writes
> return -EIO, but reads are normal).
>
> Therefore a new ext4_io_end->flags EXT4_IO_END_FAILED is added, which
> indicates that some bio write-back failed in the current ext4_io_end.
> When this flag is set, the unwritten to written conversion is no longer
> performed. Users can read the data normally until the caches are dropped,
> after that, the failed extents can only be read to all 0.
>
> Signed-off-by: Baokun Li <libaokun1@...wei.com>
Looks good. Feel free to add:
Reviewed-by: Jan Kara <jack@...e.cz>
Honza
> ---
> fs/ext4/ext4.h | 3 ++-
> fs/ext4/page-io.c | 16 ++++++++++++++--
> 2 files changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index 4e7de7eaa374..9da0e32af02a 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -278,7 +278,8 @@ struct ext4_system_blocks {
> /*
> * Flags for ext4_io_end->flags
> */
> -#define EXT4_IO_END_UNWRITTEN 0x0001
> +#define EXT4_IO_END_UNWRITTEN 0x0001
> +#define EXT4_IO_END_FAILED 0x0002
>
> struct ext4_io_end_vec {
> struct list_head list; /* list of io_end_vec */
> diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
> index f53b018ea259..6054ec27fb48 100644
> --- a/fs/ext4/page-io.c
> +++ b/fs/ext4/page-io.c
> @@ -181,14 +181,25 @@ static int ext4_end_io_end(ext4_io_end_t *io_end)
> "list->prev 0x%p\n",
> io_end, inode->i_ino, io_end->list.next, io_end->list.prev);
>
> - io_end->handle = NULL; /* Following call will use up the handle */
> - ret = ext4_convert_unwritten_io_end_vec(handle, io_end);
> + /*
> + * Do not convert the unwritten extents if data writeback fails,
> + * or stale data may be exposed.
> + */
> + io_end->handle = NULL; /* Following call will use up the handle */
> + if (unlikely(io_end->flag & EXT4_IO_END_FAILED)) {
> + ret = -EIO;
> + if (handle)
> + jbd2_journal_free_reserved(handle);
> + } else {
> + ret = ext4_convert_unwritten_io_end_vec(handle, io_end);
> + }
> if (ret < 0 && !ext4_forced_shutdown(inode->i_sb)) {
> ext4_msg(inode->i_sb, KERN_EMERG,
> "failed to convert unwritten extents to written "
> "extents -- potential data loss! "
> "(inode %lu, error %d)", inode->i_ino, ret);
> }
> +
> ext4_clear_io_unwritten_flag(io_end);
> ext4_release_io_end(io_end);
> return ret;
> @@ -339,6 +350,7 @@ static void ext4_end_bio(struct bio *bio)
> bio->bi_status, inode->i_ino,
> (unsigned long long)
> bi_sector >> (inode->i_blkbits - 9));
> + io_end->flag |= EXT4_IO_END_FAILED;
> mapping_set_error(inode->i_mapping,
> blk_status_to_errno(bio->bi_status));
> }
> --
> 2.46.1
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists