From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Jan Kara <jack@suse.cz>
Cc: Eric Biggers <ebiggers@kernel.org>, linux-ext4@vger.kernel.org
Subject: Re: [PATCH v3 2/2] ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
Date: Fri, 21 Feb 2020 13:53:56 -0500 [thread overview]
Message-ID: <20200221185356.GC741939@mit.edu> (raw)
In-Reply-To: <20200220091548.GB13232@quack2.suse.cz>
On Thu, Feb 20, 2020 at 10:15:48AM +0100, Jan Kara wrote:
> On Wed 19-02-20 10:30:47, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > If EXT4_EXTENTS_FL is set on an inode while ext4_writepages() is running
> > on it, the following warning in ext4_add_complete_io() can be hit:
> >
> > WARNING: CPU: 1 PID: 0 at fs/ext4/page-io.c:234 ext4_put_io_end_defer+0xf0/0x120
> >
> > Here's a minimal reproducer (not 100% reliable) (root isn't required):
> >
> > while true; do
> > sync
> > done &
> > while true; do
> > rm -f file
> > touch file
> > chattr -e file
> > echo X >> file
> > chattr +e file
> > done
> >
> > The problem is that in ext4_writepages(), ext4_should_dioread_nolock()
> > (which only returns true on extent-based files) is checked once to set
> > the number of reserved journal credits, and also again later to select
> > the flags for ext4_map_blocks() and copy the reserved journal handle to
> > ext4_io_end::handle. But if EXT4_EXTENTS_FL is being concurrently set,
> > the first check can see dioread_nolock disabled while the later one can
> > see it enabled, causing the reserved handle to unexpectedly be NULL.
> >
> > Since changing EXT4_EXTENTS_FL is uncommon, and there may be other races
> > related to doing so as well, fix this by synchronizing changing
> > EXT4_EXTENTS_FL with ext4_writepages() via the existing
> > s_writepages_rwsem (previously called s_journal_flag_rwsem).
> >
> > This was originally reported by syzbot without a reproducer at
> > https://syzkaller.appspot.com/bug?extid=2202a584a00fffd19fbf,
> > but now that dioread_nolock is the default I also started seeing this
> > when running syzkaller locally.
> >
> > Reported-by: syzbot+2202a584a00fffd19fbf@syzkaller.appspotmail.com
> > Fixes: 6b523df4fb5a ("ext4: use transaction reservation for extent conversion in ext4_end_io")
> > Cc: stable@kernel.org
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> The patch looks good to me. You can add:
>
> Reviewed-by: Jan Kara <jack@suse.cz>
Thanks, applied.
- Ted
prev parent reply other threads:[~2020-02-21 18:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-19 18:30 [PATCH v3 0/2] ext4: fix race between writepages and enabling EXT4_EXTENTS_FL Eric Biggers
2020-02-19 18:30 ` [PATCH v3 1/2] ext4: rename s_journal_flag_rwsem to s_writepages_rwsem Eric Biggers
2020-02-20 9:14 ` Jan Kara
2020-02-21 18:53 ` Theodore Y. Ts'o
2020-02-19 18:30 ` [PATCH v3 2/2] ext4: fix race between writepages and enabling EXT4_EXTENTS_FL Eric Biggers
2020-02-20 9:15 ` Jan Kara
2020-02-21 18:53 ` Theodore Y. Ts'o [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200221185356.GC741939@mit.edu \
--to=tytso@mit.edu \
--cc=ebiggers@kernel.org \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.