From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
To: "Darrick J. Wong" <djwong@kernel.org>, djwong@kernel.org
Cc: willy@infradead.org, linux-fsdevel@vger.kernel.org,
linux-xfs@vger.kernel.org, willy@infradead.org
Subject: Re: [PATCH 1/2] iomap: don't skip reading in !uptodate folios when unsharing a range
Date: Tue, 19 Sep 2023 14:54:56 +0530 [thread overview]
Message-ID: <87cyye7bx3.fsf@doe.com> (raw)
In-Reply-To: <87sf7a7p04.fsf@doe.com>
Ritesh Harjani (IBM) <ritesh.list@gmail.com> writes:
> "Darrick J. Wong" <djwong@kernel.org> writes:
>
>> From: Darrick J. Wong <djwong@kernel.org>
>>
>> Prior to commit a01b8f225248e, we would always read in the contents of a
>> !uptodate folio prior to writing userspace data into the folio,
>> allocated a folio state object, etc. Ritesh introduced an optimization
>> that skips all of that if the write would cover the entire folio.
>>
>> Unfortunately, the optimization misses the unshare case, where we always
>> have to read in the folio contents since there isn't a data buffer
>> supplied by userspace. This can result in stale kernel memory exposure
>> if userspace issues a FALLOC_FL_UNSHARE_RANGE call on part of a shared
>> file that isn't already cached.
>>
>> This was caught by observing fstests regressions in the "unshare around"
>> mechanism that is used for unaligned writes to a reflinked realtime
>> volume when the realtime extent size is larger than 1FSB, though I think
>> it applies to any shared file.
>>
>> Cc: ritesh.list@gmail.com, willy@infradead.org
>> Fixes: a01b8f225248e ("iomap: Allocate ifs in ->write_begin() early")
>> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
>> ---
>> fs/iomap/buffered-io.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> Thanks for catching this case. Fix for this looks good to me.
> I have verified on my setup. w/o this patch it indeed can cause
> corruption in the unshare case, since we don't read the disk contents
> and we might end up writing garbage from the page cache.
To add more info to my above review. iomap_write_begin() is used by
1. iomap_write_iter()
2. iomap_zero_iter()
3. iomap_unshare_iter()
And looks like out of the 3, iomap_unshare_iter() is the only one which
will not write anything to the folio in the foliocache, & we
definitely need to read the extent in folio cache in iomap_write_begin()
for unsharing.
Hence I believe iomap_unshare_iter() should be the only path to be
fixed, which this patch does by checking IOMAP_UNSHARE flag in
__iomap_write_begin().
>
> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
>
>
-ritesh
next prev parent reply other threads:[~2023-09-19 9:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-18 23:11 [PATCHSET 0/2] iomap: fix unshare data corruption bug Darrick J. Wong
2023-09-18 23:12 ` [PATCH 1/2] iomap: don't skip reading in !uptodate folios when unsharing a range Darrick J. Wong
2023-09-19 4:42 ` Ritesh Harjani
2023-09-19 9:24 ` Ritesh Harjani [this message]
2023-09-19 5:14 ` Ritesh Harjani
2023-09-19 5:24 ` Darrick J. Wong
2023-09-19 5:32 ` Darrick J. Wong
2023-09-18 23:12 ` [PATCH 2/2] iomap: convert iomap_unshare_iter to use large folios Darrick J. Wong
2023-09-19 8:03 ` Ritesh Harjani
2023-09-18 23:19 ` [PATCH 3/2] fstests: test FALLOC_FL_UNSHARE when pagecache is not loaded Darrick J. Wong
2023-09-19 5:51 ` Ritesh Harjani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cyye7bx3.fsf@doe.com \
--to=ritesh.list@gmail.com \
--cc=djwong@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.