From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,UNPARSEABLE_RELAY,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 615BEC43610 for ; Wed, 10 Oct 2018 01:07:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 27A7920858 for ; Wed, 10 Oct 2018 01:07:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="icUAsZTY" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 27A7920858 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-btrfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726741AbeJJI0m (ORCPT ); Wed, 10 Oct 2018 04:26:42 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:40630 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725789AbeJJI0l (ORCPT ); Wed, 10 Oct 2018 04:26:41 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9A0xuaR153662; Wed, 10 Oct 2018 01:06:56 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2018-07-02; bh=QlQU3QNlSInrfZ6bewijVSclKtSDnXRtOi23Ryigybc=; b=icUAsZTYcG5t09pJRAoR4pLN/cODARRTgprOY5Tgsp738QzaB4LLiZIoeiOAYrCZQwyd F3I1PeY6RciHIKzL79Gyyao6FkLvzdEu+OZTQv0EEinCaUQT1DCybbRpaTSNC//k9FXM WsI/9kPWaxzVpfsLtFgj8kznCkPDhvsTFg8zXJEaGzyVnbQm1RVTK083ykYN3ZWgbk/6 oIZ5Sem4Eqd84LttA3fN4fzO5Uh6egWYcQK1ZT0mQbzG4gmgN6zJkAtxQYgBMboJjKcf hvkaE9hOnLMHgRGD444oelApJUmi7Zsha4UX/rE9jW48z9N2D0iUVV99D5ZBszJ7wrKE vw== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp2130.oracle.com with ESMTP id 2mxmfts0e9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Oct 2018 01:06:56 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9A16sKo025886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Oct 2018 01:06:55 GMT Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9A16spa024339; Wed, 10 Oct 2018 01:06:54 GMT Received: from localhost (/10.159.249.114) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 10 Oct 2018 01:06:53 +0000 Date: Tue, 9 Oct 2018 18:06:52 -0700 From: "Darrick J. Wong" To: Dave Chinner Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: Re: [PATCH v2 00/25] fs: fixes for serious clone/dedupe problems Message-ID: <20181010010652.GK28243@magnolia> References: <153913023835.32295.13962696655740190941.stgit@magnolia> <20181010010208.GI6311@dastard> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181010010208.GI6311@dastard> User-Agent: Mutt/1.9.4 (2018-02-28) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9041 signatures=668706 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810100009 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org On Wed, Oct 10, 2018 at 12:02:08PM +1100, Dave Chinner wrote: > On Tue, Oct 09, 2018 at 05:10:38PM -0700, Darrick J. Wong wrote: > > Hi all, > > > > Dave, Eric, and I have been chasing a stale data exposure bug in the XFS > > reflink implementation, and tracked it down to reflink forgetting to do > > some of the file-extending activities that must happen for regular > > writes. > > > > We then started auditing the clone, dedupe, and copyfile code and > > realized that from a file contents perspective, clonerange isn't any > > different from a regular file write. Unfortunately, we also noticed > > that *unlike* a regular write, clonerange skips a ton of overflow > > checks, such as validating the ranges against s_maxbytes, MAX_NON_LFS, > > and RLIMIT_FSIZE. We also observed that cloning into a file did not > > strip security privileges (suid, capabilities) like a regular write > > would. I also noticed that xfs and ocfs2 need to dump the page cache > > before remapping blocks, not after. > > > > In fixing the range checking problems I also realized that both dedupe > > and copyfile tell userspace how much of the requested operation was > > acted upon. Since the range validation can shorten a clone request (or > > we can ENOSPC midway through), we might as well plumb the short > > operation reporting back through the VFS indirection code to userspace. > > > > So, here's the whole giant pile of patches[1] that fix all the problems. > > The patch "generic: test reflink side effects" recently sent to fstests > > exercises the fixes in this series. Tests are in [2]. > > Can you rebase this on the for-next branch on the xfs tree which > already contains some of the initial fixes in the series and a > couple of other reflink/dedupe data corruption fixes? I'm planning > on pushing them to Greg tomorrow, so you'll have to do this soon > anyway.... I was planning to do that tomorrow, but figured I might as well scrape for review comments in the mean time. --D > Cheers, > > Dave. > -- > Dave Chinner > david@fromorbit.com