From: David Howells <dhowells@redhat.com>
To: Bharath SM <bharathsm.hsk@gmail.com>
Cc: dhowells@redhat.com, Mark A Whiting <whitingm@opentext.com>,
henrique.carvalho@suse.com, Enzo Matsumiya <ematsumiya@suse.de>,
Steve French <smfrench@gmail.com>,
Shyam Prasad <nspmangalore@gmail.com>,
Paulo Alcantara <pc@manguebit.org>,
"Heckmann, Ilja" <heckmann@izw-berlin.de>,
"linux-cifs@vger.kernel.org" <linux-cifs@vger.kernel.org>
Subject: Re: [[ EXT ]] [BUG REPORT] cifs/smb data corruption when writing, x86_64, kernel 6.6.71
Date: Tue, 11 Nov 2025 09:22:28 +0000 [thread overview]
Message-ID: <958479.1762852948@warthog.procyon.org.uk> (raw)
In-Reply-To: <CAGypqWw0bnE7_=49HSxgExouk4s5PVFQ6gVH50wrE8_=4b5vAg@mail.gmail.com>
Okay, the patch isn't good from a quick scan of it.
> + if (folio_test_writeback(folio)) {
> + /*
> + * For data-integrity syscalls (fsync(), msync()) we must wait for
> + * the I/O to complete on the page.
> + * For other cases (!sync), we can just skip this page, even if
> + * it's dirty.
> + */
> + if (!sync) {
> + stop = false;
> + goto unlock_next;
> + } else {
> + folio_wait_writeback(folio);
You can't sleep here. The RCU read lock is held. There's no actual need to
sleep here anyway - you can just stop and leave the function (well, set
stop=true and break so that the accumulated batch is processed).
The way the code is meant to work is that cifs_write_back_from_locked_folio()
locks and waits for the first folio, then calls cifs_extend_writeback() to add
more folios to the writeout - if it doesn't need to wait for them. You cannot
skip any folios as the set has to be contiguous. If you skip one, you'll
corrupt the file.
Once a set of folios has been dispatched, cifs_writepages_begin() *should*
begin with the next folio that hasn't been sent - quite possibly one just
rejected by cifs_extend_writeback(). But at this point
cifs_write_back_from_locked_folio() will wait for it.
This should[*] work correctly, even in sync mode, because it should eventually
wait for any folio that's already undergoing writeback - though it might be
less efficient because if there are competing writebacks, they may end up
forcing each other to produce very small writes (there's no
writeback-vs-writeback locking apart from the individual folio locks).
[*] At least as far as the design goes; that's not to say there isn't a bug in
the implementation.
That said, in sync mode, you might actually want cifs_extend_writeback() to
wait - but in that case, you have to drop the RCU read lock before you do the
wait and then reset the iteration correctly... and beware that doing that
might advance[**] the iterator state.
[**] It's possible that this is the actual cause of the bug - and that we're
skipping the rejected folio because the xa_state isn't been correctly
rewound.
David
next prev parent reply other threads:[~2025-11-11 9:22 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-25 21:24 [BUG REPORT] cifs/smb data corruption when writing, x86_64, kernel 6.6.71 Mark A Whiting
2025-03-26 10:11 ` AW: [[ EXT ]] " Heckmann, Ilja
2025-03-26 18:58 ` Steve French
2025-03-26 21:13 ` Enzo Matsumiya
2025-03-27 12:48 ` Mark A Whiting
2025-03-27 13:07 ` Enzo Matsumiya
2025-03-27 19:31 ` [EXTERNAL] - " Mark A Whiting
2025-03-31 19:47 ` Mark A Whiting
2025-11-06 15:00 ` Bharath SM
2025-11-06 15:20 ` Enzo Matsumiya
2025-11-06 15:51 ` Bharath SM
2025-11-06 16:03 ` Enzo Matsumiya
2025-11-10 15:56 ` David Howells
2025-11-06 16:22 ` David Howells
2025-11-06 16:46 ` Bharath SM
2025-11-06 16:49 ` Bharath SM
2025-11-10 16:00 ` David Howells
2025-11-11 9:22 ` David Howells [this message]
2025-11-11 10:39 ` Shyam Prasad N
2025-11-12 17:09 ` Shyam Prasad N
2025-11-12 18:14 ` David Howells
2025-11-13 12:04 ` Shyam Prasad N
2025-11-13 13:57 ` David Howells
2025-11-14 9:27 ` Shyam Prasad N
2025-11-14 10:49 ` David Howells
2025-11-14 10:57 ` Shyam Prasad N
2025-11-07 12:54 ` Shyam Prasad N
2025-11-10 4:37 ` Shyam Prasad N
2025-03-27 10:09 ` AW: [[ EXT ]] " Heckmann, Ilja
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=958479.1762852948@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=bharathsm.hsk@gmail.com \
--cc=ematsumiya@suse.de \
--cc=heckmann@izw-berlin.de \
--cc=henrique.carvalho@suse.com \
--cc=linux-cifs@vger.kernel.org \
--cc=nspmangalore@gmail.com \
--cc=pc@manguebit.org \
--cc=smfrench@gmail.com \
--cc=whitingm@opentext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox