[PATCH v3 6/9] ext4: improve EXT4_GET_BLOCKS_CACHED_NOWAIT handling in ext4_map_blocks

Linux EXT4 FS development
 help / color / mirror / Atom feed

From: Baokun Li <libaokun@linux.alibaba.com>
To: linux-ext4@vger.kernel.org
Cc: tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz,
	yi.zhang@huawei.com, ojaswin@linux.ibm.com,
	ritesh.list@gmail.com, peng_wang@linux.alibaba.com
Subject: [PATCH v3 6/9] ext4: improve EXT4_GET_BLOCKS_CACHED_NOWAIT handling in ext4_map_blocks
Date: Fri, 26 Jun 2026 16:35:15 +0800	[thread overview]
Message-ID: <20260626083518.1064517-7-libaokun@linux.alibaba.com> (raw)
In-Reply-To: <20260626083518.1064517-1-libaokun@linux.alibaba.com>

When EXT4_GET_BLOCKS_CACHED_NOWAIT is set and the extent status cache
hits, ext4_map_blocks() returns immediately without running
check_block_validity(). This allows malicious extents from crafted
filesystem images to bypass validation if they have been cached by a
previous blocking read.

Make three improvements to the EXT4_GET_BLOCKS_CACHED_NOWAIT handling:

1. Change the cache-hit path from "return retval" to "goto found" so
   that check_block_validity() always runs, closing the security bypass.

2. Return -EAGAIN instead of 0 on cache miss to distinguish it from a
   cache hit on a hole or delayed extent (which returns 0). The only
   existing caller (ext4_get_link() -> ext4_getblk() -> ERR_PTR())
   converts both -EAGAIN and 0 to ERR_PTR(-ECHILD), so the end result
   is unchanged.

3. Add WARN_ON_ONCE after the EXT4_GET_BLOCKS_CREATE==0 early return
   to assert that EXT4_GET_BLOCKS_CREATE and EXT4_GET_BLOCKS_CACHED_NOWAIT
   are never combined, since EXT4_GET_BLOCKS_CREATE requires blocking on
   i_data_sem.

Signed-off-by: Baokun Li <libaokun@linux.alibaba.com>
---
 fs/ext4/inode.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 832794294ccf..7f9ae584ad98 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -759,8 +759,9 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode,
 			BUG();
 		}

+		/* Skip blocking operations and jump to extent validation. */
 		if (flags & EXT4_GET_BLOCKS_CACHED_NOWAIT)
-			return retval;
+			goto found;
 #ifdef ES_AGGRESSIVE_TEST
 		ext4_map_blocks_es_recheck(handle, inode, map,
 					   &orig_map, flags);
@@ -776,7 +777,7 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode,
 	 * cannot find extent in the cache.
 	 */
 	if (flags & EXT4_GET_BLOCKS_CACHED_NOWAIT)
-		return 0;
+		return -EAGAIN;

 	/*
 	 * Try to see if we can get the block without requesting a new
@@ -797,6 +798,9 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode,
 	if ((flags & EXT4_GET_BLOCKS_CREATE) == 0)
 		return retval;

+	/* EXT4_GET_BLOCKS_CREATE cannot operate in NOWAIT mode */
+	WARN_ON_ONCE(flags & EXT4_GET_BLOCKS_CACHED_NOWAIT);
+
 	/*
 	 * Returns if the blocks have already allocated
 	 *
-- 
2.43.7

next prev parent reply	other threads:[~2026-06-26  8:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-26  8:35 [PATCH v3 0/9] ext4: allow more DIO writes under shared i_rwsem Baokun Li
2026-06-26  8:35 ` [PATCH v3 1/9] ext4: prevent sleeping allocation in NOWAIT write path Baokun Li
2026-06-26  8:35 ` [PATCH v3 2/9] ext4: drain in-flight DIO before buffered write fallback Baokun Li
2026-06-26  8:35 ` [PATCH v3 3/9] ext4: skip overwrite check for aligned non-extending DIO writes Baokun Li
2026-06-26  8:35 ` [PATCH v3 4/9] ext4: base unaligned DIO lock decision on partial block zeroing Baokun Li
2026-06-26  8:35 ` [PATCH v3 5/9] ext4: use kiocb_modified instead of file_modified in DIO/DAX write path Baokun Li
2026-06-26  8:35 ` Baokun Li [this message]
     [not found]   ` <20260626085003.BD4BC1F000E9@smtp.kernel.org>
2026-06-26 10:10     ` [PATCH v3 6/9] ext4: improve EXT4_GET_BLOCKS_CACHED_NOWAIT handling in ext4_map_blocks Baokun Li
2026-06-26  8:35 ` [PATCH v3 7/9] ext4: handle IOMAP_NOWAIT in ext4_iomap_begin() with cache-only lookup Baokun Li
2026-06-26  8:35 ` [PATCH v3 8/9] ext4: handle IOCB_NOWAIT in ext4_dio_needs_zeroing() " Baokun Li
2026-06-26  8:35 ` [PATCH v3 9/9] ext4: fix NOWAIT semantic violation in DAX extending writes Baokun Li
2026-06-26 14:32   ` Jan Kara

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:832794294cc dfblob:7f9ae584ad9 )
 OR (
bs:"[PATCH v3 6/9] ext4: improve EXT4_GET_BLOCKS_CACHED_NOWAIT handling in ext4_map_blocks" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260626083518.1064517-7-libaokun@linux.alibaba.com \
    --to=libaokun@linux.alibaba.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=jack@suse.cz \
    --cc=linux-ext4@vger.kernel.org \
    --cc=ojaswin@linux.ibm.com \
    --cc=peng_wang@linux.alibaba.com \
    --cc=ritesh.list@gmail.com \
    --cc=tytso@mit.edu \
    --cc=yi.zhang@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox