From: Matthew Wilcox <willy@infradead.org>
To: Theodore Ts'o <tytso@mit.edu>
Cc: Baokun Li <libaokun1@huawei.com>,
linux-ext4@vger.kernel.org, adilger.kernel@dilger.ca,
jack@suse.cz, ritesh.list@gmail.com,
linux-kernel@vger.kernel.org, jun.nie@linaro.org,
ebiggers@kernel.org, yi.zhang@huawei.com, yangerkun@huawei.com,
yukuai3@huawei.com,
syzbot+a158d886ca08a3fecca4@syzkaller.appspotmail.com,
stable@vger.kernel.org
Subject: Re: [PATCH v2] ext4: fix race condition between buffer write and page_mkwrite
Date: Mon, 5 Jun 2023 02:58:15 +0100 [thread overview]
Message-ID: <ZH1BN+H1/Sa4eLQ4@casper.infradead.org> (raw)
In-Reply-To: <20230604210821.GA1257572@mit.edu>
On Sun, Jun 04, 2023 at 05:08:21PM -0400, Theodore Ts'o wrote:
> On Sat, Jun 03, 2023 at 11:04:45PM -0400, Theodore Ts'o wrote:
> > I tried testing to see if this fixed [1], and it appears to be
> > triggering a lockdep warning[2] at this line in the patch:
> >
> > [1] https://syzkaller.appspot.com/bug?extid=f4582777a19ec422b517
> > [2] https://syzkaller.appspot.com/x/report.txt?x=17260843280000
>
> Looking at this more closely, the fundamental problem is by the time
> ext4_file_mmap() is called, the mm layer has already taken
> current->mm->mmap_lock, and when we try to take the inode_lock, this
> causes locking ordering problems with how buffered write path works,
> which take the inode_lock first, and then in some cases, may end up
> taking the mmap_lock if there is a page fault for the buffer used for
> the buffered write.
>
> If we're going to stick with the approach in this patch, I think what
> we would need is to add a pre_mmap() function to file_operations
> struct, which would get called by the mmap path *before* taking
> current->mm->mmap_lock, so we can do the inline conversion before we
> take the mmap_lock.
>
> I'm not sure how the mm folks would react to such a proposal, though.
> I could be seen as a bit hacky, and it's not clear that any file
> system other than ext4 would need something like this. Willy, as
> someone who does a lot of work in both mm and fs worlds --- I'm
> curious what you think about this idea?
I'm probably missing something here, but why do we need to convert inline
data in page_mkwrite? mmap() can't change i_size (stores past i_size are
discarded), so we should be able to simply copy the data from the page
cache into the inode and write the inode when it comes to writepages()
time.
Unless somebody does a truncate() or write() that expands i_size, but we
should be able to do the conversion then without the mmap_lock held. No?
I'm not too familiar with inline data.
next prev parent reply other threads:[~2023-06-05 1:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 13:44 [PATCH v2] ext4: fix race condition between buffer write and page_mkwrite Baokun Li
2023-05-31 13:15 ` Jan Kara
2023-06-04 3:04 ` Theodore Ts'o
2023-06-04 21:08 ` Theodore Ts'o
2023-06-05 1:58 ` Matthew Wilcox [this message]
2023-06-05 9:16 ` Jan Kara
2023-06-05 12:21 ` Jan Kara
2023-06-05 14:55 ` Matthew Wilcox
2023-06-05 15:08 ` Jan Kara
2023-06-06 12:19 ` Baokun Li
2024-04-15 4:28 ` Baokun Li
2024-04-15 12:34 ` Jan Kara
2024-04-15 14:07 ` Baokun Li
2023-06-05 2:17 ` Baokun Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZH1BN+H1/Sa4eLQ4@casper.infradead.org \
--to=willy@infradead.org \
--cc=adilger.kernel@dilger.ca \
--cc=ebiggers@kernel.org \
--cc=jack@suse.cz \
--cc=jun.nie@linaro.org \
--cc=libaokun1@huawei.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ritesh.list@gmail.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+a158d886ca08a3fecca4@syzkaller.appspotmail.com \
--cc=tytso@mit.edu \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox