[Bug 217209] New: ext4_da_write_end: i_disksize exceeds i_size in paritally written case

[Bug 217209] New: ext4_da_write_end: i_disksize exceeds i_size in paritally written case

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=217209

            Bug ID: 217209
           Summary: ext4_da_write_end: i_disksize exceeds i_size in
                    paritally written case
           Product: File System
           Version: 2.5
    Kernel Version: 6.3.0-rc2
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@kernel-bugs.osdl.org
          Reporter: chengzhihao1@huawei.com
        Regression: No

Following process makes i_disksize exceed i_size:

    generic_perform_write
     copied = iov_iter_copy_from_user_atomic(len) // copied < len
     ext4_da_write_end
     | ext4_update_i_disksize
     |  new_i_size = pos + copied;
     |  WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize) // update i_disksize
     | generic_write_end
     |  copied = block_write_end(copied, len) // copied = 0
     |   if (unlikely(copied < len))
     |    if (!PageUptodate(page))
     |     copied = 0;
     |  if (pos + copied > inode->i_size) // return false
     if (unlikely(copied == 0))
      goto again;
     if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
      status = -EFAULT;
      break;
     }

We get i_disksize greater than i_size here, which could trigger WARNING check
'i_size_read(inode) < EXT4_I(inode)->i_disksize' while doing dio:

    ext4_dio_write_iter
     iomap_dio_rw
      __iomap_dio_rw // return err, length is not aligned to 512
     ext4_handle_inode_extension
      WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize) // Oops

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 217209] ext4_da_write_end: i_disksize exceeds i_size in paritally written case

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=217209

--- Comment #1 from Zhihao Cheng (chengzhihao1@huawei.com) ---
Reproducer:
1. Apply diff and compile kernel
2. gcc -o aa a.c && ./aa

[   60.567873] inject
[   60.568175] iomap_dio_bio_iter len 409
[   60.569383] ------------[ cut here ]------------
[   60.570198] WARNING: CPU: 2 PID: 2609 at fs/ext4/file.c:319
ext4_file_write_iter+0xbc7/0xd10
[   60.571698] Modules linked in:
[   60.572282] CPU: 2 PID: 2609 Comm: aa Not tainted
6.3.0-rc2-00009-g5312a778686a-dirty #1136
[   60.573723] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproje4
[   60.575989] RIP: 0010:ext4_file_write_iter+0xbc7/0xd10
[   60.576905] Code: b6 0d e5 0c 01 48 83 05 d6 10 e5 0c 01 e9 f1 fd ff ff 48
83 05 09 13 e5 0c 01 49 89 c7 e9 01 fb ff ff 48 8c
[   60.580074] RSP: 0018:ffffc9000191bde0 EFLAGS: 00010202
[   60.580842] RAX: 000000000000012c RBX: 0000000000000000 RCX:
0000000001bea002
[   60.581516] RDX: 0000000001be8002 RSI: ffff888172aff5c0 RDI:
0000000000030f70
[   60.582184] RBP: ffffc9000191be70 R08: ffff888172aff588 R09:
0000000000000000
[   60.582839] R10: 0000000000000001 R11: 0000000000000199 R12:
ffff888173d64610
[   60.583513] R13: 000000000000000a R14: ffffc9000191be98 R15:
ffffffffffffffea
[   60.584186] FS:  00007f96cc2f1440(0000) GS:ffff88842fd00000(0000)
knlGS:0000000000000000
[   60.584932] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.585489] CR2: 0000000000da4048 CR3: 0000000174498000 CR4:
00000000000006e0
[   60.586161] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[   60.586816] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[   60.587490] Call Trace:
[   60.587727]  <TASK>
[   60.587933]  ? __call_rcu_common.constprop.0+0x111/0xa80
[   60.588450]  vfs_write+0x3b1/0x5c0
[   60.588778]  ksys_write+0x77/0x160
[   60.589117]  __x64_sys_write+0x22/0x30
[   60.589471]  do_syscall_64+0x39/0x80
[   60.589809]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.590296] RIP: 0033:0x7f96cbd00130
[   60.590640] Code: 73 01 c3 48 8b 0d 58 ed 2c 00 f7 d8 64 89 01 48 83 c8 ff
c3 66 0f 1f 44 00 00 83 3d b9 45 2d 00 00 75 10 b4
[   60.592365] RSP: 002b:00007ffc18543058 EFLAGS: 00000246 ORIG_RAX:
0000000000000001
[   60.593065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f96cbd00130
[   60.593751] RDX: 0000000000000199 RSI: 0000000000da3000 RDI:
0000000000000003
[   60.594433] RBP: 00007ffc18543080 R08: 0000000000da4010 R09:
0000000000001050
[   60.595096] R10: 000000000000007c R11: 0000000000000246 R12:
0000000000400600
[   60.595755] R13: 00007ffc18543160 R14: 0000000000000000 R15:
0000000000000000
[   60.596435]  </TASK>
[   60.596647] ---[ end trace 0000000000000000 ]---

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 217209] ext4_da_write_end: i_disksize exceeds i_size in paritally written case

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=217209

--- Comment #2 from Zhihao Cheng (chengzhihao1@huawei.com) ---
Created attachment 303969
  --> https://bugzilla.kernel.org/attachment.cgi?id=303969&action=edit
a.c

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 217209] ext4_da_write_end: i_disksize exceeds i_size in paritally written case

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=217209

--- Comment #3 from Zhihao Cheng (chengzhihao1@huawei.com) ---
Created attachment 303970
  --> https://bugzilla.kernel.org/attachment.cgi?id=303970&action=edit
diff

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.