[PATCH] fs: block pipe_write() on a frozen filesystem

[PATCH] fs: block pipe_write() on a frozen filesystem

[Eric Sandeen]

I noticed that this can sneak past a frozen filesystem:

# mkfifo /mnt/test/fifo
# echo foo > /mnt/test/fifo &
# fsfreeze -f /mnt/test
# cat /mnt/test/fifo

and we get a warning that jbd2 has entered a transaction while frozen:

WARNING: at fs/ext4/super.c:240 ext4_journal_start_sb+0xce/0xe0 [ext4]() (Not tainted)

which is: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);

and we get there via the file_update_time() path in pipe_write().

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---

Is this too big a hammer?  file_update_time() is conditional...

diff --git a/fs/pipe.c b/fs/pipe.c
index 8d85d70..d19a709 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -501,6 +501,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
 
 	do_wakeup = 0;
 	ret = 0;
+	sb_start_write(inode->i_sb);
 	mutex_lock(&inode->i_mutex);
 	pipe = inode->i_pipe;
 
@@ -659,6 +660,7 @@ out:
 		if (err)
 			ret = err;
 	}
+	sb_end_write(inode->i_sb);
 	return ret;
 }
 

Re: [PATCH] fs: block pipe_write() on a frozen filesystem

[Jan Kara]

On Thu 27-09-12 10:47:59, Eric Sandeen wrote:
> I noticed that this can sneak past a frozen filesystem:
> 
> # mkfifo /mnt/test/fifo
> # echo foo > /mnt/test/fifo &
> # fsfreeze -f /mnt/test
> # cat /mnt/test/fifo
> 
> and we get a warning that jbd2 has entered a transaction while frozen:
> 
> WARNING: at fs/ext4/super.c:240 ext4_journal_start_sb+0xce/0xe0 [ext4]() (Not tainted)
> 
> which is: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);
> 
> and we get there via the file_update_time() path in pipe_write().
> 
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
> 
> Is this too big a hammer?  file_update_time() is conditional...
  I think your patch is fine. Just skipping update of mtime could cause
userspace issues (although they seem rather unlikely to me). So you can add
  Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> 
> diff --git a/fs/pipe.c b/fs/pipe.c
> index 8d85d70..d19a709 100644
> --- a/fs/pipe.c
> +++ b/fs/pipe.c
> @@ -501,6 +501,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
>  
>  	do_wakeup = 0;
>  	ret = 0;
> +	sb_start_write(inode->i_sb);
>  	mutex_lock(&inode->i_mutex);
>  	pipe = inode->i_pipe;
>  
> @@ -659,6 +660,7 @@ out:
>  		if (err)
>  			ret = err;
>  	}
> +	sb_end_write(inode->i_sb);
>  	return ret;
>  }
>  
> 

Re: [PATCH] fs: block pipe_write() on a frozen filesystem PING..

[Dmitry Monakhov]

On Thu, 27 Sep 2012 10:47:59 -0500, Eric Sandeen <sandeen@redhat.com> wrote:
> I noticed that this can sneak past a frozen filesystem:
Ping.. any body want to take care about that patch?
> 
> # mkfifo /mnt/test/fifo
> # echo foo > /mnt/test/fifo &
> # fsfreeze -f /mnt/test
> # cat /mnt/test/fifo
> 
> and we get a warning that jbd2 has entered a transaction while frozen:
> 
> WARNING: at fs/ext4/super.c:240 ext4_journal_start_sb+0xce/0xe0 [ext4]() (Not tainted)
> 
> which is: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);
> 
> and we get there via the file_update_time() path in pipe_write().
> 
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
> 
> Is this too big a hammer?  file_update_time() is conditional...
> 
> diff --git a/fs/pipe.c b/fs/pipe.c
> index 8d85d70..d19a709 100644
> --- a/fs/pipe.c
> +++ b/fs/pipe.c
> @@ -501,6 +501,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
>  
>  	do_wakeup = 0;
>  	ret = 0;
> +	sb_start_write(inode->i_sb);
>  	mutex_lock(&inode->i_mutex);
>  	pipe = inode->i_pipe;
>  
> @@ -659,6 +660,7 @@ out:
>  		if (err)
>  			ret = err;
>  	}
> +	sb_end_write(inode->i_sb);
>  	return ret;
>  }
>  
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] fs: block pipe_write() on a frozen filesystem PING..

[Al Viro]

On Tue, Apr 02, 2013 at 04:38:22PM +0400, Dmitry Monakhov wrote:
> On Thu, 27 Sep 2012 10:47:59 -0500, Eric Sandeen <sandeen@redhat.com> wrote:
> > I noticed that this can sneak past a frozen filesystem:
> Ping.. any body want to take care about that patch?

NAK.  Note that writing to FIFO that sits on filesystem that is outright
read-only is allowed just fine; blocking it for frozen ones is bogus.

IOW, it should be treated the same way we treat touch_atime().  Moreover,
it should only be done around file_update_time().  With trylock.

Re: [PATCH] fs: block pipe_write() on a frozen filesystem PING..

[Dmitry Monakhov]

[-- Attachment #1: Type: text/plain, Size: 692 bytes --]

On Tue, 2 Apr 2013 20:57:27 +0100, Al Viro <viro@ZenIV.linux.org.uk> wrote:
> On Tue, Apr 02, 2013 at 04:38:22PM +0400, Dmitry Monakhov wrote:
> > On Thu, 27 Sep 2012 10:47:59 -0500, Eric Sandeen <sandeen@redhat.com> wrote:
> > > I noticed that this can sneak past a frozen filesystem:
> > Ping.. any body want to take care about that patch?
> 
> NAK.  Note that writing to FIFO that sits on filesystem that is outright
> read-only is allowed just fine; blocking it for frozen ones is bogus.
> 
> IOW, it should be treated the same way we treat touch_atime().  Moreover,
> it should only be done around file_update_time().  With trylock.
Ok fair enough.
Please take a look at updated version

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-PATCH-fs-skip-mtime-update-for-fifo-on-a-frozen-file.patch --]
[-- Type: text/x-patch, Size: 1421 bytes --]

>From c01acb73b8dc9e7a891b8f087ad3eb53bb06d270 Mon Sep 17 00:00:00 2001
From: Dmitry Monakhov <dmonakhov@openvz.org>
Date: Wed, 3 Apr 2013 00:19:15 +0400
Subject: [PATCH] [PATCH] fs: skip mtime update for fifo on a frozen filesystem

Eric noticed that this can sneak past a frozen filesystem:
# mkfifo /mnt/test/fifo
# echo foo > /mnt/test/fifo &
# fsfreeze -f /mnt/test
# cat /mnt/test/fifo
and we get a warning that jbd2 has entered a transaction while frozen:
WARNING: at fs/ext4/super.c:240 ext4_journal_start_sb+0xce/0xe0 [ext4]() (Not tainted)
which is: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE);
and we get there via the file_update_time() path in pipe_write().
If filesystem is frozen we can block pipe_write() but this is not optimal
because fifo is special_file so let's skip mtime update as we do
with touch_atime()

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
---
 fs/pipe.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/fs/pipe.c b/fs/pipe.c
index 2234f3f..62f63d5 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -654,10 +654,11 @@ out:
 		wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLRDNORM);
 		kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
 	}
-	if (ret > 0) {
+	if (ret > 0 && sb_start_write_trylock(inode->i_sb)) {
 		int err = file_update_time(filp);
 		if (err)
 			ret = err;
+		sb_end_write(inode->i_sb);
 	}
 	return ret;
 }
-- 
1.7.1