From: Dave Chinner <david@fromorbit.com>
To: Sasha Levin <sashal@kernel.org>
Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org,
Dave Chinner <dchinner@redhat.com>,
"Darrick J . Wong" <darrick.wong@oracle.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH AUTOSEL 4.14 25/35] iomap: sub-block dio needs to zeroout beyond EOF
Date: Thu, 29 Nov 2018 23:14:59 +1100 [thread overview]
Message-ID: <20181129121458.GK19305@dastard> (raw)
In-Reply-To: <20181129060110.159878-25-sashal@kernel.org>
On Thu, Nov 29, 2018 at 01:00:59AM -0500, Sasha Levin wrote:
> From: Dave Chinner <dchinner@redhat.com>
>
> [ Upstream commit b450672fb66b4a991a5b55ee24209ac7ae7690ce ]
>
> If we are doing sub-block dio that extends EOF, we need to zero
> the unused tail of the block to initialise the data in it it. If we
> do not zero the tail of the block, then an immediate mmap read of
> the EOF block will expose stale data beyond EOF to userspace. Found
> with fsx running sub-block DIO sizes vs MAPREAD/MAPWRITE operations.
>
> Fix this by detecting if the end of the DIO write is beyond EOF
> and zeroing the tail if necessary.
>
> Signed-off-by: Dave Chinner <dchinner@redhat.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> fs/iomap.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/fs/iomap.c b/fs/iomap.c
> index 8f7673a69273..407efdae3978 100644
> --- a/fs/iomap.c
> +++ b/fs/iomap.c
> @@ -940,7 +940,14 @@ iomap_dio_actor(struct inode *inode, loff_t pos, loff_t length,
> dio->submit.cookie = submit_bio(bio);
> } while (nr_pages);
>
> - if (need_zeroout) {
> + /*
> + * We need to zeroout the tail of a sub-block write if the extent type
> + * requires zeroing or the write extends beyond EOF. If we don't zero
> + * the block tail in the latter case, we can expose stale data via mmap
> + * reads of the EOF block.
> + */
> + if (need_zeroout ||
> + ((dio->flags & IOMAP_DIO_WRITE) && pos >= i_size_read(inode))) {
> /* zero out from the end of the write to the end of the block */
> pad = pos & (fs_block_size - 1);
> if (pad)
How do you propose to validate that this doesn't introduce new data
corruptions in isolation? I've spent the last 4 weeks of my life and
about 15 billion fsx ops chasing an validating the bug corruption
fixes we've pushed recently into the 4.19 and 4.20 codebase.
Cherry picking only one of the 50-odd patches we've committed into
late 4.19 and 4.20 kernels to fix the problems we've found really
seems like asking for trouble. If you're going to back port random
data corruption fixes, then you need to spend a *lot* of time
validating that it doesn't make things worse than they already
are...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2018-11-29 23:20 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181129060110.159878-1-sashal@kernel.org>
2018-11-29 6:00 ` [PATCH AUTOSEL 4.14 20/35] exec: make de_thread() freezable Sasha Levin
2018-11-29 6:00 ` [PATCH AUTOSEL 4.14 25/35] iomap: sub-block dio needs to zeroout beyond EOF Sasha Levin
2018-11-29 12:14 ` Dave Chinner [this message]
2018-11-29 12:47 ` Greg KH
2018-11-29 22:40 ` Dave Chinner
2018-11-30 8:22 ` Greg KH
2018-11-30 10:14 ` Sasha Levin
2018-11-30 20:35 ` Darrick J. Wong
2018-11-30 21:50 ` Dave Chinner
2018-12-01 7:49 ` Sasha Levin
2018-12-01 9:09 ` XFS patches for stable Amir Goldstein
2018-12-02 15:25 ` Sasha Levin
2018-12-02 16:10 ` Christoph Hellwig
2018-12-02 20:08 ` Greg KH
2018-12-03 14:41 ` Richard Weinberger
2018-12-03 16:56 ` Sasha Levin
2018-12-02 23:23 ` [PATCH AUTOSEL 4.14 25/35] iomap: sub-block dio needs to zeroout beyond EOF Dave Chinner
2018-12-03 7:11 ` Amir Goldstein
2018-12-03 9:22 ` Sasha Levin
2018-12-03 21:23 ` Thomas Backlund
2018-12-04 7:28 ` Greg KH
2018-12-04 8:12 ` Sasha Levin
2018-12-28 8:06 ` Pavel Machek
2018-12-29 23:35 ` Dave Chinner
2018-11-30 21:45 ` Dave Chinner
2018-12-02 20:11 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181129121458.GK19305@dastard \
--to=david@fromorbit.com \
--cc=darrick.wong@oracle.com \
--cc=dchinner@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).