From: Steve French <smfrench@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: Steve French <sfrench@samba.org>,
CIFS <linux-cifs@vger.kernel.org>,
samba-technical <samba-technical@lists.samba.org>,
Jeff Layton <jlayton@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Ronnie Sahlberg <lsahlber@redhat.com>,
Dave Chinner <dchinner@redhat.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH 5/5] smb3: fix temporary data corruption in insert range
Date: Wed, 24 Aug 2022 00:58:40 -0500 [thread overview]
Message-ID: <CAH2r5mur6vxRqwdmV8hLhvb3SZLKRvdUJjmMFJoVLev9a7TM3A@mail.gmail.com> (raw)
In-Reply-To: <166126007561.548536.12315282792952269215.stgit@warthog.procyon.org.uk>
[-- Attachment #1: Type: text/plain, Size: 2570 bytes --]
lightly updated to move inode lock down one line and fix signed off
On Tue, Aug 23, 2022 at 8:24 AM David Howells via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> insert range doesn't discard the affected cached region
> so can risk temporarily corrupting file data.
>
> Also includes some minor cleanup (avoiding rereading
> inode size repeatedly unnecessarily) to make it clearer.
>
> Cc: stable@vger.kernel.org
> Fixes: 7fe6fe95b9360 ("cifs: FALLOC_FL_INSERT_RANGE support")
> Signed-off-by: David Howells <dhowells@redhat.com>
> Signed-off-by: Steve French <stfrench@microsoft.com>
> cc: Ronnie Sahlberg <lsahlber@redhat.com>
> ---
>
> fs/cifs/smb2ops.c | 24 ++++++++++++++++--------
> 1 file changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index 5b5ddc1b4638..00c8d6a715c7 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -3722,35 +3722,43 @@ static long smb3_insert_range(struct file *file, struct cifs_tcon *tcon,
> struct cifsFileInfo *cfile = file->private_data;
> struct inode *inode = file_inode(file);
> __le64 eof;
> - __u64 count;
> + __u64 count, old_eof;
> +
> + inode_lock(inode);
>
> xid = get_xid();
>
> - if (off >= i_size_read(inode)) {
> + old_eof = i_size_read(inode);
> + if (off >= old_eof) {
> rc = -EINVAL;
> goto out;
> }
>
> - count = i_size_read(inode) - off;
> - eof = cpu_to_le64(i_size_read(inode) + len);
> + count = old_eof - off;
> + eof = cpu_to_le64(old_eof + len);
>
> + filemap_invalidate_lock(inode->i_mapping);
> filemap_write_and_wait(inode->i_mapping);
> + truncate_pagecache_range(inode, off, old_eof);
>
> rc = SMB2_set_eof(xid, tcon, cfile->fid.persistent_fid,
> cfile->fid.volatile_fid, cfile->pid, &eof);
> if (rc < 0)
> - goto out;
> + goto out_2;
>
> rc = smb2_copychunk_range(xid, cfile, cfile, off, count, off + len);
> if (rc < 0)
> - goto out;
> + goto out_2;
>
> - rc = smb3_zero_range(file, tcon, off, len, 1);
> + rc = smb3_zero_data(file, tcon, off, len, xid);
> if (rc < 0)
> - goto out;
> + goto out_2;
>
> rc = 0;
> +out_2:
> + filemap_invalidate_unlock(inode->i_mapping);
> out:
> + inode_unlock(inode);
> free_xid(xid);
> return rc;
> }
>
>
>
--
Thanks,
Steve
[-- Attachment #2: 0001-smb3-fix-temporary-data-corruption-in-insert-range.patch --]
[-- Type: text/x-patch, Size: 2199 bytes --]
From b044b4dd604818efa3d7036d14b9750e3deb9bf3 Mon Sep 17 00:00:00 2001
From: David Howells via samba-technical <samba-technical@lists.samba.org>
Date: Tue, 23 Aug 2022 14:07:55 +0100
Subject: [PATCH] smb3: fix temporary data corruption in insert range
insert range doesn't discard the affected cached region
so can risk temporarily corrupting file data.
Also includes some minor cleanup (avoiding rereading
inode size repeatedly unnecessarily) to make it clearer.
Cc: stable@vger.kernel.org
Fixes: 7fe6fe95b9360 ("cifs: FALLOC_FL_INSERT_RANGE support")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/cifs/smb2ops.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 5b5ddc1b4638..7c941ce1e7a9 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3722,35 +3722,43 @@ static long smb3_insert_range(struct file *file, struct cifs_tcon *tcon,
struct cifsFileInfo *cfile = file->private_data;
struct inode *inode = file_inode(file);
__le64 eof;
- __u64 count;
+ __u64 count, old_eof;
xid = get_xid();
- if (off >= i_size_read(inode)) {
+ inode_lock(inode);
+
+ old_eof = i_size_read(inode);
+ if (off >= old_eof) {
rc = -EINVAL;
goto out;
}
- count = i_size_read(inode) - off;
- eof = cpu_to_le64(i_size_read(inode) + len);
+ count = old_eof - off;
+ eof = cpu_to_le64(old_eof + len);
+ filemap_invalidate_lock(inode->i_mapping);
filemap_write_and_wait(inode->i_mapping);
+ truncate_pagecache_range(inode, off, old_eof);
rc = SMB2_set_eof(xid, tcon, cfile->fid.persistent_fid,
cfile->fid.volatile_fid, cfile->pid, &eof);
if (rc < 0)
- goto out;
+ goto out_2;
rc = smb2_copychunk_range(xid, cfile, cfile, off, count, off + len);
if (rc < 0)
- goto out;
+ goto out_2;
- rc = smb3_zero_range(file, tcon, off, len, 1);
+ rc = smb3_zero_data(file, tcon, off, len, xid);
if (rc < 0)
- goto out;
+ goto out_2;
rc = 0;
+out_2:
+ filemap_invalidate_unlock(inode->i_mapping);
out:
+ inode_unlock(inode);
free_xid(xid);
return rc;
}
--
2.34.1
prev parent reply other threads:[~2022-08-24 5:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-23 13:07 [PATCH 0/5] smb3: Fix missing locks and invalidation in fallocate David Howells
2022-08-23 13:07 ` [PATCH 1/5] smb3: Move the flush out of smb2_copychunk_range() into its callers David Howells
2022-08-29 5:06 ` Steve French
2022-08-29 16:56 ` Steve French
2022-08-23 13:07 ` [PATCH 2/5] smb3: missing inode locks in zero range David Howells
2022-08-23 13:07 ` [PATCH 3/5] smb3: fix temporary data corruption in collapse range David Howells
2022-08-23 14:07 ` Matthew Wilcox
2022-08-23 14:14 ` David Howells
2022-08-23 14:17 ` David Howells
2022-08-23 13:07 ` [PATCH 4/5] smb3: missing inode locks in punch hole David Howells
2022-08-23 13:07 ` [PATCH 5/5] smb3: fix temporary data corruption in insert range David Howells
2022-08-24 5:58 ` Steve French [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH2r5mur6vxRqwdmV8hLhvb3SZLKRvdUJjmMFJoVLev9a7TM3A@mail.gmail.com \
--to=smfrench@gmail.com \
--cc=dchinner@redhat.com \
--cc=dhowells@redhat.com \
--cc=jlayton@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lsahlber@redhat.com \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).