[PATCH] tmpfs: don't undo fallocate past its last page

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] tmpfs: don't undo fallocate past its last page
@ 2016-05-08 13:16 Anthony Romano
  2016-05-16 11:59 ` Vlastimil Babka
  0 siblings, 1 reply; 5+ messages in thread
From: Anthony Romano @ 2016-05-08 13:16 UTC (permalink / raw)
  To: hughd; +Cc: linux-mm, linux-kernel, Anthony Romano

When fallocate is interrupted it will undo a range that extends one byte
past its range of allocated pages. This can corrupt an in-use page by
zeroing out its first byte. Instead, undo using the inclusive byte range.

Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
---
 mm/shmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/shmem.c b/mm/shmem.c
index 719bd6b..f0f9405 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
 			/* Remove the !PageUptodate pages we added */
 			shmem_undo_range(inode,
 				(loff_t)start << PAGE_SHIFT,
-				(loff_t)index << PAGE_SHIFT, true);
+				((loff_t)index << PAGE_SHIFT) - 1, true);
 			goto undone;
 		}
 
-- 
2.8.1

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] tmpfs: don't undo fallocate past its last page
  2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano
@ 2016-05-16 11:59 ` Vlastimil Babka
  2016-05-16 13:55   ` Anthony Romano
                     ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Vlastimil Babka @ 2016-05-16 11:59 UTC (permalink / raw)
  To: Anthony Romano, hughd; +Cc: linux-mm, linux-kernel

On 05/08/2016 03:16 PM, Anthony Romano wrote:
> When fallocate is interrupted it will undo a range that extends one byte
> past its range of allocated pages. This can corrupt an in-use page by
> zeroing out its first byte. Instead, undo using the inclusive byte range.

Huh, good catch. So why is shmem_undo_range() adding +1 to the value in 
the first place? The only other caller is shmem_truncate_range() and all 
*its* callers do subtract 1 to avoid the same issue. So a nicer fix 
would be to remove all this +1/-1 madness. Or is there some subtle 
corner case I'm missing?

> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>

Looks like a stable candidate patch. Can you point out the commit that 
introduced the bug, for the Fixes: tag?

Thanks,
Vlastimil

> ---
>   mm/shmem.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 719bd6b..f0f9405 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
>   			/* Remove the !PageUptodate pages we added */
>   			shmem_undo_range(inode,
>   				(loff_t)start << PAGE_SHIFT,
> -				(loff_t)index << PAGE_SHIFT, true);
> +				((loff_t)index << PAGE_SHIFT) - 1, true);
>   			goto undone;
>   		}
>
>

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] tmpfs: don't undo fallocate past its last page
  2016-05-16 11:59 ` Vlastimil Babka
@ 2016-05-16 13:55   ` Anthony Romano
  2016-06-04  1:10   ` Brandon Philips
  2016-06-06  4:05   ` Brandon Philips
  2 siblings, 0 replies; 5+ messages in thread
From: Anthony Romano @ 2016-05-16 13:55 UTC (permalink / raw)
  To: Vlastimil Babka; +Cc: Hugh Dickins, linux-mm, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1794 bytes --]

The code for shmem_undo_range is very similar to truncate_inode_pages_range
so I assume that's why it's using an inclusive range.

It appears the bug was introduced in
1635f6a74152f1dcd1b888231609d64875f0a81a

On Mon, May 16, 2016 at 4:59 AM, Vlastimil Babka <vbabka@suse.cz> wrote:

> On 05/08/2016 03:16 PM, Anthony Romano wrote:
>
>> When fallocate is interrupted it will undo a range that extends one byte
>> past its range of allocated pages. This can corrupt an in-use page by
>> zeroing out its first byte. Instead, undo using the inclusive byte range.
>>
>
> Huh, good catch. So why is shmem_undo_range() adding +1 to the value in
> the first place? The only other caller is shmem_truncate_range() and all
> *its* callers do subtract 1 to avoid the same issue. So a nicer fix would
> be to remove all this +1/-1 madness. Or is there some subtle corner case
> I'm missing?
>
> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
>>
>
> Looks like a stable candidate patch. Can you point out the commit that
> introduced the bug, for the Fixes: tag?
>
> Thanks,
> Vlastimil
>
>
> ---
>>   mm/shmem.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/mm/shmem.c b/mm/shmem.c
>> index 719bd6b..f0f9405 100644
>> --- a/mm/shmem.c
>> +++ b/mm/shmem.c
>> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int
>> mode, loff_t offset,
>>                         /* Remove the !PageUptodate pages we added */
>>                         shmem_undo_range(inode,
>>                                 (loff_t)start << PAGE_SHIFT,
>> -                               (loff_t)index << PAGE_SHIFT, true);
>> +                               ((loff_t)index << PAGE_SHIFT) - 1, true);
>>                         goto undone;
>>                 }
>>
>>
>>
>

[-- Attachment #2: Type: text/html, Size: 2775 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] tmpfs: don't undo fallocate past its last page
  2016-05-16 11:59 ` Vlastimil Babka
  2016-05-16 13:55   ` Anthony Romano
@ 2016-06-04  1:10   ` Brandon Philips
  2016-06-06  4:05   ` Brandon Philips
  2 siblings, 0 replies; 5+ messages in thread
From: Brandon Philips @ 2016-06-04  1:10 UTC (permalink / raw)
  To: Vlastimil Babka, Anthony Romano, hughd, Christoph Hellwig,
	Cong Wang, Kay Sievers, Andrew Morton, Matthew Garrett
  Cc: linux-mm, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1396 bytes --]

On Mon, May 16, 2016 at 4:59 AM Vlastimil Babka <vbabka@suse.cz> wrote:

> On 05/08/2016 03:16 PM, Anthony Romano wrote:
> > When fallocate is interrupted it will undo a range that extends one byte
> > past its range of allocated pages. This can corrupt an in-use page by
> > zeroing out its first byte. Instead, undo using the inclusive byte range.
> > Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
>
> Looks like a stable candidate patch. Can you point out the commit that
> introduced the bug, for the Fixes: tag?
>

Bumping this thread as I don't think this patch has gotten picked up. And
cc'ing folks from 1635f6a74152f1dcd1b888231609d64875f0a81a.

Thank you,

Brandon


> > ---
> >   mm/shmem.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/mm/shmem.c b/mm/shmem.c
> > index 719bd6b..f0f9405 100644
> > --- a/mm/shmem.c
> > +++ b/mm/shmem.c
> > @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int
> mode, loff_t offset,
> >                       /* Remove the !PageUptodate pages we added */
> >                       shmem_undo_range(inode,
> >                               (loff_t)start << PAGE_SHIFT,
> > -                             (loff_t)index << PAGE_SHIFT, true);
> > +                             ((loff_t)index << PAGE_SHIFT) - 1, true);
> >                       goto undone;
> >               }
> >
> >
>
>

[-- Attachment #2: Type: text/html, Size: 2199 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] tmpfs: don't undo fallocate past its last page
  2016-05-16 11:59 ` Vlastimil Babka
  2016-05-16 13:55   ` Anthony Romano
  2016-06-04  1:10   ` Brandon Philips
@ 2016-06-06  4:05   ` Brandon Philips
  2 siblings, 0 replies; 5+ messages in thread
From: Brandon Philips @ 2016-06-06  4:05 UTC (permalink / raw)
  To: Vlastimil Babka, Anthony Romano, Hugh Dickins, Christoph Hellwig,
	Cong Wang, Kay Sievers, Andrew Morton, Matthew Garrett
  Cc: linux-mm, linux-kernel

On Mon, May 16, 2016 at 4:59 AM, Vlastimil Babka <vbabka@suse.cz> wrote:
> On 05/08/2016 03:16 PM, Anthony Romano wrote:
>>
>> When fallocate is interrupted it will undo a range that extends one byte
>> past its range of allocated pages. This can corrupt an in-use page by
>> zeroing out its first byte. Instead, undo using the inclusive byte range.
>
>
> Huh, good catch. So why is shmem_undo_range() adding +1 to the value in the
> first place? The only other caller is shmem_truncate_range() and all *its*
> callers do subtract 1 to avoid the same issue. So a nicer fix would be to
> remove all this +1/-1 madness. Or is there some subtle corner case I'm
> missing?

Bumping this thread as I don't think this patch has gotten picked up.
And cc'ing folks from 1635f6a74152f1dcd1b888231609d64875f0a81a.

Also, resending because I forgot to remove the HTML mime-type to make
vger happy.

Thank you,

Brandon


>> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
>
>
> Looks like a stable candidate patch. Can you point out the commit that
> introduced the bug, for the Fixes: tag?
>
> Thanks,
> Vlastimil
>
>
>> ---
>>   mm/shmem.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/mm/shmem.c b/mm/shmem.c
>> index 719bd6b..f0f9405 100644
>> --- a/mm/shmem.c
>> +++ b/mm/shmem.c
>> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int
>> mode, loff_t offset,
>>                         /* Remove the !PageUptodate pages we added */
>>                         shmem_undo_range(inode,
>>                                 (loff_t)start << PAGE_SHIFT,
>> -                               (loff_t)index << PAGE_SHIFT, true);
>> +                               ((loff_t)index << PAGE_SHIFT) - 1, true);
>>                         goto undone;
>>                 }
>>
>>
>

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-06-06  4:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano
2016-05-16 11:59 ` Vlastimil Babka
2016-05-16 13:55   ` Anthony Romano
2016-06-04  1:10   ` Brandon Philips
2016-06-06  4:05   ` Brandon Philips

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).