Re: [PATCH] ntfs: use page allocation for resident attribute inline data

Re: [PATCH] ntfs: use page allocation for resident attribute inline data

[Matthew Wilcox]

On Wed, Apr 22, 2026 at 07:46:27PM +0900, Namjae Jeon wrote:
> The current kmemdup() based allocation for IOMAP_INLINE can result in
> inline_data pointer having a non-zero page offset. This causes
> iomap_inline_data_valid() to fail the check:
> 
>     iomap->length <= PAGE_SIZE - offset_in_page(iomap->inline_data)
> 
> and triggers the kernel BUG at fs/iomap/buffered-io.c:1061.

Hang on, hang on, hang on.

First, maybe this check is too strict.  I'm sure it's true for EROFS,
but I don't see why it should be true for everybody.  Perhaps we should
delete this check or relax it?

Second, why are you calling kmemdup() to begin with?  This seems
entirely pointless; the iomap code is going to call memcpy() on it.
You're supposed to just be pointing into your data structures.

Re: [PATCH] ntfs: use page allocation for resident attribute inline data

[Namjae Jeon]

On Wed, Apr 22, 2026 at 9:55 PM Matthew Wilcox <willy@infradead.org> wrote:
>
> On Wed, Apr 22, 2026 at 07:46:27PM +0900, Namjae Jeon wrote:
> > The current kmemdup() based allocation for IOMAP_INLINE can result in
> > inline_data pointer having a non-zero page offset. This causes
> > iomap_inline_data_valid() to fail the check:
> >
> >     iomap->length <= PAGE_SIZE - offset_in_page(iomap->inline_data)
> >
> > and triggers the kernel BUG at fs/iomap/buffered-io.c:1061.
>
> Hang on, hang on, hang on.
>
> First, maybe this check is too strict.  I'm sure it's true for EROFS,
> but I don't see why it should be true for everybody.  Perhaps we should
> delete this check or relax it?
I agree that the current check might be unnecessarily strict for
general cases. So I will prepare another patch to remove this trap for
further discussion with iomap maintainers.
>
> Second, why are you calling kmemdup() to begin with?  This seems
> entirely pointless; the iomap code is going to call memcpy() on it.
> You're supposed to just be pointing into your data structures.
In the initial implementation of NTFS with iomap, I pointed directly
to the internal data structures. However, I encountered this BUG_ON
trap during testing, so I switched to page allocation to avoid it.
Then, during the review process for the NTFS series, I changed it to
kmemdup() without much thought. If this BUG_ON trap can be removed, I
could have simply pointed to the internal data structures as you said.

Re: [PATCH] ntfs: use page allocation for resident attribute inline data

[Darrick J. Wong]

On Wed, Apr 22, 2026 at 11:35:32PM +0900, Namjae Jeon wrote:
> On Wed, Apr 22, 2026 at 9:55 PM Matthew Wilcox <willy@infradead.org> wrote:
> >
> > On Wed, Apr 22, 2026 at 07:46:27PM +0900, Namjae Jeon wrote:
> > > The current kmemdup() based allocation for IOMAP_INLINE can result in
> > > inline_data pointer having a non-zero page offset. This causes
> > > iomap_inline_data_valid() to fail the check:
> > >
> > >     iomap->length <= PAGE_SIZE - offset_in_page(iomap->inline_data)
> > >
> > > and triggers the kernel BUG at fs/iomap/buffered-io.c:1061.
> >
> > Hang on, hang on, hang on.
> >
> > First, maybe this check is too strict.  I'm sure it's true for EROFS,
> > but I don't see why it should be true for everybody.  Perhaps we should
> > delete this check or relax it?
> I agree that the current check might be unnecessarily strict for
> general cases. So I will prepare another patch to remove this trap for
> further discussion with iomap maintainers.
> >
> > Second, why are you calling kmemdup() to begin with?  This seems
> > entirely pointless; the iomap code is going to call memcpy() on it.
> > You're supposed to just be pointing into your data structures.
> In the initial implementation of NTFS with iomap, I pointed directly
> to the internal data structures. However, I encountered this BUG_ON
> trap during testing, so I switched to page allocation to avoid it.
> Then, during the review process for the NTFS series, I changed it to
> kmemdup() without much thought. If this BUG_ON trap can be removed, I
> could have simply pointed to the internal data structures as you said.

I think the check is wrong.  We rely on the filesystem to point
iomap::inline_data to kernel memory that is at least iomap::length bytes
in size.  If that crosses a PAGE_SIZE boundary that's fine, so long as
the caller actually mapped that much memory.  IOWs, if you have an
iomap:

{pos = 0, inline_data = 0xB0000, length = 32768, ...}

then we trust that you really did map all of the MDA text mode memory
and that memcpy'ing 100 bytes to pos 4090 is ok.

(Perhaps this is a relic of the bs<=ps days?)

--D

Re: [PATCH] ntfs: use page allocation for resident attribute inline data

[Gao Xiang]

Hi,

On 2026/4/22 23:28, Darrick J. Wong wrote:
> On Wed, Apr 22, 2026 at 11:35:32PM +0900, Namjae Jeon wrote:
>> On Wed, Apr 22, 2026 at 9:55 PM Matthew Wilcox <willy@infradead.org> wrote:
>>>
>>> On Wed, Apr 22, 2026 at 07:46:27PM +0900, Namjae Jeon wrote:
>>>> The current kmemdup() based allocation for IOMAP_INLINE can result in
>>>> inline_data pointer having a non-zero page offset. This causes
>>>> iomap_inline_data_valid() to fail the check:
>>>>
>>>>      iomap->length <= PAGE_SIZE - offset_in_page(iomap->inline_data)
>>>>
>>>> and triggers the kernel BUG at fs/iomap/buffered-io.c:1061.
>>>
>>> Hang on, hang on, hang on.
>>>
>>> First, maybe this check is too strict.  I'm sure it's true for EROFS,
>>> but I don't see why it should be true for everybody.  Perhaps we should
>>> delete this check or relax it?
>> I agree that the current check might be unnecessarily strict for
>> general cases. So I will prepare another patch to remove this trap for
>> further discussion with iomap maintainers.
>>>
>>> Second, why are you calling kmemdup() to begin with?  This seems
>>> entirely pointless; the iomap code is going to call memcpy() on it.
>>> You're supposed to just be pointing into your data structures.
>> In the initial implementation of NTFS with iomap, I pointed directly
>> to the internal data structures. However, I encountered this BUG_ON
>> trap during testing, so I switched to page allocation to avoid it.
>> Then, during the review process for the NTFS series, I changed it to
>> kmemdup() without much thought. If this BUG_ON trap can be removed, I
>> could have simply pointed to the internal data structures as you said.
> 
> I think the check is wrong.  We rely on the filesystem to point
> iomap::inline_data to kernel memory that is at least iomap::length bytes
> in size.  If that crosses a PAGE_SIZE boundary that's fine, so long as
> the caller actually mapped that much memory.  IOWs, if you have an
> iomap:
> 
> {pos = 0, inline_data = 0xB0000, length = 32768, ...}
> 
> then we trust that you really did map all of the MDA text mode memory
> and that memcpy'ing 100 bytes to pos 4090 is ok.
> 
> (Perhaps this is a relic of the bs<=ps days?)

Anyway, as said before, I think that particular assertion
can be removed too.

Thanks,
Gao Xiang

> 
> --D

Re: [PATCH] ntfs: use page allocation for resident attribute inline data

[Namjae Jeon]

> >
> > I think the check is wrong.  We rely on the filesystem to point
> > iomap::inline_data to kernel memory that is at least iomap::length bytes
> > in size.  If that crosses a PAGE_SIZE boundary that's fine, so long as
> > the caller actually mapped that much memory.  IOWs, if you have an
> > iomap:
> >
> > {pos = 0, inline_data = 0xB0000, length = 32768, ...}
> >
> > then we trust that you really did map all of the MDA text mode memory
> > and that memcpy'ing 100 bytes to pos 4090 is ok.
> >
> > (Perhaps this is a relic of the bs<=ps days?)
>
> Anyway, as said before, I think that particular assertion
> can be removed too.
Okay, I will submit the patch for this.
Thanks!

Re: [PATCH] ntfs: use page allocation for resident attribute inline data

[Christoph Hellwig]

On Wed, Apr 22, 2026 at 01:55:40PM +0100, Matthew Wilcox wrote:
> On Wed, Apr 22, 2026 at 07:46:27PM +0900, Namjae Jeon wrote:
> > The current kmemdup() based allocation for IOMAP_INLINE can result in
> > inline_data pointer having a non-zero page offset. This causes
> > iomap_inline_data_valid() to fail the check:
> > 
> >     iomap->length <= PAGE_SIZE - offset_in_page(iomap->inline_data)
> > 
> > and triggers the kernel BUG at fs/iomap/buffered-io.c:1061.
> 
> Hang on, hang on, hang on.
> 
> First, maybe this check is too strict.  I'm sure it's true for EROFS,
> but I don't see why it should be true for everybody.  Perhaps we should
> delete this check or relax it?

I think the current check should just go.  ->iomap_inline_data is
treated as a normal linear address everywhere, so any offset in page
check is weird.

> Second, why are you calling kmemdup() to begin with?  This seems
> entirely pointless; the iomap code is going to call memcpy() on it.
> You're supposed to just be pointing into your data structures.

Yes.