* [PATCH] tmpfs: don't undo fallocate past its last page @ 2016-05-08 13:16 Anthony Romano 2016-05-16 11:59 ` Vlastimil Babka 0 siblings, 1 reply; 3+ messages in thread From: Anthony Romano @ 2016-05-08 13:16 UTC (permalink / raw) To: hughd; +Cc: linux-mm, linux-kernel, Anthony Romano When fallocate is interrupted it will undo a range that extends one byte past its range of allocated pages. This can corrupt an in-use page by zeroing out its first byte. Instead, undo using the inclusive byte range. Signed-off-by: Anthony Romano <anthony.romano@coreos.com> --- mm/shmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/shmem.c b/mm/shmem.c index 719bd6b..f0f9405 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, /* Remove the !PageUptodate pages we added */ shmem_undo_range(inode, (loff_t)start << PAGE_SHIFT, - (loff_t)index << PAGE_SHIFT, true); + ((loff_t)index << PAGE_SHIFT) - 1, true); goto undone; } -- 2.8.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] tmpfs: don't undo fallocate past its last page 2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano @ 2016-05-16 11:59 ` Vlastimil Babka 2016-06-06 4:05 ` Brandon Philips 0 siblings, 1 reply; 3+ messages in thread From: Vlastimil Babka @ 2016-05-16 11:59 UTC (permalink / raw) To: Anthony Romano, hughd; +Cc: linux-mm, linux-kernel On 05/08/2016 03:16 PM, Anthony Romano wrote: > When fallocate is interrupted it will undo a range that extends one byte > past its range of allocated pages. This can corrupt an in-use page by > zeroing out its first byte. Instead, undo using the inclusive byte range. Huh, good catch. So why is shmem_undo_range() adding +1 to the value in the first place? The only other caller is shmem_truncate_range() and all *its* callers do subtract 1 to avoid the same issue. So a nicer fix would be to remove all this +1/-1 madness. Or is there some subtle corner case I'm missing? > Signed-off-by: Anthony Romano <anthony.romano@coreos.com> Looks like a stable candidate patch. Can you point out the commit that introduced the bug, for the Fixes: tag? Thanks, Vlastimil > --- > mm/shmem.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/shmem.c b/mm/shmem.c > index 719bd6b..f0f9405 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, > /* Remove the !PageUptodate pages we added */ > shmem_undo_range(inode, > (loff_t)start << PAGE_SHIFT, > - (loff_t)index << PAGE_SHIFT, true); > + ((loff_t)index << PAGE_SHIFT) - 1, true); > goto undone; > } > > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] tmpfs: don't undo fallocate past its last page 2016-05-16 11:59 ` Vlastimil Babka @ 2016-06-06 4:05 ` Brandon Philips 0 siblings, 0 replies; 3+ messages in thread From: Brandon Philips @ 2016-06-06 4:05 UTC (permalink / raw) To: Vlastimil Babka, Anthony Romano, Hugh Dickins, Christoph Hellwig, Cong Wang, Kay Sievers, Andrew Morton, Matthew Garrett Cc: linux-mm, linux-kernel On Mon, May 16, 2016 at 4:59 AM, Vlastimil Babka <vbabka@suse.cz> wrote: > On 05/08/2016 03:16 PM, Anthony Romano wrote: >> >> When fallocate is interrupted it will undo a range that extends one byte >> past its range of allocated pages. This can corrupt an in-use page by >> zeroing out its first byte. Instead, undo using the inclusive byte range. > > > Huh, good catch. So why is shmem_undo_range() adding +1 to the value in the > first place? The only other caller is shmem_truncate_range() and all *its* > callers do subtract 1 to avoid the same issue. So a nicer fix would be to > remove all this +1/-1 madness. Or is there some subtle corner case I'm > missing? Bumping this thread as I don't think this patch has gotten picked up. And cc'ing folks from 1635f6a74152f1dcd1b888231609d64875f0a81a. Also, resending because I forgot to remove the HTML mime-type to make vger happy. Thank you, Brandon >> Signed-off-by: Anthony Romano <anthony.romano@coreos.com> > > > Looks like a stable candidate patch. Can you point out the commit that > introduced the bug, for the Fixes: tag? > > Thanks, > Vlastimil > > >> --- >> mm/shmem.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/mm/shmem.c b/mm/shmem.c >> index 719bd6b..f0f9405 100644 >> --- a/mm/shmem.c >> +++ b/mm/shmem.c >> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int >> mode, loff_t offset, >> /* Remove the !PageUptodate pages we added */ >> shmem_undo_range(inode, >> (loff_t)start << PAGE_SHIFT, >> - (loff_t)index << PAGE_SHIFT, true); >> + ((loff_t)index << PAGE_SHIFT) - 1, true); >> goto undone; >> } >> >> > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-06 4:13 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano 2016-05-16 11:59 ` Vlastimil Babka 2016-06-06 4:05 ` Brandon Philips
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox