From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34959433B3 for ; Wed, 25 Feb 2026 03:07:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771988821; cv=none; b=QBkwOjXgFnE+npFJ0Psap8k5hbug4HemfFyH9kHIU7WUahDFydlnPSadVnKleR87kea+JxluR4WbcIkHne7N6/kaFYsAjzMiiZ3X6huVNko7uhH4k/jbJT+4k1za9CTepBpbmIxCcMbGh/Cwno+nz3LcEA1W6kQHGbNQTRDZEtk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771988821; c=relaxed/simple; bh=EZcUFIayQZsXFKI0cSaQkvSiUH6HJXkpLyv8t5dPXBg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dgQHUVPDW3/TeC1NzkN4Vso0P5hZUCNcb0obAKPqSAfNpnuG/qQ2fTEQM9220gZujsgUaWXsg3l8Ca6XLj6RbHKIqQRPzz8OMG1diixcQXoGLfZA5jm/5o4mqQa+hvM6ZvjEuFbFiijtk5S7R9H6Vr/2HFAvcqnISvEV7SibO9w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Pj+3kILl; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Pj+3kILl" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A992C19422; Wed, 25 Feb 2026 03:07:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1771988821; bh=EZcUFIayQZsXFKI0cSaQkvSiUH6HJXkpLyv8t5dPXBg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Pj+3kILlAYEA2HbwfveL/VrXfSIGNmtEvtpeKl0AU75F2uSM74P0ygRWCeyOjOVRr 8K1UrG9xm7z/wVecN2MO4Wmi5zxq1PFKixrNxTD6UHB3H+tJtLdbVfJpRGxxO2iB+5 gzri6d+tHLgBUF1Fr0gS5aL3hzWRSozOvvgtclUzyFcscIy7R3/aRvnTxQnZQZyA9H yGpf9c472SsXevznPwrX1DPsQKa95xilSPOoX7yn4epK6cGN5EfGohp1PCX/xgeLCQ qXgh0z+g3nzItPX7aEyOU/Lb/14sL67MJ93x478VbOl2Fk1gtBP5zxsxxGAphYsDOc av9IxM2+3rRSA== From: Sasha Levin To: stable@vger.kernel.org Cc: Zhang Yi , Baokun Li , stable@kernel.org, Ojaswin Mujoo , Theodore Ts'o , Sasha Levin Subject: [PATCH 6.6.y 7/7] ext4: drop extent cache after doing PARTIAL_VALID1 zeroout Date: Tue, 24 Feb 2026 22:06:52 -0500 Message-ID: <20260225030652.3846997-7-sashal@kernel.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260225030652.3846997-1-sashal@kernel.org> References: <2026022413-broken-enchanted-0ce7@gregkh> <20260225030652.3846997-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Zhang Yi [ Upstream commit 6d882ea3b0931b43530d44149b79fcd4ffc13030 ] When splitting an unwritten extent in the middle and converting it to initialized in ext4_split_extent() with the EXT4_EXT_MAY_ZEROOUT and EXT4_EXT_DATA_VALID2 flags set, it could leave a stale unwritten extent. Assume we have an unwritten file and buffered write in the middle of it without dioread_nolock enabled, it will allocate blocks as written extent. 0 A B N [UUUUUUUUUUUU] on-disk extent U: unwritten extent [UUUUUUUUUUUU] extent status tree [--DDDDDDDD--] D: valid data |<- ->| ----> this range needs to be initialized ext4_split_extent() first try to split this extent at B with EXT4_EXT_DATA_PARTIAL_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but ext4_split_extent_at() failed to split this extent due to temporary lack of space. It zeroout B to N and leave the entire extent as unwritten. 0 A B N [UUUUUUUUUUUU] on-disk extent [UUUUUUUUUUUU] extent status tree [--DDDDDDDDZZ] Z: zeroed data ext4_split_extent() then try to split this extent at A with EXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and leave an written extent from A to N. 0 A B N [UUWWWWWWWWWW] on-disk extent W: written extent [UUUUUUUUUUUU] extent status tree [--DDDDDDDDZZ] Finally ext4_map_create_blocks() only insert extent A to B to the extent status tree, and leave an stale unwritten extent in the status tree. 0 A B N [UUWWWWWWWWWW] on-disk extent W: written extent [UUWWWWWWWWUU] extent status tree [--DDDDDDDDZZ] Fix this issue by always cached extent status entry after zeroing out the second part. Signed-off-by: Zhang Yi Reviewed-by: Baokun Li Cc: stable@kernel.org Reviewed-by: Ojaswin Mujoo Message-ID: <20251129103247.686136-7-yi.zhang@huaweicloud.com> Signed-off-by: Theodore Ts'o Signed-off-by: Sasha Levin --- fs/ext4/extents.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 2d322b06ccd88..3326da0765d27 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3299,8 +3299,16 @@ static struct ext4_ext_path *ext4_split_extent_at(handle_t *handle, * extent length and ext4_split_extent() split will the * first half again. */ - if (split_flag & EXT4_EXT_DATA_PARTIAL_VALID1) + if (split_flag & EXT4_EXT_DATA_PARTIAL_VALID1) { + /* + * Drop extent cache to prevent stale unwritten + * extents remaining after zeroing out. + */ + ext4_es_remove_extent(inode, + le32_to_cpu(zero_ex.ee_block), + ext4_ext_get_actual_len(&zero_ex)); goto fix_extent_len; + } /* update the extent length and mark as initialized */ ex->ee_len = cpu_to_le16(ee_len); -- 2.51.0