From: Greg KH <greg@kroah.com>
To: Sasha Levin <sashal@kernel.org>
Cc: stable@vger.kernel.org, Zhang Yi <yi.zhang@huawei.com>,
Ojaswin Mujoo <ojaswin@linux.ibm.com>,
Baokun Li <libaokun1@huawei.com>,
stable@kernel.org, Theodore Ts'o <tytso@mit.edu>
Subject: Re: [PATCH 6.1.y] ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O
Date: Sat, 21 Mar 2026 15:39:24 +0100 [thread overview]
Message-ID: <2026032119-chevy-unsmooth-a3a4@gregkh> (raw)
In-Reply-To: <20260225025732.3839126-1-sashal@kernel.org>
On Tue, Feb 24, 2026 at 09:57:32PM -0500, Sasha Levin wrote:
> From: Zhang Yi <yi.zhang@huawei.com>
>
> [ Upstream commit feaf2a80e78f89ee8a3464126077ba8683b62791 ]
>
> When allocating blocks during within-EOF DIO and writeback with
> dioread_nolock enabled, EXT4_GET_BLOCKS_PRE_IO was set to split an
> existing large unwritten extent. However, EXT4_GET_BLOCKS_CONVERT was
> set when calling ext4_split_convert_extents(), which may potentially
> result in stale data issues.
>
> Assume we have an unwritten extent, and then DIO writes the second half.
>
> [UUUUUUUUUUUUUUUU] on-disk extent U: unwritten extent
> [UUUUUUUUUUUUUUUU] extent status tree
> |<- ->| ----> dio write this range
>
> First, ext4_iomap_alloc() call ext4_map_blocks() with
> EXT4_GET_BLOCKS_PRE_IO, EXT4_GET_BLOCKS_UNWRIT_EXT and
> EXT4_GET_BLOCKS_CREATE flags set. ext4_map_blocks() find this extent and
> call ext4_split_convert_extents() with EXT4_GET_BLOCKS_CONVERT and the
> above flags set.
>
> Then, ext4_split_convert_extents() calls ext4_split_extent() with
> EXT4_EXT_MAY_ZEROOUT, EXT4_EXT_MARK_UNWRIT2 and EXT4_EXT_DATA_VALID2
> flags set, and it calls ext4_split_extent_at() to split the second half
> with EXT4_EXT_DATA_VALID2, EXT4_EXT_MARK_UNWRIT1, EXT4_EXT_MAY_ZEROOUT
> and EXT4_EXT_MARK_UNWRIT2 flags set. However, ext4_split_extent_at()
> failed to insert extent since a temporary lack -ENOSPC. It zeroes out
> the first half but convert the entire on-disk extent to written since
> the EXT4_EXT_DATA_VALID2 flag set, but left the second half as unwritten
> in the extent status tree.
>
> [0000000000SSSSSS] data S: stale data, 0: zeroed
> [WWWWWWWWWWWWWWWW] on-disk extent W: written extent
> [WWWWWWWWWWUUUUUU] extent status tree
>
> Finally, if the DIO failed to write data to the disk, the stale data in
> the second half will be exposed once the cached extent entry is gone.
>
> Fix this issue by not passing EXT4_GET_BLOCKS_CONVERT when splitting
> an unwritten extent before submitting I/O, and make
> ext4_split_convert_extents() to zero out the entire extent range
> to zero for this case, and also mark the extent in the extent status
> tree for consistency.
>
> Fixes: b8a8684502a0 ("ext4: Introduce FALLOC_FL_ZERO_RANGE flag for fallocate")
> Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
> Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
> Reviewed-by: Baokun Li <libaokun1@huawei.com>
> Cc: stable@kernel.org
> Message-ID: <20251129103247.686136-4-yi.zhang@huaweicloud.com>
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> [ different function signatures ]
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> fs/ext4/extents.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 1aad4ae0e7ae4..dfc365b021094 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -3705,11 +3705,15 @@ static int ext4_split_convert_extents(handle_t *handle,
> /* Convert to unwritten */
> if (flags & EXT4_GET_BLOCKS_CONVERT_UNWRITTEN) {
> split_flag |= EXT4_EXT_DATA_VALID1;
> - /* Convert to initialized */
> - } else if (flags & EXT4_GET_BLOCKS_CONVERT) {
> + /* Split the existing unwritten extent */
> + } else if (flags & (EXT4_GET_BLOCKS_UNWRIT_EXT |
> + EXT4_GET_BLOCKS_CONVERT)) {
> split_flag |= ee_block + ee_len <= eof_block ?
> EXT4_EXT_MAY_ZEROOUT : 0;
> - split_flag |= (EXT4_EXT_MARK_UNWRIT2 | EXT4_EXT_DATA_VALID2);
> + split_flag |= EXT4_EXT_MARK_UNWRIT2;
> + /* Convert to initialized */
> + if (flags & EXT4_GET_BLOCKS_CONVERT)
> + split_flag |= EXT4_EXT_DATA_VALID2;
> }
> flags |= EXT4_GET_BLOCKS_PRE_IO;
> return ext4_split_extent(handle, inode, ppath, map, split_flag, flags);
> @@ -3874,7 +3878,7 @@ ext4_ext_handle_unwritten_extents(handle_t *handle, struct inode *inode,
> /* get_block() before submitting IO, split the extent */
> if (flags & EXT4_GET_BLOCKS_PRE_IO) {
> ret = ext4_split_convert_extents(handle, inode, map, ppath,
> - flags | EXT4_GET_BLOCKS_CONVERT);
> + flags);
> if (ret < 0) {
> err = ret;
> goto out2;
> --
> 2.51.0
>
>
Does not apply :(
prev parent reply other threads:[~2026-03-21 14:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-24 21:43 FAILED: patch "[PATCH] ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before" failed to apply to 6.1-stable tree gregkh
2026-02-25 2:57 ` [PATCH 6.1.y] ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O Sasha Levin
2026-03-21 14:39 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026032119-chevy-unsmooth-a3a4@gregkh \
--to=greg@kroah.com \
--cc=libaokun1@huawei.com \
--cc=ojaswin@linux.ibm.com \
--cc=sashal@kernel.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox