summaryrefslogtreecommitdiff
path: root/lib/string_helpers.c
diff options
context:
space:
mode:
authorBrian Foster <bfoster@redhat.com>2020-10-30 00:30:48 +0300
committerDarrick J. Wong <darrick.wong@oracle.com>2020-11-04 19:52:46 +0300
commit869ae85dae64b5540e4362d7fe4cd520e10ec05c (patch)
treebb6969102f0b8a7cef7009964524e98532018f4d /lib/string_helpers.c
parent2c334e12f957cd8c6bb66b4aa3f79848b7c33cab (diff)
downloadlinux-869ae85dae64b5540e4362d7fe4cd520e10ec05c.tar.xz
xfs: flush new eof page on truncate to avoid post-eof corruption
It is possible to expose non-zeroed post-EOF data in XFS if the new EOF page is dirty, backed by an unwritten block and the truncate happens to race with writeback. iomap_truncate_page() will not zero the post-EOF portion of the page if the underlying block is unwritten. The subsequent call to truncate_setsize() will, but doesn't dirty the page. Therefore, if writeback happens to complete after iomap_truncate_page() (so it still sees the unwritten block) but before truncate_setsize(), the cached page becomes inconsistent with the on-disk block. A mapped read after the associated page is reclaimed or invalidated exposes non-zero post-EOF data. For example, consider the following sequence when run on a kernel modified to explicitly flush the new EOF page within the race window: $ xfs_io -fc "falloc 0 4k" -c fsync /mnt/file $ xfs_io -c "pwrite 0 4k" -c "truncate 1k" /mnt/file ... $ xfs_io -c "mmap 0 4k" -c "mread -v 1k 8" /mnt/file 00000400: 00 00 00 00 00 00 00 00 ........ $ umount /mnt/; mount <dev> /mnt/ $ xfs_io -c "mmap 0 4k" -c "mread -v 1k 8" /mnt/file 00000400: cd cd cd cd cd cd cd cd ........ Update xfs_setattr_size() to explicitly flush the new EOF page prior to the page truncate to ensure iomap has the latest state of the underlying block. Fixes: 68a9f5e7007c ("xfs: implement iomap based buffered write path") Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Diffstat (limited to 'lib/string_helpers.c')
0 files changed, 0 insertions, 0 deletions