Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp1823577img;
        Sat, 23 Mar 2019 13:15:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzl2N0mdMXR/o9j98CEvSozO2L0zq0squ3jJkVmCVcbWH0/fdCzh/IQthXalWNv7bJjeYPs
X-Received: by 2002:a62:b517:: with SMTP id y23mr15724853pfe.144.1553372109613;
        Sat, 23 Mar 2019 13:15:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553372109; cv=none;
        d=google.com; s=arc-20160816;
        b=iErglXVMrG61JkJJk5AkPcDODIm6Q+EwVDJMQEARH6bsWsKgCeFLC4gH/F9LqUaRMc
         7WKt3Hc9O4xl2WBV7StBpWS1HYaUieuRZN5P0MPXFUZUX8y29IQgn8cVM4/W0QeL7Nvt
         CDvXDhl9Y4570xmpTJWXad4+FQdajkBGeQT/soskkmd63lA2SeoCLArnqXhGdZoJ2SW0
         kPOSfD0m58heMG/H0pUgu7uf4oAj356/3e2uF4D/WTQ9IGbnmctXdLMRqsGMowohsERm
         jCF0U8zFCecR06wFOx0RvtyecRk2x/WVUl64P9TSZTqbRwaZCRhwOBp6dCsyImE5KK3w
         LbOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:mime-version:user-agent:date:message-id
         :to:subject:from:dkim-signature;
        bh=QftJ9XujrPqD27cmAQFQRYEvhMiam8l9chwl5OSpN1k=;
        b=kdE/7f1Ys2eAuzyuDaRN1rTlpWjaIMD0N/KVXomURTWPd7u03/2L2xFuJCuD0WgIXy
         ND8TXZjsUciv8AwVfq+juXHxxahjMB94FHqRLkzSPm9wuc2BvmXYagjSNHs0NFolYD2b
         USG/FkOF8chEb55E/rxYfru7eQsmb5vM3khuJ/CelInsFrNhY0UsqisCfvCqlDs7GVHf
         vJ0YNyipPY+u9pK/DFrnog7j1Bzeg6Rswn2qqQCCCQXfIpQOtgwFVlK8eue5bG6SVzi4
         qcR3TojFGYbCFtA9kxQOzrNvP/dDdYye0aSr//uLtPJYagXzcDD2H6iWOETy5jExZKrw
         JyEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@digidescorp.com header.s=google header.b=GLceO8C7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f9si9610531pgc.576.2019.03.23.13.14.54;
        Sat, 23 Mar 2019 13:15:09 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@digidescorp.com header.s=google header.b=GLceO8C7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727764AbfCWUOI (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Sat, 23 Mar 2019 16:14:08 -0400
Received: from mail-it1-f176.google.com ([209.85.166.176]:54160 "EHLO
        mail-it1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727544AbfCWUOI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 23 Mar 2019 16:14:08 -0400
Received: by mail-it1-f176.google.com with SMTP id w85so1523012itc.3
        for <linux-kernel@vger.kernel.org>; Sat, 23 Mar 2019 13:14:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=digidescorp.com; s=google;
        h=from:subject:to:message-id:date:user-agent:mime-version
         :content-transfer-encoding:content-language;
        bh=QftJ9XujrPqD27cmAQFQRYEvhMiam8l9chwl5OSpN1k=;
        b=GLceO8C7GUV6H7xdhTqPmqcyb7TgOsRCt6cxYLX2Qqq43uV8MHwAMiK0zL4inmkgNy
         dZzQfpDfGZI5Hc5xwe5jfRQup3zQNba0W9My4S3vAImrJf82Mhze2fVTgX35UUHddNY0
         GYXlTZ3QMQQHV1v4PCJXFAl2DYdmnYjT95wwA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:subject:to:message-id:date:user-agent
         :mime-version:content-transfer-encoding:content-language;
        bh=QftJ9XujrPqD27cmAQFQRYEvhMiam8l9chwl5OSpN1k=;
        b=NR22swHThz5HnPW4VmYfeZuKLaaRj48yzRx5n1OJhKRENx2BQv483JZEDHzr0g6OAa
         KzpRuBSFG0EiGLa2kDhxAqFGXxqK79RFMpMxRomPpS8v0uMcF6SVgfc6A02tv3pcHPfp
         02c5ftOwSEhy6a/hpeMhlxZWCf2eDc0zeUwBPXlCtkAWxbthO9rcZw8dLgwolzMtpL//
         i4WV5eD7zrZJDQTS+JAlSrN0/mmAXSQ2DYdANjjEfXZhaSiN7Fa4Zjybd4nf7IHClxRQ
         ONCk0/YufW55eJ2i6NKpPZASfzMOum5EZ1MzCkgA7q/S26+Bo6AXD9cM3W0Q/1Ek4iKs
         YiCw==
X-Gm-Message-State: APjAAAXEFzKZCePsTWq6Os1BWdm5bYhacg03vsrEQHqPZPGFpT6l6VO/
        185P6IbCZutXnJUbONgqrydrmQ==
X-Received: by 2002:a05:660c:ad2:: with SMTP id k18mr2811476itl.98.1553372046607;
        Sat, 23 Mar 2019 13:14:06 -0700 (PDT)
Received: from ?IPv6:2600:1700:c991:2dc0::64? ([2600:1700:c991:2dc0::64])
        by smtp.googlemail.com with ESMTPSA id y101sm3334630ita.25.2019.03.23.13.14.05
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 23 Mar 2019 13:14:06 -0700 (PDT)
From:   Steve Magnani <steve.magnani@digidescorp.com>
Subject: Possible UDF locking error?
To:     Jan Kara <jack@suse.cz>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        linux-fsdevel@vger.kernel.org
Message-ID: <224e1613-b080-bd64-ef88-badcb755a233@digidescorp.com>
Date:   Sat, 23 Mar 2019 15:14:05 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

I have been hunting a UDF bug that occasionally results in generation
of an Allocation Extent Descriptor with an incorrect tagLocation. So
far I haven't been able to see a path through the code that could
cause that. But, I noticed some inconsistency in locking during
AED generation and wonder if it could result in random corruption.

The function udf_update_inode() has this general pattern:

   bh = udf_tgetblk(...);   // calls sb_getblk()
   lock_buffer(bh);
   memset(bh->b_data, 0, inode->i_sb->s_blocksize);
   
   // <snip>other code to populate FE/EFE data in the block</snip>
   
   set_buffer_uptodate(bh);
   unlock_buffer(bh);
   mark_buffer_dirty(bh);

This I can understand - the lock is held for as long as the buffer
contents are being assembled.

In contrast, udf_setup_indirect_aext(), which constructs an AED,
has this sequence:

   bh = udf_tgetblk(...);   // calls sb_getblk()
   lock_buffer(bh);
   memset(bh->b_data, 0, inode->i_sb->s_blocksize);

   set_buffer_uptodate(bh);
   unlock_buffer(bh);
   mark_buffer_dirty_inode(bh);

   // <snip>other code to populate AED data in the block</snip>

In this case the population of the block occurs without
the protection of the lock.

Because the block has been marked dirty, does this mean that
writeback could occur at any point during population?

There is one path through udf_setup_indirect_aext() where
mark_buffer_dirty_inode() gets called again after population is
complete, which I suppose could heal a partial writeout, but there is
also another path in which the buffer does not get marked dirty again.

Regards,
  ------------------------------------------------------------------------
  Steven J. Magnani               "I claim this network for MARS!
  www.digidescorp.com              Earthling, return my space modulator!"

  #include <standard.disclaimer>