Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3410798img; Mon, 25 Mar 2019 09:43:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqxsJSXopVnx5jfLTCpJ8sTKovEIBH66w+d0Nz1+eSRs5oWGA29ptqezrdqZsKL4SehX8M6R X-Received: by 2002:a17:902:14b:: with SMTP id 69mr26177857plb.216.1553532210431; Mon, 25 Mar 2019 09:43:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553532210; cv=none; d=google.com; s=arc-20160816; b=KKWeNXO0bDZMhNmlZ0ZrVumtn4OLq9F/GYom7bfkqrEUjzuFUj2ErNcwv3f0AJkBye WMbiVyNqqYqpi/nQ8MGYlTUgEgBBBxyhmt5EIygUvGgiEjFpVXrwEUSEDY5ADARH3sBx 5CYAeoer0qb9AWSfi3toRWNC4FyDzi2OGQPJG9t4m/cQ2TpEScrtjG+oMcybxTzJkmLD ovXPiPYlbouwI4A3MvaV41o9JPjl+SxB7XM0JgN2l5ZzNzyyuzMalHUN8Ls1n0ptqbKM Pbnm90pvGW/I0vb+YgNLM4xL6sCuyVjk93KpB7ZJk2ukvLd5yfYEibE6Ti1NK41byimP SRPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=IC1UyV+AwiaWX3NBI5NNCL77nF+XVnxgBh6Hxkh9w9M=; b=MobNQap69dHgYKs3N3QySyJckwnxfUG9aZaZ+EtfjnoK6HDB3vW7L3iXiqtjCVQWm/ 4GCm1+3gE3IXnqBkE4Sazb+C4QnkOX5RozBRmgCKrVLejNGaF+o9PrnW+lqjJbsWhm+Y FzX5bzohK4f7yqAIZYp35CD4pftoKQWfp4XS2x0lRKQNYOOnvlO2ZfzKcKdqZG9GtD7B VfRTVD8IOl3TGIJ2Va25MiSv19K53EpZ3OCePEYFiNsofS+eXEbr8BWLis0xRaT6GAVs PHTzdA0tD+PlVb606w0wpV+iANi4xeASr+3l0SfuZoLycBTWO2SIET8II7fOyL6I9qPk 7t1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o24si13529412pgk.41.2019.03.25.09.43.15; Mon, 25 Mar 2019 09:43:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729720AbfCYQmN (ORCPT + 99 others); Mon, 25 Mar 2019 12:42:13 -0400 Received: from mx2.suse.de ([195.135.220.15]:45726 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725747AbfCYQmN (ORCPT ); Mon, 25 Mar 2019 12:42:13 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 002F1AFEF; Mon, 25 Mar 2019 16:42:11 +0000 (UTC) Received: by quack2.suse.cz (Postfix, from userid 1000) id 2C52F1E429A; Mon, 25 Mar 2019 17:42:11 +0100 (CET) Date: Mon, 25 Mar 2019 17:42:11 +0100 From: Jan Kara To: Steve Magnani Cc: Jan Kara , "linux-kernel@vger.kernel.org" , linux-fsdevel@vger.kernel.org Subject: Re: Possible UDF locking error? Message-ID: <20190325164211.GF8308@quack2.suse.cz> References: <224e1613-b080-bd64-ef88-badcb755a233@digidescorp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <224e1613-b080-bd64-ef88-badcb755a233@digidescorp.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! On Sat 23-03-19 15:14:05, Steve Magnani wrote: > I have been hunting a UDF bug that occasionally results in generation > of an Allocation Extent Descriptor with an incorrect tagLocation. So > far I haven't been able to see a path through the code that could > cause that. But, I noticed some inconsistency in locking during > AED generation and wonder if it could result in random corruption. > > The function udf_update_inode() has this general pattern: > > bh = udf_tgetblk(...); // calls sb_getblk() > lock_buffer(bh); > memset(bh->b_data, 0, inode->i_sb->s_blocksize); > // other code to populate FE/EFE data in the block > set_buffer_uptodate(bh); > unlock_buffer(bh); > mark_buffer_dirty(bh); > > This I can understand - the lock is held for as long as the buffer > contents are being assembled. > > In contrast, udf_setup_indirect_aext(), which constructs an AED, > has this sequence: > > bh = udf_tgetblk(...); // calls sb_getblk() > lock_buffer(bh); > memset(bh->b_data, 0, inode->i_sb->s_blocksize); > > set_buffer_uptodate(bh); > unlock_buffer(bh); > mark_buffer_dirty_inode(bh); > > // other code to populate AED data in the block > > In this case the population of the block occurs without > the protection of the lock. > > Because the block has been marked dirty, does this mean that > writeback could occur at any point during population? Yes. Thanks for noticing this! > There is one path through udf_setup_indirect_aext() where > mark_buffer_dirty_inode() gets called again after population is > complete, which I suppose could heal a partial writeout, but there is > also another path in which the buffer does not get marked dirty again. Generally, we add new extents to the created indirect extent which dirties the buffer and that should fix the problem. But you are definitely right that the code is suspicious and should be fixed. Will you send a patch? Honza -- Jan Kara SUSE Labs, CR