Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp513717yba;
        Mon, 1 Apr 2019 10:49:03 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzq0gGtcwRnMfHMzJT5PJ6fKX6XUcZqsimSc29JKT1Dxd9mJkD1hPHQ2p/5ixfk8anRaxE5
X-Received: by 2002:a17:902:e393:: with SMTP id ch19mr11778983plb.117.1554140943213;
        Mon, 01 Apr 2019 10:49:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554140943; cv=none;
        d=google.com; s=arc-20160816;
        b=vhEpXUoN5nA2LMxyT4q6qRB3xNEu5/fyIxjV+8cIp6dpnwCNChMjUzSsQm89dd52e/
         coLVFfqzK1o7L1Wa69+r0v14nzq8nOWXF1PIJ0qdYDS3lrLtKzUZyvfG000P0B6MV7Ao
         gMvI2bP5xmTYVWSyteEemU+0+bm+LN741wokpH1RdGQWKQmiDiLxq/K9RenqGVQLTCKl
         M9+W+3/kE+60v7c4YAvKjSAuSMKlISM2l8zz0uDn2nyZgiUxg45CQQCS69j/ude65dmW
         64qQ084PfHNKf6WkpMXtCm9HoXB+J0rYtzYBIv0Ek6WcUiTrl4lu4tdRON01GZjzuroe
         JiOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=nr9FNwQhwAvPY5HqGC/PvyXsHsml8B/kEqar7YrIgKk=;
        b=EiD50WoBtEqsZaBAc9xF1AJCwAU946wZOkM8oZFP81HvblkTh8kpNC4Fp0o51pXFSz
         cnnWKBwnoF6yq3stvqa6dQYwKOz9piVC4xviSXWbl2Wn1S7Qc+nrlbbUzCH0n0IRKOK3
         bKlg34IRvza1WsijBPU+U8bgMNgrEoLE67gjLz0Og8a8Kc4RMi+HLW7CteY+NRNSNTKC
         pNTqyd4/rhti3K1EDO+WKr69UwjEOSqHHmGQ7NqVoBtZlvPiA+W9WTcuixKbwWmkaFzx
         VplIejeXeexnH3tSXJKzTXXSFipv/S+arxpcBIjqXx4zWpTiZ3l5RePrG11/Qu3w04FM
         QCLw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=w93nOsB2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g126si9095371pgc.75.2019.04.01.10.48.47;
        Mon, 01 Apr 2019 10:49:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=w93nOsB2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387410AbfDARsP (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Mon, 1 Apr 2019 13:48:15 -0400
Received: from mail.kernel.org ([198.145.29.99]:38946 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1732092AbfDARbZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Apr 2019 13:31:25 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id A9A6820856;
        Mon,  1 Apr 2019 17:31:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1554139884;
        bh=abgMX9ip/tT90shcIb1UEdSVowoMRXXL2rrSKTVN6Gw=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=w93nOsB2CS3S++chirBDo7L2AwZDERoJ56OsRLE0paowo6lSXUrsQJbacvOc/RHv/
         t+1Y9m6q2EF5LMXRS/+3MmiqhHc/HP2oRsvg4vJjx6yr5dG92DMcMiOzDU3ADPQbCX
         Oyj1VZgJt8aKrNEInB7pBeZuJvufLrq9LvC5yezs=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Frank Sorenson <fsorenso@redhat.com>,
        Lukas Czerner <lczerner@redhat.com>,
        Theodore Tso <tytso@mit.edu>
Subject: [PATCH 4.4 008/131] ext4: fix data corruption caused by unaligned direct AIO
Date:   Mon,  1 Apr 2019 19:01:18 +0200
Message-Id: <20190401170052.457821782@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190401170051.645954551@linuxfoundation.org>
References: <20190401170051.645954551@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lukas Czerner <lczerner@redhat.com>

commit 372a03e01853f860560eade508794dd274e9b390 upstream.

Ext4 needs to serialize unaligned direct AIO because the zeroing of
partial blocks of two competing unaligned AIOs can result in data
corruption.

However it decides not to serialize if the potentially unaligned aio is
past i_size with the rationale that no pending writes are possible past
i_size. Unfortunately if the i_size is not block aligned and the second
unaligned write lands past i_size, but still into the same block, it has
the potential of corrupting the previous unaligned write to the same
block.

This is (very simplified) reproducer from Frank

    // 41472 = (10 * 4096) + 512
    // 37376 = 41472 - 4096

    ftruncate(fd, 41472);
    io_prep_pwrite(iocbs[0], fd, buf[0], 4096, 37376);
    io_prep_pwrite(iocbs[1], fd, buf[1], 4096, 41472);

    io_submit(io_ctx, 1, &iocbs[1]);
    io_submit(io_ctx, 1, &iocbs[2]);

    io_getevents(io_ctx, 2, 2, events, NULL);

Without this patch the 512B range from 40960 up to the start of the
second unaligned write (41472) is going to be zeroed overwriting the data
written by the first write. This is a data corruption.

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
00009200  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
*
0000a000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
0000a200  31 31 31 31 31 31 31 31  31 31 31 31 31 31 31 31

With this patch the data corruption is avoided because we will recognize
the unaligned_aio and wait for the unwritten extent conversion.

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
*
00009200  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
*
0000a200  31 31 31 31 31 31 31 31  31 31 31 31 31 31 31 31
*
0000b200

Reported-by: Frank Sorenson <fsorenso@redhat.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes: e9e3bcecf44c ("ext4: serialize unaligned asynchronous DIO")
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/file.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -79,7 +79,7 @@ ext4_unaligned_aio(struct inode *inode,
 	struct super_block *sb = inode->i_sb;
 	int blockmask = sb->s_blocksize - 1;
 
-	if (pos >= i_size_read(inode))
+	if (pos >= ALIGN(i_size_read(inode), sb->s_blocksize))
 		return 0;
 
 	if ((pos | iov_iter_alignment(from)) & blockmask)