Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp58505ybp;
        Thu, 3 Oct 2019 10:08:52 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwYOjkU/7t+b3g5CNZHnQOTw6SX0d+j2RrXb2+gdxPGBiXj972W1N/v4xBrG9i9/XaGqNAR
X-Received: by 2002:a17:906:3294:: with SMTP id 20mr8619911ejw.19.1570122532310;
        Thu, 03 Oct 2019 10:08:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570122532; cv=none;
        d=google.com; s=arc-20160816;
        b=KMsorxRP0U+0Eq57McWi6zaGdH6gQ2Ke69G2JhG7kLaXxMOl/dH7HaBKc4SDrRfolU
         2FgmdVmEZaY0jkwrrQx94a6gX7B1zyL8hxB/iGeSWJbdsqC9JqVjXCh2So3k8yvWNXqF
         6nMXtmd3X6DE8L9GLf292hkZh660a8g7xZ6XIZEea1qTWBefasEHcNyjgojSf8S/XyxV
         K9wv/6WhUoveMhYkpUlZPiNtc6Y7V62i7OHaC1PgsbP5ELUesPWSgF1ULZpKGXlMBW6k
         2wPJcawb/PHTCxOBagJrwvF/JLY0ipylSCd9tCnijUCMEPUNtq3I7wQABRtjncu//kvd
         B9jg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=T2T/dR/e6loCvsu/jvcHbhbXjVNtVGz8O+LvzR13qP0=;
        b=vGqJ5X4/rkX83moM6p7U/8w2wh0HuxIcOiyY574zF39EpyVbJJU+7X9atS1hEvJ/w2
         4tAld4GzqLcHMnrPIWRs+xJ+cKr3ukcTf2YBi0wzg3T/RBrUie4Aourq4+buYh5SDcPm
         N4RrNl6qCu7p7sqpAqtuOPGzIE1lTbQjOGdRH+s4R2LexHMjtkTStqjUYqNlVV+SLb8e
         1kg2cY6RcQhrxA4NdmboREKxi0s/LxI0jBu3OowfS4Ars5nQDZJpRaS0HioqPVMXq73V
         sivG7lte0H6CAB62y14URj6+7BTcGI6SyGTL8BbZmEWNgyXr1GkJO7V3V109lUGt0iPj
         XvnA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ljnnjxNT;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b25si1675568ejb.49.2019.10.03.10.08.27;
        Thu, 03 Oct 2019 10:08:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ljnnjxNT;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2404565AbfJCQhZ (ORCPT <rfc822;mailist1go@gmail.com>
        + 99 others); Thu, 3 Oct 2019 12:37:25 -0400
Received: from mail.kernel.org ([198.145.29.99]:46742 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2404537AbfJCQhX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Oct 2019 12:37:23 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 7556F215EA;
        Thu,  3 Oct 2019 16:37:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1570120643;
        bh=RjH1GojXECxYBr6Mhu/WbuUw97Gtq5ZyNwyCJA+UG+o=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ljnnjxNTccTDa+4geN/WLBdrp3eZpck7e/Z/T435PTX0+PtrCURsAhXMUgLiShAOe
         gfmtp6Gto67vzRmHAulF9dpTu570Hg0+o3VvOrpSt9HEYe+C9CynSK4vPNM5oF0lat
         jqlYgGV3TXY3L4+kvgwwJjNw8gN0R+lu/Gq7B5YI=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Amir Goldstein <amir73il@gmail.com>,
        Jan Kara <jack@suse.cz>,
        "Darrick J. Wong" <darrick.wong@oracle.com>
Subject: [PATCH 5.2 299/313] xfs: Fix stale data exposure when readahead races with hole punch
Date:   Thu,  3 Oct 2019 17:54:37 +0200
Message-Id: <20191003154602.612663707@linuxfoundation.org>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20191003154533.590915454@linuxfoundation.org>
References: <20191003154533.590915454@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jan Kara <jack@suse.cz>

commit 40144e49ff84c3bd6bd091b58115257670be8803 upstream.

Hole puching currently evicts pages from page cache and then goes on to
remove blocks from the inode. This happens under both XFS_IOLOCK_EXCL
and XFS_MMAPLOCK_EXCL which provides appropriate serialization with
racing reads or page faults. However there is currently nothing that
prevents readahead triggered by fadvise() or madvise() from racing with
the hole punch and instantiating page cache page after hole punching has
evicted page cache in xfs_flush_unmap_range() but before it has removed
blocks from the inode. This page cache page will be mapping soon to be
freed block and that can lead to returning stale data to userspace or
even filesystem corruption.

Fix the problem by protecting handling of readahead requests by
XFS_IOLOCK_SHARED similarly as we protect reads.

CC: stable@vger.kernel.org
Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxjQNmxqmtA_VbYW0Su9rKRk2zobJmahcyeaEVOFKVQ5dw@mail.gmail.com/
Reported-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/xfs/xfs_file.c |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

--- a/fs/xfs/xfs_file.c
+++ b/fs/xfs/xfs_file.c
@@ -33,6 +33,7 @@
 #include <linux/pagevec.h>
 #include <linux/backing-dev.h>
 #include <linux/mman.h>
+#include <linux/fadvise.h>
 
 static const struct vm_operations_struct xfs_file_vm_ops;
 
@@ -939,6 +940,30 @@ out_unlock:
 	return error;
 }
 
+STATIC int
+xfs_file_fadvise(
+	struct file	*file,
+	loff_t		start,
+	loff_t		end,
+	int		advice)
+{
+	struct xfs_inode *ip = XFS_I(file_inode(file));
+	int ret;
+	int lockflags = 0;
+
+	/*
+	 * Operations creating pages in page cache need protection from hole
+	 * punching and similar ops
+	 */
+	if (advice == POSIX_FADV_WILLNEED) {
+		lockflags = XFS_IOLOCK_SHARED;
+		xfs_ilock(ip, lockflags);
+	}
+	ret = generic_fadvise(file, start, end, advice);
+	if (lockflags)
+		xfs_iunlock(ip, lockflags);
+	return ret;
+}
 
 STATIC loff_t
 xfs_file_remap_range(
@@ -1235,6 +1260,7 @@ const struct file_operations xfs_file_op
 	.fsync		= xfs_file_fsync,
 	.get_unmapped_area = thp_get_unmapped_area,
 	.fallocate	= xfs_file_fallocate,
+	.fadvise	= xfs_file_fadvise,
 	.remap_file_range = xfs_file_remap_range,
 };