Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp514116ybv; Wed, 19 Feb 2020 04:09:28 -0800 (PST) X-Google-Smtp-Source: APXvYqz6JZWDbEAozfI6Ki8WEJ370cAT6C39kzuELdEjCsLDku7QvYUAVzua+aaYQoHO14pJ+pmy X-Received: by 2002:a9d:6183:: with SMTP id g3mr19438973otk.304.1582114168055; Wed, 19 Feb 2020 04:09:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582114168; cv=none; d=google.com; s=arc-20160816; b=vZwaTU4bAjB0CAOU14uU6gEGXyRJ1KrXenyESZ3thbSf/iwHU5gRygazqVgKl+PIXT hri0iZLH0Huhw6TuPTkMvhTekfF5uZotWEjUU7/YHpVdofxOehy4Ej/2A89aqlF5iuIH IadADp1IwxihZPMWasJcn0BuAd0u6kTrZj/JFXtC4SUnJncbeX+6m0lo9n7LJDL7+UDW brBqstI3NOiHz9GyddsP5zE7X6x/WS1kCW6vJrOFa+r9ooy8gTwLyLWpfFONKCDyuoy/ iBlRTWmur+0BWpDNfjKVFN5Twp4YiY786HoZyfkjw/dc/oAhPEeANzlaqxjA0OHLDWko gOIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :reply-to:message-id:subject:cc:to:from:date; bh=cb9uD5Yhq5HP2XTaUKMN6ecsOWUXU1to8TbhPD1uS6Y=; b=imVewy6c1mTRNA/+4R70kmt4moD4FhcKDVuIWlgurHnd7h0BDtxTWzO3bDR1T8VBog kqMwskj0KL0YJW47pZJgX3DUSbO73ZCz1Y6/ozQtUvBz5uLbJFOAvqiWGrq29vNFcO9/ 57gFdsJwzfhGC7UuM4R3feRX08jvacZdbiQ3MfzJw8icJ3C0cYUx1hzhwEKmuIYQUYHX aJvlS8Y2lKHu8FBFQSq6qzLoSdQaccTnS7F1pR7rE9hxY30Jh3YAJPAhZef63CBb9ddv TIouwtq1zODs1VkVCaWK/qoMY/QsZC8kGAUKceU+MfuvHur3FWEu/ioncEmchJUHWIC1 WpUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f16si9954656oib.269.2020.02.19.04.09.12; Wed, 19 Feb 2020 04:09:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727161AbgBSMJD (ORCPT + 99 others); Wed, 19 Feb 2020 07:09:03 -0500 Received: from mx2.suse.de ([195.135.220.15]:57664 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726495AbgBSMJC (ORCPT ); Wed, 19 Feb 2020 07:09:02 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 22A5EBC45; Wed, 19 Feb 2020 12:09:01 +0000 (UTC) Received: by ds.suse.cz (Postfix, from userid 10065) id 08FB3DA838; Wed, 19 Feb 2020 13:08:43 +0100 (CET) Date: Wed, 19 Feb 2020 13:08:43 +0100 From: David Sterba To: Qian Cai Cc: viro@zeniv.linux.org.uk, hch@infradead.org, darrick.wong@oracle.com, elver@google.com, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fs: fix a data race in i_size_write/i_size_read Message-ID: <20200219120843.GU2902@twin.jikos.cz> Reply-To: dsterba@suse.cz Mail-Followup-To: dsterba@suse.cz, Qian Cai , viro@zeniv.linux.org.uk, hch@infradead.org, darrick.wong@oracle.com, elver@google.com, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20200219040426.1140-1-cai@lca.pw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200219040426.1140-1-cai@lca.pw> User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 18, 2020 at 11:04:26PM -0500, Qian Cai wrote: > inode::i_size could be accessed concurently as noticed by KCSAN, > > BUG: KCSAN: data-race in iomap_do_writepage / iomap_write_end > > The write is protected by exclusive inode::i_rwsem (in > xfs_file_buffered_aio_write()) but the read is not. A shattered value > could introduce a logic bug. Fixed it using a pair of WRITE/READ_ONCE(). We had a different problem with lack of READ_ONCE/WRITE_ONCE for i_size, the fix was the same though. There was i_size_read(inode) used in max() macro and compiled code two reads (unlocked), and this led to a race when where different value was checked and then used. The thread: https://lore.kernel.org/linux-fsdevel/20191011202050.8656-1-josef@toxicpanda.com/ We had to apply a workaround to btrfs code because the generic fix was not merged, even with several reviews and fixing a real bug. The report from KCSAN seems to require some sort of splitting the values. What we saw happened on 64bit platform without that effect so I'd call that a more likely to happen because the pattern max(i_size_read(inode), ...) is not something we'd instinctively consider unsafe.