Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4591692pxj;
        Wed, 12 May 2021 08:50:44 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyukL852igykWBUyR06z2GYP02Efq7Yk6AWBV0GgKzQG66h35+0eWowvv+T7OO6NNgfWjSq
X-Received: by 2002:a17:906:9246:: with SMTP id c6mr39101310ejx.10.1620834644752;
        Wed, 12 May 2021 08:50:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620834644; cv=none;
        d=google.com; s=arc-20160816;
        b=VHfJ/MKTbm6n2Ud7jJ8iUYv/ZJpwfH/UoZpAuP6uASUJTs24Nhezp/4XQ80D8XBpH8
         9FRuGTFkNSiDNc6NlnZ4fOTesTRsyzmf5I8G7fetD8LKapjThDdzNysYdYrkZPpqcpXh
         8ndQTRlAMdf/taBoVnCz40+8uqIivOCibPMRgp4jAMZLtiFGTX7BZlBHuHOKNOafBFIh
         iBNzKwREDQtzLBefpW5Cxj/PTvIQhatO9+QWrTJ9puGwt9h77uNfjhVkWf7ZOsc2M+XC
         AZL+Ph0jf0KUQ0CF9sOcep2gLpdbMUVTO0NI2avBcyYG6qWnL/86AH/HHgG+nD5Xx4pE
         X5cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=iY4wgvfRa06L3ZtNsPYW0mfJyyrHCRhlvETBZgFI+/k=;
        b=AdgufJBRW7Oe4epPdd4FtgYSqwuvJ+UdxG5HxKZiQtADhrSWAabwHnOvX+UVC3dC1D
         vRzkZmnFNpHomioX4beeNXJjRCl8ZQGJuYicyboLNxLdiWoKD/4U9pihxNmIRUe7YEPI
         t2W0NScM/S1yJrvJ6vGO0007ow+JHzXB7hHQYW86m1wYGn+E7kQh65YweCu81sLYjUb4
         EtSYj8UwCKkNDG4AhGAoV5WkkMAGABXZdVADMYeagTO20bTnjgfVKxHO+lOhIJYNxauK
         focwz6lPFhI3yq1M0eOfE0D6ExsZdu6iFfpW/yML9yGVtQgEoNHxBGSHY+7zM8sYao6i
         NUzg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RzoUHhzF;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ss21si313286ejb.390.2021.05.12.08.50.18;
        Wed, 12 May 2021 08:50:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RzoUHhzF;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232296AbhELPvH (ORCPT <rfc822;blucerlee@gmail.com> + 99 others);
        Wed, 12 May 2021 11:51:07 -0400
Received: from mail.kernel.org ([198.145.29.99]:57182 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S236425AbhELPhx (ORCPT <rfc822;linux-ext4@vger.kernel.org>);
        Wed, 12 May 2021 11:37:53 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 3FE946199C;
        Wed, 12 May 2021 15:19:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1620832786;
        bh=T6Lawv7Kod9ZP9zSPqwbupin2WcFezRDjXSRCBkOee4=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=RzoUHhzFYiv2mtULMxmuDjagPgzgmkXMANmRZzUsOFxZe0EJoOdJoI3UeoFiOgeLS
         ZyA4AxCMiJhrZA/Fiju1k5YBKiFqLSd9zFJtLQACa78I5W1/6MkA8ZnX0EzN5LKkyF
         SJNsE13kpG0/OVLi7EdkVnW6rECToZBiP5iqhnvpFcE9ZXjTvFiD1aTtp3gOHHUGfM
         fMXm3oeOLg7xhFSqSKUwpvfbZQOt2+gfmyDcCcL5Hr2CdCCFrzzcCHc1yY4SOzKPzC
         rYL6CqUJiyBelQ3xfS/7gnKKMEptiDJdQ4f1xx072iW3pINIo74zk93ewlLedh1V5h
         p+g3aZCSUx3CQ==
Message-ID: <bc8f0ab096e1a7d8ba29655247de7b2c2abfd5f1.camel@kernel.org>
Subject: Re: [PATCH 10/11] ceph: Fix race between hole punch and page fault
From:   Jeff Layton <jlayton@kernel.org>
To:     Jan Kara <jack@suse.cz>, linux-fsdevel@vger.kernel.org,
        Ilya Dryomov <idryomov@gmail.com>
Cc:     Christoph Hellwig <hch@infradead.org>,
        Dave Chinner <david@fromorbit.com>, ceph-devel@vger.kernel.org,
        Chao Yu <yuchao0@huawei.com>,
        Damien Le Moal <damien.lemoal@wdc.com>,
        "Darrick J. Wong" <darrick.wong@oracle.com>,
        Jaegeuk Kim <jaegeuk@kernel.org>,
        Johannes Thumshirn <jth@kernel.org>,
        linux-cifs@vger.kernel.org, linux-ext4@vger.kernel.org,
        linux-f2fs-devel@lists.sourceforge.net, linux-mm@kvack.org,
        linux-xfs@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
        Steve French <sfrench@samba.org>, Ted Tso <tytso@mit.edu>,
        Matthew Wilcox <willy@infradead.org>
Date:   Wed, 12 May 2021 11:19:42 -0400
In-Reply-To: <20210512134631.4053-10-jack@suse.cz>
References: <20210512101639.22278-1-jack@suse.cz>
         <20210512134631.4053-10-jack@suse.cz>
Content-Type: text/plain; charset="ISO-8859-15"
User-Agent: Evolution 3.40.1 (3.40.1-1.fc34) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

On Wed, 2021-05-12 at 15:46 +0200, Jan Kara wrote:
> Ceph has a following race between hole punching and page fault:
> 
> CPU1                                  CPU2
> ceph_fallocate()
>   ...
>   ceph_zero_pagecache_range()
>                                       ceph_filemap_fault()
>                                         faults in page in the range being
>                                         punched
>   ceph_zero_objects()
> 
> And now we have a page in punched range with invalid data. Fix the
> problem by using mapping->invalidate_lock similarly to other
> filesystems. Note that using invalidate_lock also fixes a similar race
> wrt ->readpage().
> 
> CC: Jeff Layton <jlayton@kernel.org>
> CC: ceph-devel@vger.kernel.org
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  fs/ceph/addr.c | 9 ++++++---
>  fs/ceph/file.c | 2 ++
>  2 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
> index c1570fada3d8..6d868faf97b5 100644
> --- a/fs/ceph/addr.c
> +++ b/fs/ceph/addr.c
> @@ -1401,9 +1401,11 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf)
>  		ret = VM_FAULT_SIGBUS;
>  	} else {
>  		struct address_space *mapping = inode->i_mapping;
> -		struct page *page = find_or_create_page(mapping, 0,
> -						mapping_gfp_constraint(mapping,
> -						~__GFP_FS));
> +		struct page *page;
> +
> +		down_read(&mapping->invalidate_lock);
> +		page = find_or_create_page(mapping, 0,
> +				mapping_gfp_constraint(mapping, ~__GFP_FS));
>  		if (!page) {
>  			ret = VM_FAULT_OOM;
>  			goto out_inline;
> @@ -1424,6 +1426,7 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf)
>  		vmf->page = page;
>  		ret = VM_FAULT_MAJOR | VM_FAULT_LOCKED;
>  out_inline:
> +		up_read(&mapping->invalidate_lock);
>  		dout("filemap_fault %p %llu read inline data ret %x\n",
>  		     inode, off, ret);
>  	}
> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> index 77fc037d5beb..91693d8b458e 100644
> --- a/fs/ceph/file.c
> +++ b/fs/ceph/file.c
> @@ -2083,6 +2083,7 @@ static long ceph_fallocate(struct file *file, int mode,
>  	if (ret < 0)
>  		goto unlock;
>  
> +	down_write(&inode->i_mapping->invalidate_lock);
>  	ceph_zero_pagecache_range(inode, offset, length);
>  	ret = ceph_zero_objects(inode, offset, length);
>  
> @@ -2095,6 +2096,7 @@ static long ceph_fallocate(struct file *file, int mode,
>  		if (dirty)
>  			__mark_inode_dirty(inode, dirty);
>  	}
> +	up_write(&inode->i_mapping->invalidate_lock);
>  
>  	ceph_put_cap_refs(ci, got);
>  unlock:

Assuming the basic concept is sound, then this looks reasonable. 

Reviewed-by: Jeff Layton <jlayton@kernel.org>