Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp201946pxb; Fri, 20 Aug 2021 23:46:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxZaGnqWkVu2x6SkUj0CnfkxPzGS3JNYAONbeVJFWbTRvJxHfaRV/8ZMUU8/QB4QEQy8CyL X-Received: by 2002:a92:ca89:: with SMTP id t9mr16908039ilo.178.1629528412462; Fri, 20 Aug 2021 23:46:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629528412; cv=none; d=google.com; s=arc-20160816; b=jgMKSsSGN5ehkWWTu4yApqvvzRuLxNDmneWK08DojoXpEi1Mtj7otBMVJ1b28C3nxU 8KXwUvc84t/o36k2TB3jlbt70uR3hzTSwTpfewpNhOSr+s4+bYdYsVy75d/JU254RYEX h6k6PsUnqNGBPqkVDhaA2kCPC+CvDBNGIc8hGQ6ML5X6V4NwCz/ilASL8PLr7PGWvg5m IFK2chSYlBlX/HugxFG764iDa3aohnOBebZ00j6ZOzHGfQx84aW2G4aIIuRpqwMaDOzx T7RrkMSPAUKYcNTm88LgVENVWQhBYz1f8m0o6cQOFnYx6gGISDAh4Vk920m4ub49gRxc 0r8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=4SAcQKY/fyxr8Dg4BXWi72eMh++nLhh+tF73vYhNA9k=; b=EyDF0xUzQmBXh2jdwDD1hG+/xHETOH40cuYwPt0+CXMQ8vISzg7E0Ocx+wniQ3b5+t zF15tO+r48d77ybURFaFsv2vVQjNdVQKcGjiXZ6n4Fjs59ZIn0759R1gipVN1+CiW0fE p/LYpgSB73AkeCb/0gaW6Ydv5BvstWOvHIvUnMK5IYFQVzQmnoRKKUqcWDtkMzHH6aN+ bsAFl++7OyjcaASZdNFvMx9bdm9ZL6qp55s6S0hnVXqp+HpymKTKsVGQ1TEewdJJ/bL/ TaYg9EdD4TZG/31GO99F8NFcJIkjwacHCfNCminqWYlmIL1LMOC9K1GfbZRkKrYeEOKI rK4Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c203si10826688iof.54.2021.08.20.23.46.40; Fri, 20 Aug 2021 23:46:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231738AbhHUGpL (ORCPT + 99 others); Sat, 21 Aug 2021 02:45:11 -0400 Received: from szxga01-in.huawei.com ([45.249.212.187]:8757 "EHLO szxga01-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232005AbhHUGpK (ORCPT ); Sat, 21 Aug 2021 02:45:10 -0400 Received: from dggeme752-chm.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4Gs89Y2z5DzYrvc; Sat, 21 Aug 2021 14:44:01 +0800 (CST) Received: from huawei.com (10.175.127.227) by dggeme752-chm.china.huawei.com (10.3.19.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Sat, 21 Aug 2021 14:44:28 +0800 From: Zhang Yi To: CC: , , , , Subject: [PATCH v3 4/4] ext4: prevent getting empty inode buffer Date: Sat, 21 Aug 2021 14:54:50 +0800 Message-ID: <20210821065450.1397451-5-yi.zhang@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210821065450.1397451-1-yi.zhang@huawei.com> References: <20210821065450.1397451-1-yi.zhang@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggeme752-chm.china.huawei.com (10.3.19.98) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org In ext4_get_inode_loc(), we may skip IO and get an zero && uptodate inode buffer when the inode monopolize an inode block for performance reason. For most cases, ext4_mark_iloc_dirty() will fill the inode buffer to make it fine, but we could miss this call if something bad happened. Finally, __ext4_get_inode_loc_noinmem() may probably get an empty inode buffer and trigger ext4 error. For example, if we remove a nonexistent xattr on inode A, ext4_xattr_set_handle() will return ENODATA before invoking ext4_mark_iloc_dirty(), it will left an uptodate but zero buffer. We will get checksum error message in ext4_iget() when getting inode again. EXT4-fs error (device sda): ext4_lookup:1784: inode #131074: comm cat: iget: checksum invalid Even worse, if we allocate another inode B at the same inode block, it will corrupt the inode A on disk when write back inode B. So this patch postpone the initialization and mark buffer uptodate logic until shortly before we fill correct inode data in ext4_do_update_inode() if skip read I/O, ensure the buffer is really uptodate. Signed-off-by: Zhang Yi Reviewed-by: Jan Kara --- fs/ext4/inode.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 8323d3e8f393..000abb5696b0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4367,9 +4367,12 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, } brelse(bitmap_bh); if (i == start + inodes_per_block) { - /* all other inodes are free, so skip I/O */ - memset(bh->b_data, 0, bh->b_size); - set_buffer_uptodate(bh); + /* + * All other inodes are free, skip I/O. Return + * uninitialized buffer immediately, initialization + * is postponed until shortly before we fill inode + * contents. + */ unlock_buffer(bh); goto has_buffer; } @@ -5028,6 +5031,24 @@ static int ext4_do_update_inode(handle_t *handle, gid_t i_gid; projid_t i_projid; + /* + * If the buffer is not uptodate, it means all information of the + * inode is in memory and we got this buffer without reading the + * block. We must be cautious that once we mark the buffer as + * uptodate, we rely on filling in the correct inode data later + * in this function. Otherwise if we left uptodate buffer without + * copying proper inode contents, we could corrupt the inode on + * disk after allocating another inode in the same block. + */ + if (!buffer_uptodate(bh)) { + lock_buffer(bh); + if (!buffer_uptodate(bh)) { + memset(bh->b_data, 0, bh->b_size); + set_buffer_uptodate(bh); + } + unlock_buffer(bh); + } + spin_lock(&ei->i_raw_lock); /* -- 2.31.1