[PATCH openEuler-22.03-LTS-SP1 0/3] ext4 bugfix from mainline

List overview All Threads
Download

newer

older

[PATCH OLK-5.10 0/3] ext4 bugfix...

[PATCH openEuler-22.03-LTS-SP1...

Yang Erkun

6 Jun 2024 6 Jun '24

3:12 p.m.

Christoph Hellwig (1): iomap: update ki_pos a little later in iomap_dio_complete

Jan Kara (2): ext4: properly sync file size update after O_SYNC direct IO ext4: fix warning in ext4_dio_write_end_io()

fs/ext4/file.c | 154 +++++++++++++++++++------------------------ fs/iomap/direct-io.c | 19 +++--- 2 files changed, 78 insertions(+), 95 deletions(-)

-- 2.39.2

Show replies by date

Yang Erkun

6 Jun 6 Jun

3:12 p.m.

New subject: [PATCH openEuler-22.03-LTS-SP1 1/3] iomap: update ki_pos a little later in iomap_dio_complete

From: Christoph Hellwig hch@lst.de

mainline inclusion from mainline-v6.4-rc6 commit 936e114a245b6e38e0dbf706a67e7611fc993da1 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9VOEK

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

Move the ki_pos update down a bit to prepare for a better common helper that invalidates pages based of an iocb.

Link: https://lkml.kernel.org/r/20230601145904.1385409-3-hch@lst.de Signed-off-by: Christoph Hellwig hch@lst.de Reviewed-by: Damien Le Moal dlemoal@kernel.org Reviewed-by: Hannes Reinecke hare@suse.de Reviewed-by: Darrick J. Wong djwong@kernel.org Cc: Al Viro viro@zeniv.linux.org.uk Cc: Andreas Gruenbacher agruenba@redhat.com Cc: Anna Schumaker anna@kernel.org Cc: Chao Yu chao@kernel.org Cc: Christian Brauner brauner@kernel.org Cc: Ilya Dryomov idryomov@gmail.com Cc: Jaegeuk Kim jaegeuk@kernel.org Cc: Jens Axboe axboe@kernel.dk Cc: Johannes Thumshirn johannes.thumshirn@wdc.com Cc: Matthew Wilcox willy@infradead.org Cc: Miklos Szeredi miklos@szeredi.hu Cc: Miklos Szeredi mszeredi@redhat.com Cc: Theodore Ts'o tytso@mit.edu Cc: Trond Myklebust trond.myklebust@hammerspace.com Cc: Xiubo Li xiubli@redhat.com Signed-off-by: Andrew Morton akpm@linux-foundation.org

Conflicts: fs/iomap/direct-io.c [4fdccaa0d184 ("iomap: Add done_before argument to iomap_dio_rw") not merged] Signed-off-by: Yang Erkun yangerkun@huawei.com --- fs/iomap/direct-io.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c index 892a4f8109e5..ad12ffcc5085 100644 --- a/fs/iomap/direct-io.c +++ b/fs/iomap/direct-io.c @@ -94,7 +94,6 @@ ssize_t iomap_dio_complete(struct iomap_dio *dio) if (offset + ret > dio->i_size && !(dio->flags & IOMAP_DIO_WRITE)) ret = dio->i_size - offset; - iocb->ki_pos += ret; }

/* @@ -121,13 +120,17 @@ ssize_t iomap_dio_complete(struct iomap_dio *dio) }

inode_dio_end(file_inode(iocb->ki_filp)); - /* - * If this is a DSYNC write, make sure we push it to stable storage now - * that we've written data. - */ - if (ret > 0 && (dio->flags & IOMAP_DIO_NEED_SYNC)) { - WARN_ON_ONCE(dio->flags & IOMAP_DIO_INLINE_COMP); - ret = generic_write_sync(iocb, ret); + if (ret > 0) { + iocb->ki_pos += ret; + + /* + * If this is a DSYNC write, make sure we push it to stable + * storage now that we've written data. + */ + if (dio->flags & IOMAP_DIO_NEED_SYNC) { + WARN_ON_ONCE(dio->flags & IOMAP_DIO_INLINE_COMP); + ret = generic_write_sync(iocb, ret); + } }

kfree(dio);

-- 2.39.2

Yang Erkun

3:12 p.m.

New subject: [PATCH openEuler-22.03-LTS-SP1 2/3] ext4: properly sync file size update after O_SYNC direct IO

From: Jan Kara jack@suse.cz

mainline inclusion from mainline-v6.7-rc1 commit 91562895f8030cb9a0470b1db49de79346a69f91 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9VOEK

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

Gao Xiang has reported that on ext4 O_SYNC direct IO does not properly sync file size update and thus if we crash at unfortunate moment, the file can have smaller size although O_SYNC IO has reported successful completion. The problem happens because update of on-disk inode size is handled in ext4_dio_write_iter() *after* iomap_dio_rw() (and thus dio_complete() in particular) has returned and generic_file_sync() gets called by dio_complete(). Fix the problem by handling on-disk inode size update directly in our ->end_io completion handler.

References: https://lore.kernel.org/all/02d18236-26ef-09b0-90ad-030c4fe3ee20@linux.aliba... Reported-by: Gao Xiang hsiangkao@linux.alibaba.com CC: stable@vger.kernel.org Fixes: 378f32bab371 ("ext4: introduce direct I/O write using iomap infrastructure") Signed-off-by: Jan Kara jack@suse.cz Tested-by: Joseph Qi joseph.qi@linux.alibaba.com Reviewed-by: "Ritesh Harjani (IBM)" ritesh.list@gmail.com Link: https://lore.kernel.org/r/20231013121350.26872-1-jack@suse.cz Signed-off-by: Theodore Ts'o tytso@mit.edu

Conflicts: fs/ext4/file.c [Context inconsistencies, not logical conflicts] Signed-off-by: Yang Erkun yangerkun@huawei.com --- fs/ext4/file.c | 152 +++++++++++++++++++++---------------------------- 1 file changed, 65 insertions(+), 87 deletions(-)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c index eb9f377b6ed6..2f7e0f673b55 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -289,80 +289,38 @@ static ssize_t ext4_buffered_write_iter(struct kiocb *iocb, }

static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset, - ssize_t written, size_t count) + ssize_t count) { handle_t *handle; - bool truncate = false; - u8 blkbits = inode->i_blkbits; - ext4_lblk_t written_blk, end_blk; - int ret; - - /* - * Note that EXT4_I(inode)->i_disksize can get extended up to - * inode->i_size while the I/O was running due to writeback of delalloc - * blocks. But, the code in ext4_iomap_alloc() is careful to use - * zeroed/unwritten extents if this is possible; thus we won't leave - * uninitialized blocks in a file even if we didn't succeed in writing - * as much as we intended. - */ - WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize); - if (offset + count <= EXT4_I(inode)->i_disksize) { - /* - * We need to ensure that the inode is removed from the orphan - * list if it has been added prematurely, due to writeback of - * delalloc blocks. - */ - if (!list_empty(&EXT4_I(inode)->i_orphan) && inode->i_nlink) { - handle = ext4_journal_start(inode, EXT4_HT_INODE, 2); - - if (IS_ERR(handle)) { - ext4_orphan_del(NULL, inode); - return PTR_ERR(handle); - } - - ext4_orphan_del(handle, inode); - ext4_journal_stop(handle); - } - - return written; - } - - if (written < 0) - goto truncate;

+ lockdep_assert_held_write(&inode->i_rwsem); handle = ext4_journal_start(inode, EXT4_HT_INODE, 2); - if (IS_ERR(handle)) { - written = PTR_ERR(handle); - goto truncate; - } + if (IS_ERR(handle)) + return PTR_ERR(handle);

- if (ext4_update_inode_size(inode, offset + written)) { - ret = ext4_mark_inode_dirty(handle, inode); + if (ext4_update_inode_size(inode, offset + count)) { + int ret = ext4_mark_inode_dirty(handle, inode); if (unlikely(ret)) { - written = ret; ext4_journal_stop(handle); - goto truncate; + return ret; } }

- /* - * We may need to truncate allocated but not written blocks beyond EOF. - */ - written_blk = ALIGN(offset + written, 1 << blkbits); - end_blk = ALIGN(offset + count, 1 << blkbits); - if (written_blk < end_blk && ext4_can_truncate(inode)) - truncate = true; - - /* - * Remove the inode from the orphan list if it has been extended and - * everything went OK. - */ - if (!truncate && inode->i_nlink) + if (inode->i_nlink) ext4_orphan_del(handle, inode); ext4_journal_stop(handle);

- if (truncate) { -truncate: + return count; +} + +/* + * Clean up the inode after DIO or DAX extending write has completed and the + * inode size has been updated using ext4_handle_inode_extension(). + */ +static void ext4_inode_extension_cleanup(struct inode *inode, ssize_t count) +{ + lockdep_assert_held_write(&inode->i_rwsem); + if (count < 0) { ext4_truncate_failed_write(inode); /* * If the truncate operation failed early, then the inode may @@ -371,9 +329,28 @@ static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset, */ if (inode->i_nlink) ext4_orphan_del(NULL, inode); + return; } + /* + * If i_disksize got extended due to writeback of delalloc blocks while + * the DIO was running we could fail to cleanup the orphan list in + * ext4_handle_inode_extension(). Do it now. + */ + if (!list_empty(&EXT4_I(inode)->i_orphan) && inode->i_nlink) { + handle_t *handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);

- return written; + if (IS_ERR(handle)) { + /* + * The write has successfully completed. Not much to + * do with the error here so just cleanup the orphan + * list and hope for the best. + */ + ext4_orphan_del(NULL, inode); + return; + } + ext4_orphan_del(handle, inode); + ext4_journal_stop(handle); + } }

static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size, @@ -382,31 +359,22 @@ static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size, loff_t pos = iocb->ki_pos; struct inode *inode = file_inode(iocb->ki_filp);

+ if (!error && size && flags & IOMAP_DIO_UNWRITTEN) + error = ext4_convert_unwritten_extents(NULL, inode, pos, size); if (error) return error; - - if (size && flags & IOMAP_DIO_UNWRITTEN) { - error = ext4_convert_unwritten_extents(NULL, inode, pos, size); - if (error < 0) - return error; - } /* - * If we are extending the file, we have to update i_size here before - * page cache gets invalidated in iomap_dio_rw(). Otherwise racing - * buffered reads could zero out too much from page cache pages. Update - * of on-disk size will happen later in ext4_dio_write_iter() where - * we have enough information to also perform orphan list handling etc. - * Note that we perform all extending writes synchronously under - * i_rwsem held exclusively so i_size update is safe here in that case. - * If the write was not extending, we cannot see pos > i_size here - * because operations reducing i_size like truncate wait for all - * outstanding DIO before updating i_size. + * Note that EXT4_I(inode)->i_disksize can get extended up to + * inode->i_size while the I/O was running due to writeback of delalloc + * blocks. But the code in ext4_iomap_alloc() is careful to use + * zeroed/unwritten extents if this is possible; thus we won't leave + * uninitialized blocks in a file even if we didn't succeed in writing + * as much as we intended. */ - pos += size; - if (pos > i_size_read(inode)) - i_size_write(inode, pos); - - return 0; + WARN_ON_ONCE(i_size_read(inode) < READ_ONCE(EXT4_I(inode)->i_disksize)); + if (pos + size <= READ_ONCE(EXT4_I(inode)->i_disksize)) + return size; + return ext4_handle_inode_extension(inode, pos, size); }

static const struct iomap_dio_ops ext4_dio_write_ops = { @@ -595,8 +563,16 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from) if (ret == -ENOTBLK) ret = 0;

- if (extend) - ret = ext4_handle_inode_extension(inode, offset, ret, count); + if (extend) { + /* + * We always perform extending DIO write synchronously so by + * now the IO is completed and ext4_handle_inode_extension() + * was called. Cleanup the inode in case of error or race with + * writeback of delalloc blocks. + */ + WARN_ON_ONCE(ret == -EIOCBQUEUED); + ext4_inode_extension_cleanup(inode, ret); + }

out: if (ilock_shared) @@ -677,8 +653,10 @@ ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from)

ret = dax_iomap_rw(iocb, from, &ext4_iomap_ops);

- if (extend) - ret = ext4_handle_inode_extension(inode, offset, ret, count); + if (extend) { + ret = ext4_handle_inode_extension(inode, offset, ret); + ext4_inode_extension_cleanup(inode, ret); + } out: inode_unlock(inode); if (ret > 0)

-- 2.39.2

Yang Erkun

3:12 p.m.

New subject: [PATCH openEuler-22.03-LTS-SP1 3/3] ext4: fix warning in ext4_dio_write_end_io()

From: Jan Kara jack@suse.cz

mainline inclusion from mainline-v6.7-rc2 commit 619f75dae2cf117b1d07f27b046b9ffb071c4685 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9VOEK

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

The syzbot has reported that it can hit the warning in ext4_dio_write_end_io() because i_size < i_disksize. Indeed the reproducer creates a race between DIO IO completion and truncate expanding the file and thus ext4_dio_write_end_io() sees an inconsistent inode state where i_disksize is already updated but i_size is not updated yet. Since we are careful when setting up DIO write and consider it extending (and thus performing the IO synchronously with i_rwsem held exclusively) whenever it goes past either of i_size or i_disksize, we can use the same test during IO completion without risking entering ext4_handle_inode_extension() without i_rwsem held. This way we make it obvious both i_size and i_disksize are large enough when we report DIO completion without relying on unreliable WARN_ON.

Reported-by: syzbot+47479b71cdfc78f56d30@syzkaller.appspotmail.com Fixes: 91562895f803 ("ext4: properly sync file size update after O_SYNC direct IO") Signed-off-by: Jan Kara jack@suse.cz Reviewed-by: Ritesh Harjani (IBM) ritesh.list@gmail.com Link: https://lore.kernel.org/r/20231130095653.22679-1-jack@suse.cz Signed-off-by: Theodore Ts'o tytso@mit.edu Signed-off-by: Yang Erkun yangerkun@huawei.com --- fs/ext4/file.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 2f7e0f673b55..2639c320c972 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -332,9 +332,10 @@ static void ext4_inode_extension_cleanup(struct inode *inode, ssize_t count) return; } /* - * If i_disksize got extended due to writeback of delalloc blocks while - * the DIO was running we could fail to cleanup the orphan list in - * ext4_handle_inode_extension(). Do it now. + * If i_disksize got extended either due to writeback of delalloc + * blocks or extending truncate while the DIO was running we could fail + * to cleanup the orphan list in ext4_handle_inode_extension(). Do it + * now. */ if (!list_empty(&EXT4_I(inode)->i_orphan) && inode->i_nlink) { handle_t *handle = ext4_journal_start(inode, EXT4_HT_INODE, 2); @@ -369,10 +370,11 @@ static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size, * blocks. But the code in ext4_iomap_alloc() is careful to use * zeroed/unwritten extents if this is possible; thus we won't leave * uninitialized blocks in a file even if we didn't succeed in writing - * as much as we intended. + * as much as we intended. Also we can race with truncate or write + * expanding the file so we have to be a bit careful here. */ - WARN_ON_ONCE(i_size_read(inode) < READ_ONCE(EXT4_I(inode)->i_disksize)); - if (pos + size <= READ_ONCE(EXT4_I(inode)->i_disksize)) + if (pos + size <= READ_ONCE(EXT4_I(inode)->i_disksize) && + pos + size <= i_size_read(inode)) return size; return ext4_handle_inode_extension(inode, pos, size); }

-- 2.39.2

patchwork bot

3:17 p.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/8743 邮件列表地址：https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/Y...

FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/8743 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/Y...

120

Age (days ago)

120

Last active (days ago)

kernel@openeuler.org

4 comments

2 participants

tags (0)

participants (2)

patchwork bot
Yang Erkun