Re: [PATCH] ext4: Fix i_disksize exceeding i_size problem in paritally written case

From: Jan Kara <jack@suse.cz>
To: Zhihao Cheng <chengzhihao1@huawei.com>
Cc: Jan Kara <jack@suse.cz>,
	tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.com,
	tudor.ambarus@linaro.org, linux-ext4@vger.kernel.org,
	linux-kernel@vger.kernel.org, yi.zhang@huawei.com
Subject: Re: [PATCH] ext4: Fix i_disksize exceeding i_size problem in paritally written case
Date: Mon, 20 Mar 2023 17:24:46 +0100	[thread overview]
Message-ID: <20230320162446.vkqsxxcsmv4cacwa@quack3> (raw)
In-Reply-To: <48deeadf-05cd-3535-a589-907cfa252799@huawei.com>

On Mon 20-03-23 20:49:07, Zhihao Cheng wrote:
> [...]
> 
> > > BTW, I want send another patch as follows:
> > > diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> > > index bf0b7dea4900..570a687ae847 100644
> > > --- a/fs/ext4/inode.c
> > > +++ b/fs/ext4/inode.c
> > > @@ -3149,7 +3149,7 @@ static int ext4_da_write_end(struct file *file,
> > >                  return ext4_write_inline_data_end(inode, pos, len, copied,
> > > page);
> > > 
> > >          start = pos & (PAGE_SIZE - 1);
> > > -       end = start + copied - 1;
> > > +       end = start + (copied ? copied - 1 : copied);
> > > 
> > >          /*
> > >           * Since we are holding inode lock, we are sure i_disksize <=
> > > @@ -3167,7 +3167,7 @@ static int ext4_da_write_end(struct file *file,
> > >           * ext4_da_write_inline_data_end().
> > >           */
> > >          new_i_size = pos + copied;
> > > -       if (copied && new_i_size > inode->i_size &&
> > > +       if (new_i_size > inode->i_size &&
> > >              ext4_da_should_update_i_disksize(page, end))
> > >                  ext4_update_i_disksize(inode, new_i_size);
> > > 
> > > This modification handle unconsistent i_size and i_disksize imported by
> > > ea51d132dbf9 ("ext4: avoid hangs in ext4_da_should_update_i_disksize()").
> > > 
> > > Paritially written may display a fake inode size for user, for example:
> > > 
> > > 
> > > 
> > > i_disksize=1
> > > 
> > > generic_perform_write
> > > 
> > >   copied = iov_iter_copy_from_user_atomic(len) // copied = 0
> > > 
> > >   ext4_da_write_end // skip updating i_disksize
> > > 
> > >   generic_write_end
> > > 
> > >    if (pos + copied > inode->i_size) {  // 10 + 0 > 1, true
> > > 
> > >     i_size_write(inode, pos + copied);  // i_size = 10
> > > 
> > >    }
> > > 
> > > 
> > > 
> > >     0 1      10                4096
> > > 
> > >     |_|_______|_________..._____|
> > > 
> > >       |       |
> > > 
> > >      i_size  pos
> > > 
> > > 
> > > 
> > > Now, user see the i_size is 10 (i_disksize is still 1). After inode
> > > 
> > > destroyed, user will get the i_size is 1 read from disk.
> > 
> > OK, but shouldn't we rather change generic_write_end() to not increase
> > i_size if no write happened? Because that is what seems somewhat
> > problematic...
> > 
> > 								Honza
> > 
> 
> After looking through some code, I find some other places have similar
> problem:
> 1. In ext4_write_end(), i_size is updated by ext4 not generic_write_end().
> 2. The iommap framework, i_size is updated even copied is zero.
> 3. ubifs_write_end, i_size is updated even copied is zero.
> 
> It seems that fixing all places is not an easy work.

Well, yeah, probably not trivial but still desirable ;). Will you look into
that?

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR