From: Eric Biggers <ebiggers@kernel.org> To: Theodore Ts'o <tytso@mit.edu> Cc: Lee Jones <lee.jones@linaro.org>, linux-ext4@vger.kernel.org, Christoph Hellwig <hch@lst.de>, Dave Chinner <dchinner@redhat.com>, Goldwyn Rodrigues <rgoldwyn@suse.com>, "Darrick J . Wong" <darrick.wong@oracle.com>, Bob Peterson <rpeterso@redhat.com>, Damien Le Moal <damien.lemoal@wdc.com>, Andreas Gruenbacher <agruenba@redhat.com>, Ritesh Harjani <riteshh@linux.ibm.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Johannes Thumshirn <jth@kernel.org>, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, cluster-devel@redhat.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH -v2] ext4: don't BUG if kernel subsystems dirty pages without asking ext4 first Date: Fri, 25 Feb 2022 12:51:28 -0800 [thread overview] Message-ID: <YhlBUCi9O30szf6l@sol.localdomain> (raw) In-Reply-To: <Yhks88tO3Em/G370@mit.edu> On Fri, Feb 25, 2022 at 02:24:35PM -0500, Theodore Ts'o wrote: > [un]pin_user_pages_remote is dirtying pages without properly warning > the file system in advance (or faulting in the file data if the page > is not yet in the page cache). This was noted by Jan Kara in 2018[1] > and more recently has resulted in bug reports by Syzbot in various > Android kernels[2]. > > This is technically a bug in the mm/gup.c codepath, but arguably ext4 > is fragile in that a buggy get_user_pages() implementation causes ext4 > to crash, where as other file systems are not crashing (although in > some cases the user data will be lost since gup code is not properly > informing the file system to potentially allocate blocks or reserve > space when writing into a sparse portion of file). I suspect in real > life it is rare that people are using RDMA into file-backed memory, > which is why no one has complained to ext4 developers except fuzzing > programs. > > So instead of crashing with a BUG, issue a warning (since there may be > potential data loss) and just mark the page as clean to avoid > unprivileged denial of service attacks until the problem can be > properly fixed. More discussion and background can be found in the > thread starting at [2]. > > [1] https://www.spinics.net/lists/linux-mm/msg142700.html Can you use a lore link (https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz/T/#u)? > + /* > + * Should never happen but for buggy code in > + * other subsystemsa that call subsystemsa => subsystems > + * set_page_dirty() without properly warning > + * the file system first. See [1] for more > + * information. > + * > + * [1] https://www.spinics.net/lists/linux-mm/msg142700.html Likewise, lore link here. - Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org> To: cluster-devel.redhat.com Subject: [Cluster-devel] [PATCH -v2] ext4: don't BUG if kernel subsystems dirty pages without asking ext4 first Date: Fri, 25 Feb 2022 12:51:28 -0800 [thread overview] Message-ID: <YhlBUCi9O30szf6l@sol.localdomain> (raw) In-Reply-To: <Yhks88tO3Em/G370@mit.edu> On Fri, Feb 25, 2022 at 02:24:35PM -0500, Theodore Ts'o wrote: > [un]pin_user_pages_remote is dirtying pages without properly warning > the file system in advance (or faulting in the file data if the page > is not yet in the page cache). This was noted by Jan Kara in 2018[1] > and more recently has resulted in bug reports by Syzbot in various > Android kernels[2]. > > This is technically a bug in the mm/gup.c codepath, but arguably ext4 > is fragile in that a buggy get_user_pages() implementation causes ext4 > to crash, where as other file systems are not crashing (although in > some cases the user data will be lost since gup code is not properly > informing the file system to potentially allocate blocks or reserve > space when writing into a sparse portion of file). I suspect in real > life it is rare that people are using RDMA into file-backed memory, > which is why no one has complained to ext4 developers except fuzzing > programs. > > So instead of crashing with a BUG, issue a warning (since there may be > potential data loss) and just mark the page as clean to avoid > unprivileged denial of service attacks until the problem can be > properly fixed. More discussion and background can be found in the > thread starting at [2]. > > [1] https://www.spinics.net/lists/linux-mm/msg142700.html Can you use a lore link (https://lore.kernel.org/linux-mm/20180103100430.GE4911 at quack2.suse.cz/T/#u)? > + /* > + * Should never happen but for buggy code in > + * other subsystemsa that call subsystemsa => subsystems > + * set_page_dirty() without properly warning > + * the file system first. See [1] for more > + * information. > + * > + * [1] https://www.spinics.net/lists/linux-mm/msg142700.html Likewise, lore link here. - Eric
next prev parent reply other threads:[~2022-02-25 20:51 UTC|newest] Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-02-16 16:31 [REPORT] kernel BUG at fs/ext4/inode.c:2620 - page_buffers() Lee Jones 2022-02-16 16:31 ` [Cluster-devel] " Lee Jones 2022-02-18 1:06 ` John Hubbard 2022-02-18 1:06 ` [Cluster-devel] " John Hubbard 2022-02-18 4:08 ` Theodore Ts'o 2022-02-18 4:08 ` [Cluster-devel] " Theodore Ts'o 2022-02-18 6:33 ` John Hubbard 2022-02-18 6:33 ` [Cluster-devel] " John Hubbard 2022-02-23 23:31 ` Theodore Ts'o 2022-02-23 23:31 ` [Cluster-devel] " Theodore Ts'o 2022-02-24 0:44 ` John Hubbard 2022-02-24 0:44 ` [Cluster-devel] " John Hubbard 2022-02-24 4:04 ` Theodore Ts'o 2022-02-24 4:04 ` [Cluster-devel] " Theodore Ts'o 2022-02-18 7:51 ` Greg Kroah-Hartman 2022-02-18 7:51 ` [Cluster-devel] " Greg Kroah-Hartman 2022-02-23 23:35 ` Theodore Ts'o 2022-02-23 23:35 ` [Cluster-devel] " Theodore Ts'o 2022-02-24 1:48 ` Dave Chinner 2022-02-24 1:48 ` [Cluster-devel] " Dave Chinner 2022-02-24 3:50 ` Theodore Ts'o 2022-02-24 3:50 ` [Cluster-devel] " Theodore Ts'o 2022-02-24 10:29 ` Dave Chinner 2022-02-24 10:29 ` [Cluster-devel] " Dave Chinner 2022-02-18 2:54 ` Theodore Ts'o 2022-02-18 2:54 ` [Cluster-devel] " Theodore Ts'o 2022-02-18 4:24 ` Matthew Wilcox 2022-02-18 4:24 ` [Cluster-devel] " Matthew Wilcox 2022-02-18 6:03 ` Theodore Ts'o 2022-02-18 6:03 ` [Cluster-devel] " Theodore Ts'o 2022-02-25 19:24 ` [PATCH -v2] ext4: don't BUG if kernel subsystems dirty pages without asking ext4 first Theodore Ts'o 2022-02-25 19:24 ` [Cluster-devel] " Theodore Ts'o 2022-02-25 20:51 ` Eric Biggers [this message] 2022-02-25 20:51 ` Eric Biggers 2022-02-25 21:08 ` Theodore Ts'o 2022-02-25 21:08 ` [Cluster-devel] " Theodore Ts'o 2022-02-25 21:23 ` [PATCH -v3] " Theodore Ts'o 2022-02-25 21:23 ` [Cluster-devel] " Theodore Ts'o 2022-02-25 21:33 ` John Hubbard 2022-02-25 21:33 ` [Cluster-devel] " John Hubbard 2022-02-25 23:21 ` Theodore Ts'o 2022-02-25 23:21 ` [Cluster-devel] " Theodore Ts'o 2022-02-26 0:18 ` Hillf Danton 2022-02-26 0:41 ` John Hubbard 2022-02-26 0:41 ` [Cluster-devel] " John Hubbard 2022-02-26 1:40 ` Theodore Ts'o 2022-02-26 1:40 ` [Cluster-devel] " Theodore Ts'o 2022-02-26 2:00 ` Theodore Ts'o 2022-02-26 2:00 ` [Cluster-devel] " Theodore Ts'o 2022-02-26 2:55 ` John Hubbard 2022-02-26 2:55 ` [Cluster-devel] " John Hubbard 2022-03-03 4:26 ` [PATCH -v4] " Theodore Ts'o 2022-03-03 4:26 ` [Cluster-devel] " Theodore Ts'o 2022-03-03 8:21 ` Christoph Hellwig 2022-03-03 8:21 ` [Cluster-devel] " Christoph Hellwig 2022-03-03 9:21 ` Lee Jones 2022-03-03 9:21 ` [Cluster-devel] " Lee Jones 2022-03-03 14:38 ` [PATCH -v5] ext4: don't BUG if someone " Theodore Ts'o 2022-03-03 14:38 ` [Cluster-devel] " Theodore Ts'o
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YhlBUCi9O30szf6l@sol.localdomain \ --to=ebiggers@kernel.org \ --cc=agruenba@redhat.com \ --cc=cluster-devel@redhat.com \ --cc=damien.lemoal@wdc.com \ --cc=darrick.wong@oracle.com \ --cc=dchinner@redhat.com \ --cc=gregkh@linuxfoundation.org \ --cc=hch@lst.de \ --cc=jth@kernel.org \ --cc=lee.jones@linaro.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-xfs@vger.kernel.org \ --cc=rgoldwyn@suse.com \ --cc=riteshh@linux.ibm.com \ --cc=rpeterso@redhat.com \ --cc=tytso@mit.edu \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.