linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Jan Kara <jack@suse.cz>
To: Nikolay Borisov <nborisov@suse.com>
Cc: Dave Chinner <david@fromorbit.com>, Jan Kara <jack@suse.cz>,
	Amir Goldstein <amir73il@gmail.com>,
	Andreas Gruenbacher <agruenba@redhat.com>,
	Theodore Tso <tytso@mit.edu>,
	Martin Brandenburg <martin@omnibond.com>,
	Mike Marshall <hubcap@omnibond.com>,
	Damien Le Moal <damien.lemoal@wdc.com>,
	Jaegeuk Kim <jaegeuk@kernel.org>,
	Qiuyang Sun <sunqiuyang@huawei.com>,
	linux-xfs <linux-xfs@vger.kernel.org>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Linux MM <linux-mm@kvack.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	Matthew Wilcox <willy@infradead.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	"Kirill A. Shutemov" <kirill@shutemov.name>,
	Andrew Morton <akpm@linux-foundation.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	nborisov@suse.de
Subject: Re: More filesystem need this fix (xfs: use MMAPLOCK around filemap_map_pages())
Date: Thu, 17 Sep 2020 09:40:30 +0200	[thread overview]
Message-ID: <20200917074030.GA9555@quack2.suse.cz> (raw)
In-Reply-To: <df9eb392-8b86-591a-b1be-535a13b874d9@suse.com>

On Thu 17-09-20 08:37:17, Nikolay Borisov wrote:
> On 17.09.20 г. 4:44 ч., Dave Chinner wrote:
> > On Wed, Sep 16, 2020 at 05:58:51PM +0200, Jan Kara wrote:
> >> On Sat 12-09-20 09:19:11, Amir Goldstein wrote:
> >>> On Tue, Jun 23, 2020 at 8:21 AM Dave Chinner <david@fromorbit.com> wrote:
> 
> <snip>
> 
> > 
> > So....
> > 
> > P0					p1
> > 
> > hole punch starts
> >   takes XFS_MMAPLOCK_EXCL
> >   truncate_pagecache_range()
> >     unmap_mapping_range(start, end)
> >       <clears ptes>
> > 					<read fault>
> > 					do_fault_around()
> > 					  ->map_pages
> > 					    filemap_map_pages()
> > 					      page mapping valid,
> > 					      page is up to date
> > 					      maps PTEs
> > 					<fault done>
> >     truncate_inode_pages_range()
> >       truncate_cleanup_page(page)
> >         invalidates page
> >       delete_from_page_cache_batch(page)
> >         frees page
> > 					<pte now points to a freed page>
> > 
> > That doesn't seem good to me.
> > 
> > Sure, maybe the page hasn't been freed back to the free lists
> > because of elevated refcounts. But it's been released by the
> > filesystem and not longer in the page cache so nothing good can come
> > of this situation...
> > 
> > AFAICT, this race condition exists for the truncate case as well
> > as filemap_map_pages() doesn't have a "page beyond inode size" check
> > in it. 
> 
> (It's not relevant to the discussion at hand but for the sake of
> completeness):
> 
> It does have a check:
> 
>  max_idx = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE);
>  if (page->index >= max_idx)
>       goto unlock;

Yes, but this does something meaningful only for truncate. For other
operations such as hole punch this check doesn't bring anything. That's why
only filesystems supporting hole punching and similar advanced operations
need an equivalent of mmap_lock.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR


      reply	other threads:[~2020-09-17  7:40 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20200623052059.1893966-1-david@fromorbit.com>
2020-09-12  6:19 ` More filesystem need this fix (xfs: use MMAPLOCK around filemap_map_pages()) Amir Goldstein
2020-09-14 11:35   ` Jan Kara
2020-09-14 12:29     ` Andreas Gruenbacher
2020-09-16 15:58   ` Jan Kara
2020-09-17  1:44     ` Dave Chinner
2020-09-17  2:04       ` Hugh Dickins
2020-09-17  6:45         ` Dave Chinner
2020-09-17  7:47           ` Hugh Dickins
2020-09-21  8:26             ` Dave Chinner
2020-09-21  9:11               ` Jan Kara
2020-09-21 16:20                 ` Linus Torvalds
2020-09-21 17:59                   ` Matthew Wilcox
2020-09-22  7:54                     ` Jan Kara
2020-09-17  3:01       ` Matthew Wilcox
2020-09-17  5:37       ` Nikolay Borisov
2020-09-17  7:40         ` Jan Kara [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200917074030.GA9555@quack2.suse.cz \
    --to=jack@suse.cz \
    --cc=agruenba@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=amir73il@gmail.com \
    --cc=damien.lemoal@wdc.com \
    --cc=david@fromorbit.com \
    --cc=hubcap@omnibond.com \
    --cc=jaegeuk@kernel.org \
    --cc=kirill@shutemov.name \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=martin@omnibond.com \
    --cc=nborisov@suse.com \
    --cc=nborisov@suse.de \
    --cc=sunqiuyang@huawei.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).