[PATCH] fs: make generic_block_fiemap sig-tolerant

[PATCH] fs: make generic_block_fiemap sig-tolerant

[Dmitry Monakhov]

__generic_block_fiemap may spin very long time for large sparse files.

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
---
 fs/ioctl.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/fs/ioctl.c b/fs/ioctl.c
index 8ac3fad..6fbeb68 100644
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode,
 				past_eof = true;
 		}
 		cond_resched();
+		if (fatal_signal_pending(current)) {
+			ret = -EINTR;
+			break;
+		}
+
 	} while (1);
 
 	/* If ret is 1 then we just hit the end of the extent array */
-- 
1.7.1

Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING...

[Dmitry Monakhov]

[-- Attachment #1: Type: text/plain, Size: 964 bytes --]

Andrew can you please get this patch. IMHO it is simple and clean.
BTW: W/o patch unprivileged may abuse system resources simply by spawning
wast number of unkilable busyloops (works on ext2/ext3):

truncate --size 1T test
for ((i=0;i<1024;i++))
do
        filefrag test > /dev/null &
done

> __generic_block_fiemap may spin very long time for large sparse files.
>
> Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
> ---
>  fs/ioctl.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/fs/ioctl.c b/fs/ioctl.c
> index 8ac3fad..6fbeb68 100644
> --- a/fs/ioctl.c
> +++ b/fs/ioctl.c
> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode,
>  				past_eof = true;
>  		}
>  		cond_resched();
> +		if (fatal_signal_pending(current)) {
> +			ret = -EINTR;
> +			break;
> +		}
> +
>  	} while (1);
>  
>  	/* If ret is 1 then we just hit the end of the extent array */
> -- 
> 1.7.1

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 472 bytes --]

Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2...

[Dmitry Monakhov]

[-- Attachment #1: Type: text/plain, Size: 1106 bytes --]


Hello. Someone please take care of this patch.

W/o that patch unprivileged user may abuse system resources simply by spawning
wast number of unkilable busyloops (works on ext2/ext3):

truncate --size 1T test
for ((i=0;i<1024;i++))
do
       filefrag test > /dev/null &
done

Dmitry Monakhov <dmonakhov@openvz.org> writes:
> Andrew can you please get this patch. IMHO it is simple and clean.
> BTW:
>
>> __generic_block_fiemap may spin very long time for large sparse files.
>>
>> Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
>> ---
>>  fs/ioctl.c |    5 +++++
>>  1 files changed, 5 insertions(+), 0 deletions(-)
>>
>> diff --git a/fs/ioctl.c b/fs/ioctl.c
>> index 8ac3fad..6fbeb68 100644
>> --- a/fs/ioctl.c
>> +++ b/fs/ioctl.c
>> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode,
>>  				past_eof = true;
>>  		}
>>  		cond_resched();
>> +		if (fatal_signal_pending(current)) {
>> +			ret = -EINTR;
>> +			break;
>> +		}
>> +
>>  	} while (1);
>>  
>>  	/* If ret is 1 then we just hit the end of the extent array */
>> -- 
>> 1.7.1

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 472 bytes --]

Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2...

[Andrew Morton]

On Wed, 10 Dec 2014 16:49:18 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote:

> 
> Hello. Someone please take care of this patch.
> 
> W/o that patch unprivileged user may abuse system resources simply by spawning
> wast number of unkilable busyloops (works on ext2/ext3):
> 
> truncate --size 1T test
> for ((i=0;i<1024;i++))
> do
>        filefrag test > /dev/null &
> done
> 
> >> --- a/fs/ioctl.c
> >> +++ b/fs/ioctl.c
> >> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode,
> >>  				past_eof = true;
> >>  		}
> >>  		cond_resched();
> >> +		if (fatal_signal_pending(current)) {
> >> +			ret = -EINTR;
> >> +			break;
> >> +		}
> >> +
> >>  	} while (1);
> >>  

Is FIEMAP documented anywhere (manpage)?  If so, that will need an
update.

Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2...

[Dmitry Monakhov]

[-- Attachment #1.1: Type: text/plain, Size: 1052 bytes --]

Andrew Morton <akpm@linux-foundation.org> writes:

> On Wed, 10 Dec 2014 16:49:18 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote:
>
>> 
>> Hello. Someone please take care of this patch.
>> 
>> W/o that patch unprivileged user may abuse system resources simply by spawning
>> wast number of unkilable busyloops (works on ext2/ext3):
>> 
>> truncate --size 1T test
>> for ((i=0;i<1024;i++))
>> do
>>        filefrag test > /dev/null &
>> done
>> 
>> >> --- a/fs/ioctl.c
>> >> +++ b/fs/ioctl.c
>> >> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode,
>> >>  				past_eof = true;
>> >>  		}
>> >>  		cond_resched();
>> >> +		if (fatal_signal_pending(current)) {
>> >> +			ret = -EINTR;
>> >> +			break;
>> >> +		}
>> >> +
>> >>  	} while (1);
>> >>  
>
> Is FIEMAP documented anywhere (manpage)?  If so, that will need an
> update.
Yes you right. I just thought that it is assumed by default.
The only place I know is Documentation/filesystems/fiemap.txt
Please fold patch attached to original one.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 472 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-doc-fimemap-update-signal-behaviour.patch --]
[-- Type: text/x-diff, Size: 936 bytes --]

>From f7af425b2ac920065491a478b4f4359f422b3453 Mon Sep 17 00:00:00 2001
From: Dmitry Monakhov <dmonakhov@openvz.org>
Date: Fri, 19 Dec 2014 13:11:29 +0400
Subject: [PATCH] doc: fimemap update signal behaviour


Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
---
 Documentation/filesystems/fiemap.txt |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/Documentation/filesystems/fiemap.txt b/Documentation/filesystems/fiemap.txt
index 1b805a0..f6d9c99 100644
--- a/Documentation/filesystems/fiemap.txt
+++ b/Documentation/filesystems/fiemap.txt
@@ -196,7 +196,8 @@ struct fiemap_extent_info {
 };
 
 It is intended that the file system should not need to access any of this
-structure directly.
+structure directly. Filesystem handlers should be tolerant to signals and return
+EINTR once fatal signal received.
 
 
 Flag checking should be done at the beginning of the ->fiemap callback via the
-- 
1.7.1

Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2...

[Andrew Morton]

On Fri, 19 Dec 2014 12:13:50 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote:

> --- a/Documentation/filesystems/fiemap.txt
> +++ b/Documentation/filesystems/fiemap.txt
> @@ -196,7 +196,8 @@ struct fiemap_extent_info {
>  };
>  
>  It is intended that the file system should not need to access any of this
> -structure directly.
> +structure directly. Filesystem handlers should be tolerant to signals and return
> +EINTR once fatal signal received.

Thanks.  I was concerned about userspace effects and back-compatibility
issues, because I'd misread fatal_signal_pending() as signal_pending().

Because it uses fatal_signal_pending(), the effects of this change
should be indiscernible to userspace, yes?

I'm now wondering if the above doc update is unneeded and incorrect. 
Is it likely that the fs handler (fiemap_fill_next_extent) will ever
consume a large amount of time?  If not then we can leave the logic in
__generic_block_fiemap() and not bother callees.



The fix only addresses filesystems which use generic_block_fiemap(). 
Presumably ocfs2, btrfs, nilfs2, lustre and xfs remain vulnerable to
the problem you identified?

Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2...

[Andreas Dilger]

On Dec 19, 2014, at 2:33 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
> 
> On Fri, 19 Dec 2014 12:13:50 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote:
> 
>> --- a/Documentation/filesystems/fiemap.txt
>> +++ b/Documentation/filesystems/fiemap.txt
>> @@ -196,7 +196,8 @@ struct fiemap_extent_info {
>> };
>> 
>> It is intended that the file system should not need to access any of this
>> -structure directly.
>> +structure directly. Filesystem handlers should be tolerant to signals and return
>> +EINTR once fatal signal received.
> 
> Thanks.  I was concerned about userspace effects and back-compatibility
> issues, because I'd misread fatal_signal_pending() as signal_pending().
> 
> Because it uses fatal_signal_pending(), the effects of this change
> should be indiscernible to userspace, yes?
> 
> I'm now wondering if the above doc update is unneeded and incorrect. 
> Is it likely that the fs handler (fiemap_fill_next_extent) will ever
> consume a large amount of time?  If not then we can leave the logic in
> __generic_block_fiemap() and not bother callees.
> 
> 
> 
> The fix only addresses filesystems which use generic_block_fiemap(). 
> Presumably ocfs2, btrfs, nilfs2, lustre and xfs remain vulnerable to
> the problem you identified?

I don't think they are - those filesystems generate the FIEMAP mapping
by walking the extent tree directly, while the "compat" code for block
based filesystems are (or were) essentially walking every possible
block offset to see if there was anything mapped at that position.

Cheers, Andreas