linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] tmpfs: don't undo fallocate past its last page
@ 2016-05-08 13:16 Anthony Romano
  2016-05-16 11:59 ` Vlastimil Babka
  0 siblings, 1 reply; 3+ messages in thread
From: Anthony Romano @ 2016-05-08 13:16 UTC (permalink / raw)
  To: hughd; +Cc: linux-mm, linux-kernel, Anthony Romano

When fallocate is interrupted it will undo a range that extends one byte
past its range of allocated pages. This can corrupt an in-use page by
zeroing out its first byte. Instead, undo using the inclusive byte range.

Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
---
 mm/shmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/shmem.c b/mm/shmem.c
index 719bd6b..f0f9405 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
 			/* Remove the !PageUptodate pages we added */
 			shmem_undo_range(inode,
 				(loff_t)start << PAGE_SHIFT,
-				(loff_t)index << PAGE_SHIFT, true);
+				((loff_t)index << PAGE_SHIFT) - 1, true);
 			goto undone;
 		}
 
-- 
2.8.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] tmpfs: don't undo fallocate past its last page
  2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano
@ 2016-05-16 11:59 ` Vlastimil Babka
  2016-06-06  4:05   ` Brandon Philips
  0 siblings, 1 reply; 3+ messages in thread
From: Vlastimil Babka @ 2016-05-16 11:59 UTC (permalink / raw)
  To: Anthony Romano, hughd; +Cc: linux-mm, linux-kernel

On 05/08/2016 03:16 PM, Anthony Romano wrote:
> When fallocate is interrupted it will undo a range that extends one byte
> past its range of allocated pages. This can corrupt an in-use page by
> zeroing out its first byte. Instead, undo using the inclusive byte range.

Huh, good catch. So why is shmem_undo_range() adding +1 to the value in 
the first place? The only other caller is shmem_truncate_range() and all 
*its* callers do subtract 1 to avoid the same issue. So a nicer fix 
would be to remove all this +1/-1 madness. Or is there some subtle 
corner case I'm missing?

> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>

Looks like a stable candidate patch. Can you point out the commit that 
introduced the bug, for the Fixes: tag?

Thanks,
Vlastimil

> ---
>   mm/shmem.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 719bd6b..f0f9405 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
>   			/* Remove the !PageUptodate pages we added */
>   			shmem_undo_range(inode,
>   				(loff_t)start << PAGE_SHIFT,
> -				(loff_t)index << PAGE_SHIFT, true);
> +				((loff_t)index << PAGE_SHIFT) - 1, true);
>   			goto undone;
>   		}
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] tmpfs: don't undo fallocate past its last page
  2016-05-16 11:59 ` Vlastimil Babka
@ 2016-06-06  4:05   ` Brandon Philips
  0 siblings, 0 replies; 3+ messages in thread
From: Brandon Philips @ 2016-06-06  4:05 UTC (permalink / raw)
  To: Vlastimil Babka, Anthony Romano, Hugh Dickins, Christoph Hellwig,
	Cong Wang, Kay Sievers, Andrew Morton, Matthew Garrett
  Cc: linux-mm, linux-kernel

On Mon, May 16, 2016 at 4:59 AM, Vlastimil Babka <vbabka@suse.cz> wrote:
> On 05/08/2016 03:16 PM, Anthony Romano wrote:
>>
>> When fallocate is interrupted it will undo a range that extends one byte
>> past its range of allocated pages. This can corrupt an in-use page by
>> zeroing out its first byte. Instead, undo using the inclusive byte range.
>
>
> Huh, good catch. So why is shmem_undo_range() adding +1 to the value in the
> first place? The only other caller is shmem_truncate_range() and all *its*
> callers do subtract 1 to avoid the same issue. So a nicer fix would be to
> remove all this +1/-1 madness. Or is there some subtle corner case I'm
> missing?

Bumping this thread as I don't think this patch has gotten picked up.
And cc'ing folks from 1635f6a74152f1dcd1b888231609d64875f0a81a.

Also, resending because I forgot to remove the HTML mime-type to make
vger happy.

Thank you,

Brandon


>> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
>
>
> Looks like a stable candidate patch. Can you point out the commit that
> introduced the bug, for the Fixes: tag?
>
> Thanks,
> Vlastimil
>
>
>> ---
>>   mm/shmem.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/mm/shmem.c b/mm/shmem.c
>> index 719bd6b..f0f9405 100644
>> --- a/mm/shmem.c
>> +++ b/mm/shmem.c
>> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int
>> mode, loff_t offset,
>>                         /* Remove the !PageUptodate pages we added */
>>                         shmem_undo_range(inode,
>>                                 (loff_t)start << PAGE_SHIFT,
>> -                               (loff_t)index << PAGE_SHIFT, true);
>> +                               ((loff_t)index << PAGE_SHIFT) - 1, true);
>>                         goto undone;
>>                 }
>>
>>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-06  4:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano
2016-05-16 11:59 ` Vlastimil Babka
2016-06-06  4:05   ` Brandon Philips

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).