* [PATCH] tmpfs: don't undo fallocate past its last page
@ 2016-05-08 13:16 Anthony Romano
2016-05-16 11:59 ` Vlastimil Babka
0 siblings, 1 reply; 3+ messages in thread
From: Anthony Romano @ 2016-05-08 13:16 UTC (permalink / raw)
To: hughd; +Cc: linux-mm, linux-kernel, Anthony Romano
When fallocate is interrupted it will undo a range that extends one byte
past its range of allocated pages. This can corrupt an in-use page by
zeroing out its first byte. Instead, undo using the inclusive byte range.
Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
---
mm/shmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/shmem.c b/mm/shmem.c
index 719bd6b..f0f9405 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
/* Remove the !PageUptodate pages we added */
shmem_undo_range(inode,
(loff_t)start << PAGE_SHIFT,
- (loff_t)index << PAGE_SHIFT, true);
+ ((loff_t)index << PAGE_SHIFT) - 1, true);
goto undone;
}
--
2.8.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] tmpfs: don't undo fallocate past its last page
2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano
@ 2016-05-16 11:59 ` Vlastimil Babka
2016-06-06 4:05 ` Brandon Philips
0 siblings, 1 reply; 3+ messages in thread
From: Vlastimil Babka @ 2016-05-16 11:59 UTC (permalink / raw)
To: Anthony Romano, hughd; +Cc: linux-mm, linux-kernel
On 05/08/2016 03:16 PM, Anthony Romano wrote:
> When fallocate is interrupted it will undo a range that extends one byte
> past its range of allocated pages. This can corrupt an in-use page by
> zeroing out its first byte. Instead, undo using the inclusive byte range.
Huh, good catch. So why is shmem_undo_range() adding +1 to the value in
the first place? The only other caller is shmem_truncate_range() and all
*its* callers do subtract 1 to avoid the same issue. So a nicer fix
would be to remove all this +1/-1 madness. Or is there some subtle
corner case I'm missing?
> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
Looks like a stable candidate patch. Can you point out the commit that
introduced the bug, for the Fixes: tag?
Thanks,
Vlastimil
> ---
> mm/shmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 719bd6b..f0f9405 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
> /* Remove the !PageUptodate pages we added */
> shmem_undo_range(inode,
> (loff_t)start << PAGE_SHIFT,
> - (loff_t)index << PAGE_SHIFT, true);
> + ((loff_t)index << PAGE_SHIFT) - 1, true);
> goto undone;
> }
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] tmpfs: don't undo fallocate past its last page
2016-05-16 11:59 ` Vlastimil Babka
@ 2016-06-06 4:05 ` Brandon Philips
0 siblings, 0 replies; 3+ messages in thread
From: Brandon Philips @ 2016-06-06 4:05 UTC (permalink / raw)
To: Vlastimil Babka, Anthony Romano, Hugh Dickins, Christoph Hellwig,
Cong Wang, Kay Sievers, Andrew Morton, Matthew Garrett
Cc: linux-mm, linux-kernel
On Mon, May 16, 2016 at 4:59 AM, Vlastimil Babka <vbabka@suse.cz> wrote:
> On 05/08/2016 03:16 PM, Anthony Romano wrote:
>>
>> When fallocate is interrupted it will undo a range that extends one byte
>> past its range of allocated pages. This can corrupt an in-use page by
>> zeroing out its first byte. Instead, undo using the inclusive byte range.
>
>
> Huh, good catch. So why is shmem_undo_range() adding +1 to the value in the
> first place? The only other caller is shmem_truncate_range() and all *its*
> callers do subtract 1 to avoid the same issue. So a nicer fix would be to
> remove all this +1/-1 madness. Or is there some subtle corner case I'm
> missing?
Bumping this thread as I don't think this patch has gotten picked up.
And cc'ing folks from 1635f6a74152f1dcd1b888231609d64875f0a81a.
Also, resending because I forgot to remove the HTML mime-type to make
vger happy.
Thank you,
Brandon
>> Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
>
>
> Looks like a stable candidate patch. Can you point out the commit that
> introduced the bug, for the Fixes: tag?
>
> Thanks,
> Vlastimil
>
>
>> ---
>> mm/shmem.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/mm/shmem.c b/mm/shmem.c
>> index 719bd6b..f0f9405 100644
>> --- a/mm/shmem.c
>> +++ b/mm/shmem.c
>> @@ -2238,7 +2238,7 @@ static long shmem_fallocate(struct file *file, int
>> mode, loff_t offset,
>> /* Remove the !PageUptodate pages we added */
>> shmem_undo_range(inode,
>> (loff_t)start << PAGE_SHIFT,
>> - (loff_t)index << PAGE_SHIFT, true);
>> + ((loff_t)index << PAGE_SHIFT) - 1, true);
>> goto undone;
>> }
>>
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-06 4:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-08 13:16 [PATCH] tmpfs: don't undo fallocate past its last page Anthony Romano
2016-05-16 11:59 ` Vlastimil Babka
2016-06-06 4:05 ` Brandon Philips
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).