Commit 40144e49 authored by Jan Kara's avatar Jan Kara Committed by Darrick J. Wong
Browse files

xfs: Fix stale data exposure when readahead races with hole punch 

Hole puching currently evicts pages from page cache and then goes on to
remove blocks from the inode. This happens under both XFS_IOLOCK_EXCL
and XFS_MMAPLOCK_EXCL which provides appropriate serialization with
racing reads or page faults. However there is currently nothing that
prevents readahead triggered by fadvise() or madvise() from racing with
the hole punch and instantiating page cache page after hole punching has
evicted page cache in xfs_flush_unmap_range() but before it has removed
blocks from the inode. This page cache page will be mapping soon to be
freed block and that can lead to returning stale data to userspace or
even filesystem corruption.

Fix the problem by protecting handling of readahead requests by
XFS_IOLOCK_SHARED similarly as we protect reads.

CC: stable@vger.kernel.org
Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxjQNmxqmtA_VbYW0Su9rKRk2zobJmahcyeaEVOFKVQ5dw@mail.gmail.com/


Reported-by: default avatarAmir Goldstein <amir73il@gmail.com>
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
parent cf1ea059

fs/xfs/xfs_file.c

+26 −0
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ 
#include <linux/falloc.h>

#include <linux/backing-dev.h>

#include <linux/mman.h>

#include <linux/fadvise.h>



static const struct vm_operations_struct xfs_file_vm_ops;
@@ -933,6 +934,30 @@ out_unlock: 
	return error;

}



STATIC int

xfs_file_fadvise(

	struct file	*file,

	loff_t		start,

	loff_t		end,

	int		advice)

{

	struct xfs_inode *ip = XFS_I(file_inode(file));

	int ret;

	int lockflags = 0;



	/*

	 * Operations creating pages in page cache need protection from hole

	 * punching and similar ops

	 */

	if (advice == POSIX_FADV_WILLNEED) {

		lockflags = XFS_IOLOCK_SHARED;

		xfs_ilock(ip, lockflags);

	}

	ret = generic_fadvise(file, start, end, advice);

	if (lockflags)

		xfs_iunlock(ip, lockflags);

	return ret;

}



STATIC loff_t

xfs_file_remap_range(
@@ -1232,6 +1257,7 @@ const struct file_operations xfs_file_operations = { 
	.fsync		= xfs_file_fsync,

	.get_unmapped_area = thp_get_unmapped_area,

	.fallocate	= xfs_file_fallocate,

	.fadvise	= xfs_file_fadvise,

	.remap_file_range = xfs_file_remap_range,

};

CRA Git | Maintained and supported by SUSTech CRA and CCSE