1. 04 Sep, 2024 22 commits
  2. 02 Sep, 2024 13 commits
  3. 27 Aug, 2024 5 commits
    • Zhihao Cheng's avatar
      ext4: dax: fix overflowing extents beyond inode size when partially writing · dda898d7
      Zhihao Cheng authored
      The dax_iomap_rw() does two things in each iteration: map written blocks
      and copy user data to blocks. If the process is killed by user(See signal
      handling in dax_iomap_iter()), the copied data will be returned and added
      on inode size, which means that the length of written extents may exceed
      the inode size, then fsck will fail. An example is given as:
      
      dd if=/dev/urandom of=file bs=4M count=1
       dax_iomap_rw
        iomap_iter // round 1
         ext4_iomap_begin
          ext4_iomap_alloc // allocate 0~2M extents(written flag)
        dax_iomap_iter // copy 2M data
        iomap_iter // round 2
         iomap_iter_advance
          iter->pos += iter->processed // iter->pos = 2M
         ext4_iomap_begin
          ext4_iomap_alloc // allocate 2~4M extents(written flag)
        dax_iomap_iter
         fatal_signal_pending
        done = iter->pos - iocb->ki_pos // done = 2M
       ext4_handle_inode_extension
        ext4_update_inode_size // inode size = 2M
      
      fsck reports: Inode 13, i_size is 2097152, should be 4194304.  Fix?
      
      Fix the problem by truncating extents if the written length is smaller
      than expected.
      
      Fixes: 776722e8 ("ext4: DAX iomap write support")
      CC: stable@vger.kernel.org
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=219136Signed-off-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      Link: https://patch.msgid.link/20240809121532.2105494-1-chengzhihao@huaweicloud.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      dda898d7
    • Jan Kara's avatar
      ext4: don't set SB_RDONLY after filesystem errors · d3476f3d
      Jan Kara authored
      When the filesystem is mounted with errors=remount-ro, we were setting
      SB_RDONLY flag to stop all filesystem modifications. We knew this misses
      proper locking (sb->s_umount) and does not go through proper filesystem
      remount procedure but it has been the way this worked since early ext2
      days and it was good enough for catastrophic situation damage
      mitigation. Recently, syzbot has found a way (see link) to trigger
      warnings in filesystem freezing because the code got confused by
      SB_RDONLY changing under its hands. Since these days we set
      EXT4_FLAGS_SHUTDOWN on the superblock which is enough to stop all
      filesystem modifications, modifying SB_RDONLY shouldn't be needed. So
      stop doing that.
      
      Link: https://lore.kernel.org/all/000000000000b90a8e061e21d12f@google.comReported-by: default avatarChristian Brauner <brauner@kernel.org>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Link: https://patch.msgid.link/20240805201241.27286-1-jack@suse.czSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      d3476f3d
    • Wojciech Gładysz's avatar
      ext4: nested locking for xattr inode · d1bc560e
      Wojciech Gładysz authored
      Add nested locking with I_MUTEX_XATTR subclass to avoid lockdep warning
      while handling xattr inode on file open syscall at ext4_xattr_inode_iget.
      
      Backtrace
      EXT4-fs (loop0): Ignoring removed oldalloc option
      ======================================================
      WARNING: possible circular locking dependency detected
      5.10.0-syzkaller #0 Not tainted
      ------------------------------------------------------
      syz-executor543/2794 is trying to acquire lock:
      ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline]
      ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425
      
      but task is already holding lock:
      ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #1 (&ei->i_data_sem/3){++++}-{3:3}:
             lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566
             down_write+0x93/0x180 kernel/locking/rwsem.c:1564
             ext4_update_i_disksize fs/ext4/ext4.h:3267 [inline]
             ext4_xattr_inode_write fs/ext4/xattr.c:1390 [inline]
             ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1538 [inline]
             ext4_xattr_set_entry+0x331a/0x3d80 fs/ext4/xattr.c:1662
             ext4_xattr_ibody_set+0x124/0x390 fs/ext4/xattr.c:2228
             ext4_xattr_set_handle+0xc27/0x14e0 fs/ext4/xattr.c:2385
             ext4_xattr_set+0x219/0x390 fs/ext4/xattr.c:2498
             ext4_xattr_user_set+0xc9/0xf0 fs/ext4/xattr_user.c:40
             __vfs_setxattr+0x404/0x450 fs/xattr.c:177
             __vfs_setxattr_noperm+0x11d/0x4f0 fs/xattr.c:208
             __vfs_setxattr_locked+0x1f9/0x210 fs/xattr.c:266
             vfs_setxattr+0x112/0x2c0 fs/xattr.c:283
             setxattr+0x1db/0x3e0 fs/xattr.c:548
             path_setxattr+0x15a/0x240 fs/xattr.c:567
             __do_sys_setxattr fs/xattr.c:582 [inline]
             __se_sys_setxattr fs/xattr.c:578 [inline]
             __x64_sys_setxattr+0xc5/0xe0 fs/xattr.c:578
             do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62
             entry_SYSCALL_64_after_hwframe+0x61/0xcb
      
      -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}:
             check_prev_add kernel/locking/lockdep.c:2988 [inline]
             check_prevs_add kernel/locking/lockdep.c:3113 [inline]
             validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729
             __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955
             lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566
             down_write+0x93/0x180 kernel/locking/rwsem.c:1564
             inode_lock include/linux/fs.h:782 [inline]
             ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425
             ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485
             ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline]
             ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline]
             ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774
             __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898
             ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline]
             __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018
             ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562
             notify_change+0xbb6/0xe60 fs/attr.c:435
             do_truncate+0x1de/0x2c0 fs/open.c:64
             handle_truncate fs/namei.c:2970 [inline]
             do_open fs/namei.c:3311 [inline]
             path_openat+0x29f3/0x3290 fs/namei.c:3425
             do_filp_open+0x20b/0x450 fs/namei.c:3452
             do_sys_openat2+0x124/0x460 fs/open.c:1207
             do_sys_open fs/open.c:1223 [inline]
             __do_sys_open fs/open.c:1231 [inline]
             __se_sys_open fs/open.c:1227 [inline]
             __x64_sys_open+0x221/0x270 fs/open.c:1227
             do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62
             entry_SYSCALL_64_after_hwframe+0x61/0xcb
      
      other info that might help us debug this:
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(&ei->i_data_sem/3);
                                     lock(&ea_inode->i_rwsem#7/1);
                                     lock(&ei->i_data_sem/3);
        lock(&ea_inode->i_rwsem#7/1);
      
       *** DEADLOCK ***
      
      5 locks held by syz-executor543/2794:
       #0: ffff888026fbc448 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x4a/0x2a0 fs/namespace.c:365
       #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline]
       #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x1cf/0x2c0 fs/open.c:62
       #2: ffff8880215e3310 (&ei->i_mmap_sem){++++}-{3:3}, at: ext4_setattr+0xec4/0x19c0 fs/ext4/inode.c:5519
       #3: ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559
       #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline]
       #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:5938 [inline]
       #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4fb/0x810 fs/ext4/inode.c:6018
      
      stack backtrace:
      CPU: 1 PID: 2794 Comm: syz-executor543 Not tainted 5.10.0-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x177/0x211 lib/dump_stack.c:118
       print_circular_bug+0x146/0x1b0 kernel/locking/lockdep.c:2002
       check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2123
       check_prev_add kernel/locking/lockdep.c:2988 [inline]
       check_prevs_add kernel/locking/lockdep.c:3113 [inline]
       validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729
       __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955
       lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566
       down_write+0x93/0x180 kernel/locking/rwsem.c:1564
       inode_lock include/linux/fs.h:782 [inline]
       ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425
       ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485
       ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline]
       ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774
       __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline]
       __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018
       ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562
       notify_change+0xbb6/0xe60 fs/attr.c:435
       do_truncate+0x1de/0x2c0 fs/open.c:64
       handle_truncate fs/namei.c:2970 [inline]
       do_open fs/namei.c:3311 [inline]
       path_openat+0x29f3/0x3290 fs/namei.c:3425
       do_filp_open+0x20b/0x450 fs/namei.c:3452
       do_sys_openat2+0x124/0x460 fs/open.c:1207
       do_sys_open fs/open.c:1223 [inline]
       __do_sys_open fs/open.c:1231 [inline]
       __se_sys_open fs/open.c:1227 [inline]
       __x64_sys_open+0x221/0x270 fs/open.c:1227
       do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62
       entry_SYSCALL_64_after_hwframe+0x61/0xcb
      RIP: 0033:0x7f0cde4ea229
      Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
      RSP: 002b:00007ffd81d1c978 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
      RAX: ffffffffffffffda RBX: 0030656c69662f30 RCX: 00007f0cde4ea229
      RDX: 0000000000000089 RSI: 00000000000a0a00 RDI: 00000000200001c0
      RBP: 2f30656c69662f2e R08: 0000000000208000 R09: 0000000000208000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd81d1c9c0
      R13: 00007ffd81d1ca00 R14: 0000000000080000 R15: 0000000000000003
      EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2730: inode #13: comm syz-executor543: corrupted in-inode xattr
      Signed-off-by: default avatarWojciech Gładysz <wojciech.gladysz@infogain.com>
      Link: https://patch.msgid.link/20240801143827.19135-1-wojciech.gladysz@infogain.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      d1bc560e
    • Kemeng Shi's avatar
      jbd2: remove unneeded check of ret in jbd2_fc_get_buf · 6140ceb9
      Kemeng Shi authored
      Simply return -EINVAL if j_fc_off is invalid to avoid repeated check of
      ret.
      Signed-off-by: default avatarKemeng Shi <shikemeng@huaweicloud.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
      Link: https://patch.msgid.link/20240801013815.2393869-9-shikemeng@huaweicloud.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      6140ceb9
    • Kemeng Shi's avatar
      jbd2: correct comment jbd2_mark_journal_empty · 1862304b
      Kemeng Shi authored
      After jbd2_mark_journal_empty, journal log is supposed to be empty.
      Signed-off-by: default avatarKemeng Shi <shikemeng@huaweicloud.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
      Link: https://patch.msgid.link/20240801013815.2393869-8-shikemeng@huaweicloud.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      1862304b