• Mauricio Faria de Oliveira's avatar
    ext4: data=journal: write-protect pages on j_submit_inode_data_buffers() · afb585a9
    Mauricio Faria de Oliveira authored
    This implements journal callbacks j_submit|finish_inode_data_buffers()
    with different behavior for data=journal: to write-protect pages under
    commit, preventing changes to buffers writeably mapped to userspace.
    
    If a buffer's content changes between commit's checksum calculation
    and write-out to disk, it can cause journal recovery/mount failures
    upon a kernel crash or power loss.
    
        [   27.334874] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, and O_DIRECT support!
        [   27.339492] JBD2: Invalid checksum recovering data block 8705 in log
        [   27.342716] JBD2: recovery failed
        [   27.343316] EXT4-fs (loop0): error loading journal
        mount: /ext4: can't read superblock on /dev/loop0.
    
    In j_submit_inode_data_buffers() we write-protect the inode's pages
    with write_cache_pages() and redirty w/ writepage callback if needed.
    
    In j_finish_inode_data_buffers() there is nothing do to.
    
    And in order to use the callbacks, inodes are added to the inode list
    in transaction in __ext4_journalled_writepage() and ext4_page_mkwrite().
    
    In ext4_page_mkwrite() we must make sure that the buffers are attached
    to the transaction as jbddirty with write_end_fn(), as already done in
    __ext4_journalled_writepage().
    Signed-off-by: default avatarMauricio Faria de Oliveira <mfo@canonical.com>
    Reported-by: default avatarDann Frazier <dann.frazier@canonical.com>
    Reported-by: kernel test robot <lkp@intel.com> # wbc.nr_to_write
    Suggested-by: default avatarJan Kara <jack@suse.cz>
    Reviewed-by: default avatarJan Kara <jack@suse.cz>
    Link: https://lore.kernel.org/r/20201006004841.600488-5-mfo@canonical.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    afb585a9
inode.c 176 KB