From patchwork Wed Oct 10 00:10:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10633409 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E748215E2 for ; Wed, 10 Oct 2018 00:10:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D0C4329C3B for ; Wed, 10 Oct 2018 00:10:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C517929C83; Wed, 10 Oct 2018 00:10:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5E06629C87 for ; Wed, 10 Oct 2018 00:10:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 58B8F6B0007; Tue, 9 Oct 2018 20:10:45 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 53AA76B0008; Tue, 9 Oct 2018 20:10:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 42ADC6B000A; Tue, 9 Oct 2018 20:10:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 034FA6B0007 for ; Tue, 9 Oct 2018 20:10:45 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id v138-v6so2522600pgb.7 for ; Tue, 09 Oct 2018 17:10:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:user-agent:mime-version:content-transfer-encoding; bh=EwpExZkig2pk5zdSUywkHCsBn4AvIvIdP/tZHlnRRak=; b=tcipzfb7tHrYufp5JRBYBLaNG3LFpCf/xv8BkKPVp7kUZFZ5ALfQv1EBa5xRMvg5Et n4hlVOy9Lf8dZKbzFBklatkfntBROsQ7Rccq9TkSnM3LVj/9SROEBbkrr3q5nwOGL7A2 RmLAwrmnxZ06GhEbj7ih/0+G43oa4Ll1G/OQJIf16xdDIYMVWy2zDRI23GF46uf8svXd yDy5wtsEBFMjkBIdLLEqChk4pRMeXzBlZZeXTAEkDqpH1n19CCR0x4evyreU7t1p7z2R YCJWIjohlo7D9r3uzIcZ2z26aVXiHsFgSCrcfHodqj8YhciglYHUnzjKO4Og52GtGRvJ m8PQ== X-Gm-Message-State: ABuFfogasaXpPGHAi9GyDHY2lxzYxzu3tlYuSbv3MhmdjOdYAO469T1C 65A7fhUIpqkCrK3E7ASeSD2zn2n9YBf4l/hV7rEMQhCYz9aj6SYL8Ob2UZb+R8pKaiAqmFY3HTv yW5izsYVMrBkLA1P5AHEDmlRlUIG1lqPgA5cKxDIIIkJ6+oByk+6jKsISnGagm5i61g== X-Received: by 2002:a17:902:3041:: with SMTP id u59-v6mr30142134plb.99.1539130244666; Tue, 09 Oct 2018 17:10:44 -0700 (PDT) X-Google-Smtp-Source: ACcGV63Z4K0H69IQl1u2/kB4jtGUDedR1HEgJQPLOGudeDRGXtsThs+QR8cFhCZyYV92R6mjYvF7 X-Received: by 2002:a17:902:3041:: with SMTP id u59-v6mr30142091plb.99.1539130243920; Tue, 09 Oct 2018 17:10:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539130243; cv=none; d=google.com; s=arc-20160816; b=zYSpmE5PW8itw/i0k0JcQ9T5kRE40E9h/SegaCzo5HyKR1yHe8urzXOO5U7XE7Upn4 jZswz48vQCdII+WpZlgbZb3H4Q+scgZ23NDuzQ1s7YAluN/IvwvSpdhvYpuGAukLk3hX NUBBUzLzIdOnoT5hiISZsu9Pxsk6iGyar8tZy1XEt1QZIwhVUGSllonR74DfofI0usgw ikwz/VUY7ZPg/loWzdON9JURKkwUc5N1CXAnQDn7YSkzIoAyUziSn89GKMHFBW7i4RLO 4ZW9AR0KrQd/IhXRCRNGmaLM0O2xMBwLInrhufaBGS79LEyVEC1B0MQ9BK/D+KOHwA0L h9kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:message-id:date :cc:to:from:subject:dkim-signature; bh=EwpExZkig2pk5zdSUywkHCsBn4AvIvIdP/tZHlnRRak=; b=k/8T+RbT+CvDC4hLAbEjQ1yIvCEOBZY1/ydgThLS9EeotdjO2JxQWpJKNHXf5XNBAR +lagm32ApBRgBXRh6g0+UCLvxAlCVXnE00BHnGIugYVB+kUkneRd9Ta1RyzrxJ/toIDs 4aWxaApWZB4bacmRw8ncbKYxcRnmh1sEaoQX1qiJsfJ1IstmNcuXE98u6cW+RhqHZhXh dkv2F7lPrRNUMozhgVVtgiTzzmF5+sMhJ+GOKMUFOmY9qNn02haQiM+jeI0/vZ22guO/ 1Xp4A1Hr4Ivq6Z5mgSlRiLVDbv3NfgYv31/hSsPASEA1iwxJgb8elaq3ISFjXWVcfMZp mP1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=EKQXPSiA; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2130.oracle.com (userp2130.oracle.com. [156.151.31.86]) by mx.google.com with ESMTPS id g12-v6si24049600pla.70.2018.10.09.17.10.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Oct 2018 17:10:43 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) client-ip=156.151.31.86; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=EKQXPSiA; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9A08ir7119775; Wed, 10 Oct 2018 00:10:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=EwpExZkig2pk5zdSUywkHCsBn4AvIvIdP/tZHlnRRak=; b=EKQXPSiA1kBBDN5FnnNjNOfG82n/5TMHQLfm+rSHzEyjKalDy3HjJj13G1o92f4xeDuA B20y4W90AlizGaV11meHzNAQd1wyoC9x5b8kbQxNPOBZbMnVi7bjeecIGYU56k/SIwla VSyhB5FUdXIjgWk1DMVKdp1Pk8exFH12LbInokoLzVGGXithUIL51dO8Qu38QqmIuF8K o5fnkhYNIratRaKfKU24Jb1xthoRibXG2s/mi5f3geJSAYCxu23AigP7rU4Lno5jFMAj yFpbJEo4moHapkvHJ/3QfdICbrcFCGm/wCDyLi+G0DkmhHYGXaYaWhnM2DCcpyTZpV0K XQ== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp2130.oracle.com with ESMTP id 2mxmftrvfb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Oct 2018 00:10:43 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9A0Af7L024746 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Oct 2018 00:10:41 GMT Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9A0AetQ002669; Wed, 10 Oct 2018 00:10:40 GMT Received: from localhost (/10.159.249.114) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 10 Oct 2018 00:10:40 +0000 Subject: [PATCH v2 00/25] fs: fixes for serious clone/dedupe problems From: "Darrick J. Wong" To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Date: Tue, 09 Oct 2018 17:10:38 -0700 Message-ID: <153913023835.32295.13962696655740190941.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9041 signatures=668706 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=733 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810100000 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi all, Dave, Eric, and I have been chasing a stale data exposure bug in the XFS reflink implementation, and tracked it down to reflink forgetting to do some of the file-extending activities that must happen for regular writes. We then started auditing the clone, dedupe, and copyfile code and realized that from a file contents perspective, clonerange isn't any different from a regular file write. Unfortunately, we also noticed that *unlike* a regular write, clonerange skips a ton of overflow checks, such as validating the ranges against s_maxbytes, MAX_NON_LFS, and RLIMIT_FSIZE. We also observed that cloning into a file did not strip security privileges (suid, capabilities) like a regular write would. I also noticed that xfs and ocfs2 need to dump the page cache before remapping blocks, not after. In fixing the range checking problems I also realized that both dedupe and copyfile tell userspace how much of the requested operation was acted upon. Since the range validation can shorten a clone request (or we can ENOSPC midway through), we might as well plumb the short operation reporting back through the VFS indirection code to userspace. So, here's the whole giant pile of patches[1] that fix all the problems. The patch "generic: test reflink side effects" recently sent to fstests exercises the fixes in this series. Tests are in [2]. --D [1] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git/log/?h=djwong-devel [2] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfstests-dev.git/log/?h=djwong-devel