From patchwork Thu Oct 11 04:12:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10635693 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 79676933 for ; Thu, 11 Oct 2018 04:12:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5879A2A612 for ; Thu, 11 Oct 2018 04:12:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4C1B72A620; Thu, 11 Oct 2018 04:12:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A827B2A612 for ; Thu, 11 Oct 2018 04:12:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B020B6B026B; Thu, 11 Oct 2018 00:12:23 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id AAEF86B026C; Thu, 11 Oct 2018 00:12:23 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 99F416B026D; Thu, 11 Oct 2018 00:12:23 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by kanga.kvack.org (Postfix) with ESMTP id 70A706B026B for ; Thu, 11 Oct 2018 00:12:23 -0400 (EDT) Received: by mail-qk1-f198.google.com with SMTP id d1-v6so6996093qkb.11 for ; Wed, 10 Oct 2018 21:12:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:user-agent:mime-version:content-transfer-encoding; bh=iq6/QjsgR4VqKWM0XL5jv+SMSL3vQSq7f9TjIGwxkRU=; b=JVouAGMSIw0mL6a5RmK0rWMw7u1j8JjhO7PDlbOXeFzIeDeX/9JSd1f1nYQpPLLpKu f80+pminPIcFU4pPzn8zROWJPwMgS6zhEjx15wzAXXEPhtvrVeGSCZRAokcI2pwwyipM /09IpStJVjzyPMvhMa27ks9QZGYEH474zFCeLWWZ+E6RIFaw9JUOMpMuBVnTJ+tWAWwO 1ZfTJu2+XQBC9MxrTCnglxySFYX/6ujD0NFZb2PgxgFTUNCW/+7PefBmQWwMSbBZJ3I2 mNpgOODIHGtp893DE1GDJnhivYBGDT5e105sMG6tkfyrcp0Dz3fHkCKVH1A3qxLzm6Iw QWDQ== X-Gm-Message-State: ABuFfohMp1zb2qcF94PK4vqaYKKOkf+2GD1VL9mxFa0HOvew1Uz+jriU uAZj/iu3o5HpRhkionuwD2Lu38JAgkD8NgZcA8gouUJ4snz79oSz5jpFA3lbRELr+lxl199WAdM HUUFkMdOsVVi2d5riz7erBcHelOgpYwXHmB2BIs6PPWViXkWw3CtpojBfAYEpa2u8PQ== X-Received: by 2002:a37:e21a:: with SMTP id g26-v6mr28482514qki.330.1539231143154; Wed, 10 Oct 2018 21:12:23 -0700 (PDT) X-Google-Smtp-Source: ACcGV60yPAO5uqlzodJfu+hNqHIk+xX36Cqbpz+3bOzuxc91OtcxGjtljKncFv11ubYLwEG/v4Ve X-Received: by 2002:a37:e21a:: with SMTP id g26-v6mr28482487qki.330.1539231142433; Wed, 10 Oct 2018 21:12:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539231142; cv=none; d=google.com; s=arc-20160816; b=bqtsL3ZdATGDBkxFPj/3iWwd+Ahkm67QflQ/Gpho9ZrjvfArWguiFyg3PQ5hHOJD8A nEbj9/b3QrwJI0SCNi29MWN3nO+LEtWSHoqiPud3v3JY52OqAPy51qIfZ+3II4LDg7f6 cuOjiI/8fW0+RaG3pDa22e6rNz0xu0bj6zQTrkkn74f2lI9SIU1AWeYOUdkVJVleOcKb jVkIuNciFFgF+bapigl854FvgMaLSEIC1k5ppAOebQUUJBdtDoAldapgg5OTMHHC/DoK 8rZEJsh+GZiEDwn31CrxE0Wf3YXJA9UUXGCccUNJNjRJCwnLmBxTKBzWXI43ttd0DdL0 arJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:message-id:date :cc:to:from:subject:dkim-signature; bh=iq6/QjsgR4VqKWM0XL5jv+SMSL3vQSq7f9TjIGwxkRU=; b=ebcqHNuIprdC7bKDW8cjbqehkq5lwx3DqQRiN5hcuMtS2E9r84BxxVPHlZLlNNCAIj NveaAjDB5Y0ZFEba/7eN5BG6sI/QImNzAE+mWsJGJLtoIKN3eShDeHkJ1Dt0Y+4IFt/o 1rcbTjoMwS2w0T03lgIPZB2zDqVjAV58pqbBN7m2+HoSlX/1NkQ3F5B5F/YkBNNYLZbm GVtddZFWLdVRnZAdetwp9zMyRQcD8QNqwymktp4JaEd2MMGjr8LXCxs6i2FntgUMKfg9 FUJSMxn/jjLi6Wu8IcgjO7oq2C5iSkYl0rOqH29S/gValqRLUi86ln95tjyMPArruzco c9PQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=QMdO5ZoF; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from aserp2120.oracle.com (aserp2120.oracle.com. [141.146.126.78]) by mx.google.com with ESMTPS id k7-v6si17173457qvc.79.2018.10.10.21.12.22 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Oct 2018 21:12:22 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) client-ip=141.146.126.78; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=QMdO5ZoF; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9B497Xc052721; Thu, 11 Oct 2018 04:12:21 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=iq6/QjsgR4VqKWM0XL5jv+SMSL3vQSq7f9TjIGwxkRU=; b=QMdO5ZoFNPXJ1oWRCgXgNq1EpWdux7KL9DLmVY30L7VzD9nGUW5UBG8mkFgThob4esGW Im0PWPhr2Vw0hWaAwDXgZV97wpiBkCVkfcUMFphlZfWNfjbLO5kqup07bgYTN+oJKkf0 ueGZ/WuSlsFOrK3uTJZIemzZu4x5CgsjZtYw2apvIdXN8QMQ7nMtr9AUH+NdCcZBsh1W 4n8OfqI/KE+NfU5pzYjfpJTemX2EDU7rHsqWbEBg0eO+8GsxQuGBvPMaxMUEWO99nTHd RieppcNTlzXnm9tIo2TaYWZ1jNWuCjcwDjRtEu8B6jDxIdsjOgq94Jq6u0//07CLlVsk MA== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2mxn0q9dr3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 11 Oct 2018 04:12:21 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9B4CJF0010021 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 11 Oct 2018 04:12:20 GMT Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9B4CIpb029404; Thu, 11 Oct 2018 04:12:18 GMT Received: from localhost (/10.159.132.249) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 11 Oct 2018 04:12:18 +0000 Subject: [PATCH v3 00/25] fs: fixes for serious clone/dedupe problems From: "Darrick J. Wong" To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Date: Wed, 10 Oct 2018 21:12:16 -0700 Message-ID: <153923113649.5546.9840926895953408273.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9042 signatures=668706 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=788 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810110039 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi all, Dave, Eric, and I have been chasing a stale data exposure bug in the XFS reflink implementation, and tracked it down to reflink forgetting to do some of the file-extending activities that must happen for regular writes. We then started auditing the clone, dedupe, and copyfile code and realized that from a file contents perspective, clonerange isn't any different from a regular file write. Unfortunately, we also noticed that *unlike* a regular write, clonerange skips a ton of overflow checks, such as validating the ranges against s_maxbytes, MAX_NON_LFS, and RLIMIT_FSIZE. We also observed that cloning into a file did not strip security privileges (suid, capabilities) like a regular write would. I also noticed that xfs and ocfs2 need to dump the page cache before remapping blocks, not after. In fixing the range checking problems I also realized that both dedupe and copyfile tell userspace how much of the requested operation was acted upon. Since the range validation can shorten a clone request (or we can ENOSPC midway through), we might as well plumb the short operation reporting back through the VFS indirection code to userspace. So, here's the whole giant pile of patches[1] that fix all the problems. This branch is against 4.19-rc7 with Dave Chinner's XFS for-next branch. The patch "generic: test reflink side effects" recently sent to fstests exercises the fixes in this series. Tests are in [2]. --D [1] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git/log/?h=djwong-devel [2] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfstests-dev.git/log/?h=djwong-devel