From patchwork Sat Oct 13 00:05:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10639393 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9952C1869 for ; Sat, 13 Oct 2018 00:05:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 878152B78F for ; Sat, 13 Oct 2018 00:05:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7B5B52B7A0; Sat, 13 Oct 2018 00:05:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 11E682B78F for ; Sat, 13 Oct 2018 00:05:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 128C66B0006; Fri, 12 Oct 2018 20:05:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0FDFE6B0007; Fri, 12 Oct 2018 20:05:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F30086B000A; Fri, 12 Oct 2018 20:05:40 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by kanga.kvack.org (Postfix) with ESMTP id C5F706B0006 for ; Fri, 12 Oct 2018 20:05:40 -0400 (EDT) Received: by mail-qt1-f198.google.com with SMTP id l6-v6so13720570qtc.12 for ; Fri, 12 Oct 2018 17:05:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:user-agent:mime-version:content-transfer-encoding; bh=sqZcdGAwZCIYhv4cQ+vWKTOaML280BHrCwjhIZmk+gs=; b=N7deZq8LhN6BaS77zFgv5hN2hV2doSuRtU+7NAj0K6jvELrQojPzolospTtkzl+LwD sLSE/2LSAZWMoeQP7/9H07oSLGKxICdDykOfYJSav2tZXcAsQm7px6eDDQk5rnKdg6Sh 3fUzGKaqu8T2mGhzoYtMC2Jh08jxtKVcTHAGZUtx0hfLaSzCfziFxa054/7jg/qjzUGu 36lysReCi5c8Ge2/m74HflUVor6gEHuUwjasnVw22DaHoRTrIJWJIASTdwOm1YnhWMgh Xv4rDzZEHzCe0VXK7rW+eI50cSQ7YZaaiaUhEotLPwk2c4lSxiABMSxgW2NRblDykHMJ k6Xg== X-Gm-Message-State: ABuFfojmDr0lmTobdsS3YbP0U6q9zYxdmvBwwtboCoCHgclqnLtiMHxO vZK7vsYRdiawfBbS5PU181kjSovdPEVCcMggT02HxOSB7CDWt5yhe9uJNbTs007AvMxd+Euj/2x hReQuoMx+pHpI6pYCXR7oBtmha+aahix8R+wghgMWkf0EpwPXSYJeKJ867fyl6e8WCw== X-Received: by 2002:aed:252e:: with SMTP id v43-v6mr7574308qtc.211.1539389140526; Fri, 12 Oct 2018 17:05:40 -0700 (PDT) X-Google-Smtp-Source: ACcGV63BJl1imUiTzwXcNRNW25bs3Qe99H4esCyJH1/vAOaJVFp58hU4/cpIqiz7ez2GcLPhM+Sc X-Received: by 2002:aed:252e:: with SMTP id v43-v6mr7574277qtc.211.1539389139921; Fri, 12 Oct 2018 17:05:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539389139; cv=none; d=google.com; s=arc-20160816; b=oRjR/GLdIrpXPW3z37pV8zSUa0Gs3rjeJ7hu08MavC54THplNsNtNey/+qM3OjrN7j 3iFVRd+BSvHuebKdmFfThzgjjMlllVADeM9lDBLZxA/6ML+jt8r7HwF6+NtDkl51JIKW H+ri4f6i6JRFXuCs408xJOkITjxzyHi1imoBiMzIxVcAeRagVlJiG0Mdsn0c8eyR0HtA H2lu6O4by9X4GHCqVCWO6QMuW7ZHF9LkkwA1gVPOk4J+MwEEtBP9KDtEE4nWfCMChX9q xvYkN/+c5RTWkGcUC6a1cggXMv6+Vzu032ywhTAOle62JC3NthjsOqEGwY1tZTqU49WV dg4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:message-id:date :cc:to:from:subject:dkim-signature; bh=sqZcdGAwZCIYhv4cQ+vWKTOaML280BHrCwjhIZmk+gs=; b=cNaSWGC6oipl/dzcsQmJ/TrBvO7WHhfqvc76IEHf6qf5iiKzXfb4QnZ6+Ox5JiOahJ eqpHiu3KBakIjIMMNT5e+RV/9lRk9JEyEnkMfQc+HNkOLS3IippmR27vfnsBxwFvwqqf 8pn/SLU3wDH+pu6O9ldsNEFemmc0yql8RB1Eez8u19AGk43huQW7sNNL9BggKAmvmbJ9 YAVFDzR6NfizDtr/FyVFa1heei1NJ2Ncr9JcHqymSRU6sk/Vulau9325NGewQM5pb1u3 1kC4JYAx6Njfn0rmkTXcR0mpvs3AoWwSBq84ReZyXpYX3No6uAWE+lcOG+MZce6rq/sD V+EQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=2CQs+ORR; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2130.oracle.com (userp2130.oracle.com. [156.151.31.86]) by mx.google.com with ESMTPS id b187-v6si2417643qkd.218.2018.10.12.17.05.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Oct 2018 17:05:39 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) client-ip=156.151.31.86; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=2CQs+ORR; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9D04ZjI144001; Sat, 13 Oct 2018 00:05:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=sqZcdGAwZCIYhv4cQ+vWKTOaML280BHrCwjhIZmk+gs=; b=2CQs+ORRvhD/nRAu/uk9pk4KKem63CqcyaY5Vg3ddnZCAGqYXFLa79lMjU5aaHeSVmEQ 9hLsPHQBR53I5n90g7B9aHHyzS5I2GxPecjJYuIEPwi6uOCWktm+Mbvd0L4mqtp7hzpI gpbP7ZO5zBserPLoFgLN2G3xFn1pl092rPxfZpzDY3eDKDG6gV+Re+MK7JzuGhNUSY+j PLPuUSQF/nLi9zWZgdKwpSH8K8K5Yn1bgpIrNGKLaouz46z2FrA1mEtDZoQErSP0SGRd OGwRDb2eunhzJUxJTrt2V5K+IkuO7LFCZHAY4ptGIGhBpzAsGsh540DjWx+0HLKGR6m9 jA== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2130.oracle.com with ESMTP id 2mxmfudptt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 13 Oct 2018 00:05:38 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9D05VTX032574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 13 Oct 2018 00:05:32 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9D05VqS017265; Sat, 13 Oct 2018 00:05:31 GMT Received: from localhost (/10.159.251.254) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 13 Oct 2018 00:05:31 +0000 Subject: [PATCH v4 00/25] fs: fixes for serious clone/dedupe problems From: "Darrick J. Wong" To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Date: Fri, 12 Oct 2018 17:05:29 -0700 Message-ID: <153938912912.8361.13446310416406388958.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9044 signatures=668706 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=840 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810130000 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi all, Dave, Eric, and I have been chasing a stale data exposure bug in the XFS reflink implementation, and tracked it down to reflink forgetting to do some of the file-extending activities that must happen for regular writes. We then started auditing the clone, dedupe, and copyfile code and realized that from a file contents perspective, clonerange isn't any different from a regular file write. Unfortunately, we also noticed that *unlike* a regular write, clonerange skips a ton of overflow checks, such as validating the ranges against s_maxbytes, MAX_NON_LFS, and RLIMIT_FSIZE. We also observed that cloning into a file did not strip security privileges (suid, capabilities) like a regular write would. I also noticed that xfs and ocfs2 need to dump the page cache before remapping blocks, not after. In fixing the range checking problems I also realized that both dedupe and copyfile tell userspace how much of the requested operation was acted upon. Since the range validation can shorten a clone request (or we can ENOSPC midway through), we might as well plumb the short operation reporting back through the VFS indirection code to userspace. So, here's the whole giant pile of patches[1] that fix all the problems. This branch is against current upstream (4.19-rc7+). The patch "generic: test reflink side effects" recently sent to fstests exercises the fixes in this series. Tests are in [2]. --D [1] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git/log/?h=djwong-devel [2] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfstests-dev.git/log/?h=djwong-devel