From patchwork Tue Oct 16 03:09:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10642683 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D504E18FD for ; Tue, 16 Oct 2018 03:10:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE92B29866 for ; Tue, 16 Oct 2018 03:10:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AB78C29883; Tue, 16 Oct 2018 03:10:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4283429866 for ; Tue, 16 Oct 2018 03:10:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B25076B0003; Mon, 15 Oct 2018 23:10:04 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id AD46F6B0005; Mon, 15 Oct 2018 23:10:04 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9C3C36B0006; Mon, 15 Oct 2018 23:10:04 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id 5AE586B0003 for ; Mon, 15 Oct 2018 23:10:04 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id g63-v6so6180335pfc.9 for ; Mon, 15 Oct 2018 20:10:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:user-agent:mime-version:content-transfer-encoding; bh=Tj5vyhT8ix732fRoA8MsyFPdyNfDuCkT6AX9ZPnt+D8=; b=DuPzWLr44Zyz3exXWdXwtRAr8C5FVbQUCYGTxuRz6HEagprt8tLLA4eSwUoxgAZEbA 8pKdx4Raa8VVq5+pnZ7T02KRAOyASlqh/RehGxDAy+dLaLvsRRtJ94Tq8LGi4IsFiE3L GygPs0irHguU3BcYyWf+aKyj5tUBadvZwM1IbmMkDGehoCs15i1tS5tgw/VnsHj6FkNO HPjgkYoB3M5U75olIqXEKCPX3T5HqGIqsVjyd+/QYDNNHpp9I4syuG6bm/zVLyCkDqvO K/Xe9NE6Ro0foPZgd20J8dDW+eoUivNGOa1pCggxoYLVi2tQ9mxpzvT0gM+UVXN1HU++ tb2g== X-Gm-Message-State: ABuFfoiZ/Yi0+HfawiCvI4R8O6v7PP6amkLKeJaVHJmcOFNx6masJngF Z/3c9LYt8SH55ERDApFyjrFA+FDsFMr/vmtpkda3vCOw7sBVFHcPoDXhXN8lalvaRsDk3WNU8uZ FfwN7xTiDa/raKrJBu/ZGvETb0guybUe1iEVK5h6AXhhQYld9/9su+pCumjZc9VHL+Q== X-Received: by 2002:a62:2e02:: with SMTP id u2-v6mr20855251pfu.134.1539659403996; Mon, 15 Oct 2018 20:10:03 -0700 (PDT) X-Google-Smtp-Source: ACcGV62NqdtZuIjmzlxeu6iYkH99FeElONA58a4ZjQSBmiekgR+YrsOWEzflJmq0vfueDq8cTOzs X-Received: by 2002:a62:2e02:: with SMTP id u2-v6mr20855192pfu.134.1539659402973; Mon, 15 Oct 2018 20:10:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539659402; cv=none; d=google.com; s=arc-20160816; b=mYrYfxMVX7OBuzXq775I8uhckovJ8PJm8TDaysNUCONZKllKgFn9TORDT9dV67rfvx R7tmFfnN2XmQaI1OwN0R9N+9Yrc7z2zf/1Y4y0L/0Yoy8+UgvVYEmAEkV0DtpjwCW1Ws 3vdI1ZjUX5O7GPmbT8mNNjxuG4cXn7OmCg5mZpgKcDKYNXNCkqA0laCcuExVAIZIpyCC Wp2Y+lf6gujtnM9ahkHtV/SRDN0FeVG6ca69GTVvGWFibqL3/+hLHlveanfyGqA7WTx1 j0zbKNqDKlmt7ZToBJbECkFaJjKZ2Q7nyjY/S61oLT3ByGAbW8YbuoyhUhPgpDCc5X0J vT0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:message-id:date :cc:to:from:subject:dkim-signature; bh=Tj5vyhT8ix732fRoA8MsyFPdyNfDuCkT6AX9ZPnt+D8=; b=PiGXK3ckzyE55+YPS5E3NHECdnvZxaVdz8w8lSoBUMgDWtS2LT/HK3r+J5VvEaW/LV 9QH9KkUU7Ei0bc0FWoxNwDmzrNWGoAmEUUXebwzjzRjdzuYG+6e9/JNWvQzVmN00QmwI c7xmftV9VpiY0OxCLlj8JJNnwplcLEmVuWyIdlzU8pWV02HNLieBzd3fTWnjAv3SoKwk 2ehg8qnNwoJpoEW5w+5/Hm8QyuuDkFYIxh1nhg42JKTVnS20e4nPtH45UdQBVMR62Dwf vPkIcKPyNsDYi6BIVhxLo/2Dj3vo5eM9B/rCmC5QSh1LipXF6o5QWNqhzZLcgCmx8BIZ RBwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=5oONadGG; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from aserp2120.oracle.com (aserp2120.oracle.com. [141.146.126.78]) by mx.google.com with ESMTPS id f23-v6si13099885pgh.250.2018.10.15.20.10.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Oct 2018 20:10:02 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) client-ip=141.146.126.78; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=5oONadGG; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9G38ba0053414; Tue, 16 Oct 2018 03:10:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=Tj5vyhT8ix732fRoA8MsyFPdyNfDuCkT6AX9ZPnt+D8=; b=5oONadGGUzE6sVVVTI8qixhlJPoaOOnia4FJQvrcWymXyCbjOA8SuX+T6ZCIIjDgKS22 45/MfPxceCY35xWZWO8sWQteberYALA7yVINPdOZH3WebtnKXvBCCB7UCmL+t9JXK2Iq 9SA1wHJEGv0ApakelfGceP0B5B5MfLoJY8NqVU4vbPKm5hXzlvb25FgheZMJW9ACmtv+ U/z2/bbtpkqA1jyEcqtxhJ7oVgZZPWJ7mh5NsHeoYKMkMfIST33WI130LeNrldqBiQHk Q40Vd0b4p6qSEA20BdnVRs0+NvswVwQCfDLfuzz35UVN0TcIx/T0BFHSBpr2dBrVWvmU Ng== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp2120.oracle.com with ESMTP id 2n38npwup6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Oct 2018 03:10:01 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w9G3A0UA006886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Oct 2018 03:10:00 GMT Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9G39wh4003463; Tue, 16 Oct 2018 03:09:58 GMT Received: from localhost (/10.159.227.150) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 15 Oct 2018 20:09:58 -0700 Subject: [PATCH v5 00/26] fs: fixes for serious clone/dedupe problems From: "Darrick J. Wong" To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Date: Mon, 15 Oct 2018 20:09:55 -0700 Message-ID: <153965939489.1256.7400115244528045860.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9047 signatures=668706 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=840 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810160026 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi all, Dave, Eric, and I have been chasing a stale data exposure bug in the XFS reflink implementation, and tracked it down to reflink forgetting to do some of the file-extending activities that must happen for regular writes. We then started auditing the clone, dedupe, and copyfile code and realized that from a file contents perspective, clonerange isn't any different from a regular file write. Unfortunately, we also noticed that *unlike* a regular write, clonerange skips a ton of overflow checks, such as validating the ranges against s_maxbytes, MAX_NON_LFS, and RLIMIT_FSIZE. We also observed that cloning into a file did not strip security privileges (suid, capabilities) like a regular write would. I also noticed that xfs and ocfs2 need to dump the page cache before remapping blocks, not after. In fixing the range checking problems I also realized that both dedupe and copyfile tell userspace how much of the requested operation was acted upon. Since the range validation can shorten a clone request (or we can ENOSPC midway through), we might as well plumb the short operation reporting back through the VFS indirection code to userspace. So, here's the whole giant pile of patches[1] that fix all the problems. This branch is against current upstream (4.19-rc8). The patch "generic: test reflink side effects" recently sent to fstests exercises the fixes in this series. Tests are in [2]. --D [1] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git/log/?h=djwong-devel [2] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfstests-dev.git/log/?h=djwong-devel