From patchwork Wed Oct 17 22:44:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10646147 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A3F915E2 for ; Wed, 17 Oct 2018 22:44:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F0968288CA for ; Wed, 17 Oct 2018 22:44:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E5100288F8; Wed, 17 Oct 2018 22:44:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 82A48288E7 for ; Wed, 17 Oct 2018 22:44:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9E6AB6B0269; Wed, 17 Oct 2018 18:44:22 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 99F706B026A; Wed, 17 Oct 2018 18:44:22 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 836BF6B026B; Wed, 17 Oct 2018 18:44:22 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 3F9116B0269 for ; Wed, 17 Oct 2018 18:44:22 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id f5-v6so22097856plf.11 for ; Wed, 17 Oct 2018 15:44:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:user-agent:mime-version:content-transfer-encoding; bh=zQALILQr9U+7OIPR4EjpK3HtCxxS0f5CSoa6TXZMX6o=; b=n7Ebahe8mNI+TFIpPZ8PZUFNNFHAkspwg65uBRs1Nz82Ob37NY0st7yNtbmETOHE90 mANqy8MlH4FZblZmp27avghYywN0dAae1+xw1jobUM+WQhAjp31VSN4SkErsr1BQlTKy tyeErAO31hU7TodFPF8P+s0yfNp7Dy/jS8Io3lwmF8QRoFMmol9+VNeK3+j1D3jRM6bN 5yQnTGwTaDb9/o7r3Nn2gzYqWk5O1FcLVotlrz9UQMoC8IW+QvkKV3w7YBlxaeh8YErq p5r5pboNNwk3MtNRWQc5QYrps1WkfFhAJCOfxqI/J64L9PYSx6ArQeWXWkdCxjRSjp5P IIgQ== X-Gm-Message-State: ABuFfohBWmFumh1DO+aqsSsbcqjmmZpmiToWi9oYqtxcJ5ZwB04Awvyd e+BcjCQuK4giHRj3dwuW7vw1eumNgn0of2n7lssbqJSqC6TgZpQdmsnTwyG/faUNBTo7pDlK7pT JDmYD8p0TEcokb3I+jPGrzUM8a6mz0R9rHsjn9irMxWStVRSQXTxCJa75jVfJThk6Hw== X-Received: by 2002:a63:aa48:: with SMTP id x8-v6mr25537592pgo.87.1539816261811; Wed, 17 Oct 2018 15:44:21 -0700 (PDT) X-Google-Smtp-Source: ACcGV605VEINQ1fpNajg8kL07YfXmifVH8CWv28a4TSBDOkcU3Zr64f9NBJ4gr9YOTWt81R1PhPh X-Received: by 2002:a63:aa48:: with SMTP id x8-v6mr25537560pgo.87.1539816260962; Wed, 17 Oct 2018 15:44:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539816260; cv=none; d=google.com; s=arc-20160816; b=jXqO0jZAYG3LqQmNSPr5BAthwu7zDwYb/IraS2eFvFchgO1jevSfVCbP1tl1dE7Xaf +4Ob3q/YJpFQB5cSgT75M1YjPlPlzEQLA7YRfv0JGp39wAIXh87/aBIUouI4P8xPo5cI 7yHRZ4sZRJDpZCN8OUuq8qcARGpZQTMl9gqZGYfwYqiTNyEqJn/iCMvh86qQ6CrPXtB4 nEutyppmy/ymxuGGucNwM42QOLoQkMVWxIzHqnRC4yh0petbt8DN2GcZGeJD3nGYWxzc y6gWIyMs0Ew72QmplouWxULW9pyWyibxas1pn5KLB7KqEQXTiGO3penhQ3chrgpwnh7r dtzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:message-id:date :cc:to:from:subject:dkim-signature; bh=zQALILQr9U+7OIPR4EjpK3HtCxxS0f5CSoa6TXZMX6o=; b=mqgull8Nj6sfnId+yFKE4K4CJPdyz9P3pGZShr7VqaY7rJSJUC/WG4+tHw8SGi9mOb m/WZl7Z/2hZnDDCPSIn3oEB45dKDmayvs/0zMmFbKbnZkv6S00A03TvmSb02NpIA0Z8P y9eBx3/gQVptMeWe+75LeLw+sSnG7bMXYYqPM1KwkEsQWCNtjpGEDDkVz3ErUcy8mcKE 4ADwSgEM8VuhsC0rjKj0SIG+7yLU49HE5gWWpHgzw/n6Og40+5a2n8PEEX/Ycq9yrd5r EJNecbpBLquNT9Izg2ovUoWkbFW0zz7inEJEEudccbKVwWW1SJHMF1ctEYqrNzdy8fW+ /lYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=2ilMuWAE; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2120.oracle.com (userp2120.oracle.com. [156.151.31.85]) by mx.google.com with ESMTPS id b9-v6si18321968plx.20.2018.10.17.15.44.20 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Oct 2018 15:44:20 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) client-ip=156.151.31.85; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=2ilMuWAE; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9HMi3C0189411; Wed, 17 Oct 2018 22:44:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=zQALILQr9U+7OIPR4EjpK3HtCxxS0f5CSoa6TXZMX6o=; b=2ilMuWAEXORm+LsZmmU6BlLwNLeTrOtsYWF7J8+HqIcMwQ2dE+dQ6OFknzDLNJpMQyHL xFNeeXUG59cB+RNE00JW8nWIe3aqeC7KwTSXre/WZVCgNDOYPcLkave7qp/zccQGg7Ac 38M0Zuzy431OmDlA818onA8k0kHgjSguECi6JUhh6tVxC/U8hVnmCq3ShW0COxTo5jXx X21xV8z1xSSjCT4DtrPKBTAvELQcmp4o9WICWB6/in3RxZSaOJDCWvTCsmYO5lybL9N3 +UpuIcFKBVyaSf+B8TrZX6hcaqbtRMCVNnxATdAd467Ys9+5W78YFZQT5n41emABwP8I RQ== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp2120.oracle.com with ESMTP id 2n39brhnxp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Oct 2018 22:44:19 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9HMiINZ005171 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Oct 2018 22:44:18 GMT Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9HMiH6d028180; Wed, 17 Oct 2018 22:44:17 GMT Received: from localhost (/10.159.132.177) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 17 Oct 2018 15:44:17 -0700 Subject: [PATCH v6 00/29] fs: fixes for serious clone/dedupe problems From: "Darrick J. Wong" To: david@fromorbit.com, darrick.wong@oracle.com Cc: sandeen@redhat.com, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, ocfs2-devel@oss.oracle.com Date: Wed, 17 Oct 2018 15:44:15 -0700 Message-ID: <153981625504.5568.2708520119290577378.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9049 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=910 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810170188 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi all, Dave, Eric, and I have been chasing a stale data exposure bug in the XFS reflink implementation, and tracked it down to reflink forgetting to do some of the file-extending activities that must happen for regular writes. We then started auditing the clone, dedupe, and copyfile code and realized that from a file contents perspective, clonerange isn't any different from a regular file write. Unfortunately, we also noticed that *unlike* a regular write, clonerange skips a ton of overflow checks, such as validating the ranges against s_maxbytes, MAX_NON_LFS, and RLIMIT_FSIZE. We also observed that cloning into a file did not strip security privileges (suid, capabilities) like a regular write would. I also noticed that xfs and ocfs2 need to dump the page cache before remapping blocks, not after. In fixing the range checking problems I also realized that both dedupe and copyfile tell userspace how much of the requested operation was acted upon. Since the range validation can shorten a clone request (or we can ENOSPC midway through), we might as well plumb the short operation reporting back through the VFS indirection code to userspace. I added a few more cleanups to the xfs code per reviewer suggestions. So, here's the whole giant pile of patches[1] that fix all the problems. This branch is against current upstream (4.19-rc8). The patch "generic: test reflink side effects" recently sent to fstests exercises the fixes in this series. Tests are in [2]. --D [1] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git/log/?h=djwong-devel [2] https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfstests-dev.git/log/?h=djwong-devel