iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52f31ed228
linux/include
History
Dave Chinner d7b6404116 iomap: write iomap validity checks 
A recent multithreaded write data corruption has been uncovered in
the iomap write code. The core of the problem is partial folio
writes can be flushed to disk while a new racing write can map it
and fill the rest of the page:

writeback			new write

allocate blocks
  blocks are unwritten
submit IO
.....
				map blocks
				iomap indicates UNWRITTEN range
				loop {
				  lock folio
				  copyin data
.....
IO completes
  runs unwritten extent conv
    blocks are marked written
				  <iomap now stale>
				  get next folio
				}

Now add memory pressure such that memory reclaim evicts the
partially written folio that has already been written to disk.

When the new write finally gets to the last partial page of the new
write, it does not find it in cache, so it instantiates a new page,
sees the iomap is unwritten, and zeros the part of the page that
it does not have data from. This overwrites the data on disk that
was originally written.

The full description of the corruption mechanism can be found here:

https://lore.kernel.org/linux-xfs/20220817093627.GZ3600936@dread.disaster.area/

To solve this problem, we need to check whether the iomap is still
valid after we lock each folio during the write. We have to do it
after we lock the page so that we don't end up with state changes
occurring while we wait for the folio to be locked.

Hence we need a mechanism to be able to check that the cached iomap
is still valid (similar to what we already do in buffered
writeback), and we need a way for ->begin_write to back out and
tell the high level iomap iterator that we need to remap the
remaining write range.

The iomap needs to grow some storage for the validity cookie that
the filesystem provides to travel with the iomap. XFS, in
particular, also needs to know some more information about what the
iomap maps (attribute extents rather than file data extents) to for
the validity cookie to cover all the types of iomaps we might need
to validate.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
2022-11-29 09:09:17 +11:00
..
acpi ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() 2022-10-13 20:40:09 +02:00
asm-generic asm-generic: compat: fix compat_arg_u64() and compat_arg_u64_dual() 2022-11-01 10:20:11 +11:00
clocksource
crypto
drm Merge drm/drm-fixes into drm-misc-fixes 2022-10-20 09:09:00 +02:00
dt-bindings These are the pin control changes for the v6.1 kernel cycle: 2022-10-11 10:59:59 -07:00
keys
kunit kunit: declare kunit_assert structs as const 2022-10-07 10:19:18 -06:00
kvm
linux iomap: write iomap validity checks 2022-11-29 09:09:17 +11:00
math-emu
media media fixes for v6.1-rc2 2022-10-22 15:30:15 -07:00
memory
misc
net netlink: introduce bigendian integer types 2022-11-01 21:29:06 -07:00
pcmcia
ras
rdma
rv
scsi SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
soc RISC-V Patches for the 6.1 Merge Window, Part 2 2022-10-14 11:21:11 -07:00
sound ASoC: Fixes for v6.1 2022-10-27 08:26:32 +02:00
target
trace linux-watchdog 6.1-rc2 tag 2022-10-21 12:25:39 -07:00
uapi - Rename a perf memory level event define to denote it is of CXL type 2022-10-30 09:49:18 -07:00
ufs SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
vdso
video
xen xen/virtio: enable grant based virtio on x86 2022-10-10 14:31:26 +02:00