www.infradead.org Git - users/dwmw2/linux.git/commit

author	Jan Kara <jack@suse.cz>
	Thu, 29 Aug 2019 16:04:12 +0000 (09:04 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 5 Oct 2019 11:14:15 +0000 (13:14 +0200)
commit	b0df636473e5ad4848475d487c2f17299df17cad
tree	ecc3940deaef0d1e58c42c53093e4bc1163439c0	tree
parent	b56335c486f733c12cedd7de59ca131f022022ba	commit \| diff

xfs: Fix stale data exposure when readahead races with hole punch

commit 40144e49ff84c3bd6bd091b58115257670be8803 upstream.

Hole puching currently evicts pages from page cache and then goes on to
remove blocks from the inode. This happens under both XFS_IOLOCK_EXCL
and XFS_MMAPLOCK_EXCL which provides appropriate serialization with
racing reads or page faults. However there is currently nothing that
prevents readahead triggered by fadvise() or madvise() from racing with
the hole punch and instantiating page cache page after hole punching has
evicted page cache in xfs_flush_unmap_range() but before it has removed
blocks from the inode. This page cache page will be mapping soon to be
freed block and that can lead to returning stale data to userspace or
even filesystem corruption.

Fix the problem by protecting handling of readahead requests by
XFS_IOLOCK_SHARED similarly as we protect reads.

CC: stable@vger.kernel.org
Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxjQNmxqmtA_VbYW0Su9rKRk2zobJmahcyeaEVOFKVQ5dw@mail.gmail.com/
Reported-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>