From patchwork Wed Jun 26 02:33:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrick Wong X-Patchwork-Id: 1122502 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="U2m+jP6a"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="h4CU9wnF"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45YRwh56zMz9s3Z for ; Wed, 26 Jun 2019 12:36:04 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:To:From:Subject:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=zs0E3ElMNWviHUZeugkCgdr/PdrWrTJ/qJejZVfycIg=; b=U2m+jP6azKxPKu u74m0B4ZqHxrwu447Q05zFT1sD5x/fqyHBbV8Bvztqub2iHeNTPOIe4zRMklsCxsA0acXziqw/9YS Rf7TErZDqE7leiWb2byFGqC5xBxBNV/0s/kgjDLffgJWwg1vl9bUtHvioyWU38V0yRhetnfjzlrYV 7+V95ThGithRxn3TsR+e5M93Ledb+QWAw0LlRY5a1jZBOedDxoYwMBGqGwmEF8WIPPg003kYxz8a1 49F7SNLni+fD2txEnJYX71ileRZH7uqER/kfwZJeQnMS9PawbSlhyqUuVWn6U0zVutnsVGNPSI2Oa DkmoouoCgwFrp2fu2moA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hfxmz-0006Yr-P6; Wed, 26 Jun 2019 02:36:01 +0000 Received: from userp2130.oracle.com ([156.151.31.86]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hfxme-0006DX-8r for linux-mtd@lists.infradead.org; Wed, 26 Jun 2019 02:35:43 +0000 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5Q2Ykgb120656; Wed, 26 Jun 2019 02:35:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=FEN+goJhMPORyHM4KJFXebyZi4tarHTDm26+xICB5hA=; b=h4CU9wnFOOS1YSb/1A5WUJ9R3mK0Lo4KDpPlx3IsKGFGb5GJDBgZdFF/ZkNeWJpw6ADQ z+48Fvs+Pd7PcF23eYSOuy/NgmC1FwimwF1CdjSRf7x6XmzQJR0FNvunJLDSAy/S3smG ddG5MlPmNZh7CEycU6bXfXwLQUBwmwz3yJdercybA222E3ljvBmtwC6s44Nv0fmoNFnY gQqgtyZlP6+to4/pWiK1OWN68DNeIlef0tARhlq4bA7ZqwvbkPG4MVRjDf2FeLozit1o ADMHU/0tRMhL9MKSCw8ikiY8qmzEGU5M3LTFzW066uDKTdzVCO3dSQqnm92Mh3qwjY4J Mg== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2130.oracle.com with ESMTP id 2t9brt7msy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 26 Jun 2019 02:35:26 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5Q2XQWv081280; Wed, 26 Jun 2019 02:33:26 GMT Received: from pps.reinject (localhost [127.0.0.1]) by userp3020.oracle.com with ESMTP id 2tat7cjny2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 26 Jun 2019 02:33:26 +0000 Received: from userp3020.oracle.com (userp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5Q2XK5E081200; Wed, 26 Jun 2019 02:33:20 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3020.oracle.com with ESMTP id 2tat7cjnxr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 26 Jun 2019 02:33:20 +0000 Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x5Q2XJ67012227; Wed, 26 Jun 2019 02:33:19 GMT Received: from localhost (/10.159.230.235) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 25 Jun 2019 19:33:18 -0700 Subject: [PATCH 3/5] vfs: flush and wait for io when setting the immutable flag via FSSETXATTR From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, hch@infradead.org, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Date: Tue, 25 Jun 2019 19:33:16 -0700 Message-ID: <156151639615.2283603.2028690322950797383.stgit@magnolia> In-Reply-To: <156151637248.2283603.8458727861336380714.stgit@magnolia> References: <156151637248.2283603.8458727861336380714.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9299 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906260028 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190625_193540_458607_43106869 X-CRM114-Status: GOOD ( 22.33 ) X-Spam-Score: -2.5 (--) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-2.5 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [156.151.31.86 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-efi@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, reiserfs-devel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, devel@lists.orangefs.org Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Darrick J. Wong When we're using FS_IOC_FSSETXATTR to set the immutable flag on a file, we need to ensure that userspace can't continue to write the file after the file becomes immutable. To make that happen, we have to flush all the dirty pagecache pages to disk to ensure that we can fail a page fault on a mmap'd region, wait for pending directio to complete, and hope the caller locked out any new writes by holding the inode lock. XFS has more complex locking than other FSSETXATTR implementations so we have to keep the checking and preparation code in different functions. Signed-off-by: Darrick J. Wong --- fs/btrfs/ioctl.c | 2 + fs/ext4/ioctl.c | 2 + fs/f2fs/file.c | 2 + fs/inode.c | 31 +++++++++++++++++++++++ fs/xfs/xfs_ioctl.c | 71 +++++++++++++++++++++++++++++++++++++++------------- include/linux/fs.h | 3 ++ 6 files changed, 90 insertions(+), 21 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 0f5af7c5f66b..bbd6d908900e 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -423,7 +423,7 @@ static int btrfs_ioctl_fssetxattr(struct file *file, void __user *arg) old_flags = binode->flags; old_i_flags = inode->i_flags; - ret = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + ret = vfs_ioc_fssetxattr_prepare(inode, &old_fa, &fa); if (ret) goto out_unlock; diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 1e88c3af9a8d..146587c3fe8e 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -1109,7 +1109,7 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) inode_lock(inode); ext4_fill_fsxattr(inode, &old_fa); - err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + err = vfs_ioc_fssetxattr_prepare(inode, &old_fa, &fa); if (err) goto out; flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index d6ed319388d6..af0fc040a15c 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2826,7 +2826,7 @@ static int f2fs_ioc_fssetxattr(struct file *filp, unsigned long arg) inode_lock(inode); f2fs_fill_fsxattr(inode, &old_fa); - err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + err = vfs_ioc_fssetxattr_prepare(inode, &old_fa, &fa); if (err) goto out; flags = (fi->i_flags & ~F2FS_FL_XFLAG_VISIBLE) | diff --git a/fs/inode.c b/fs/inode.c index 65a412af3ffb..cf07378e5731 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2293,3 +2293,34 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, return 0; } EXPORT_SYMBOL(vfs_ioc_fssetxattr_check); + +/* + * Generic function to check FS_IOC_FSSETXATTR values and reject any invalid + * configurations. If none are found, flush all pending IO and dirty mappings + * before setting S_IMMUTABLE on an inode. If the flush fails we'll clear the + * flag before returning error. + * + * Note: the caller must hold whatever locks are necessary to block any other + * threads from starting a write to the file. + */ +int vfs_ioc_fssetxattr_prepare(struct inode *inode, + const struct fsxattr *old_fa, + struct fsxattr *fa) +{ + int ret; + + ret = vfs_ioc_fssetxattr_check(inode, old_fa, fa); + if (ret) + return ret; + + if (!S_ISREG(inode->i_mode) || IS_IMMUTABLE(inode) || + !(fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) + return 0; + + inode_set_flags(inode, S_IMMUTABLE, S_IMMUTABLE); + ret = inode_drain_writes(inode); + if (ret) + inode_set_flags(inode, 0, S_IMMUTABLE); + return ret; +} +EXPORT_SYMBOL(vfs_ioc_fssetxattr_prepare); diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 011657bd50ca..723550c8a2e4 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -1058,6 +1058,30 @@ xfs_ioctl_setattr_xflags( return 0; } +/* + * If we're setting immutable on a regular file, we need to prevent new writes. + * Once we've done that, we must wait for all the other writes to complete. + * + * The caller must use @join_flags to release the locks which are held on @ip + * regardless of return value. + */ +static int +xfs_ioctl_setattr_drain_writes( + struct xfs_inode *ip, + const struct fsxattr *fa, + int *join_flags) +{ + struct inode *inode = VFS_I(ip); + + if (!S_ISREG(inode->i_mode) || !(fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) + return 0; + + *join_flags = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; + xfs_ilock(ip, *join_flags); + + return inode_drain_writes(inode); +} + /* * If we are changing DAX flags, we have to ensure the file is clean and any * cached objects in the address space are invalidated and removed. This @@ -1065,6 +1089,9 @@ xfs_ioctl_setattr_xflags( * operation. The locks need to be held until the transaction has been committed * so that the cache invalidation is atomic with respect to the DAX flag * manipulation. + * + * The caller must use @join_flags to release the locks which are held on @ip + * regardless of return value. */ static int xfs_ioctl_setattr_dax_invalidate( @@ -1076,8 +1103,6 @@ xfs_ioctl_setattr_dax_invalidate( struct super_block *sb = inode->i_sb; int error; - *join_flags = 0; - /* * It is only valid to set the DAX flag on regular files and * directories on filesystems where the block size is equal to the page @@ -1103,21 +1128,15 @@ xfs_ioctl_setattr_dax_invalidate( return 0; /* lock, flush and invalidate mapping in preparation for flag change */ - xfs_ilock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); - error = filemap_write_and_wait(inode->i_mapping); - if (error) - goto out_unlock; - error = invalidate_inode_pages2(inode->i_mapping); - if (error) - goto out_unlock; - - *join_flags = XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL; - return 0; - -out_unlock: - xfs_iunlock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); - return error; + if (*join_flags == 0) { + *join_flags = XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL; + xfs_ilock(ip, *join_flags); + error = filemap_write_and_wait(inode->i_mapping); + if (error) + return error; + } + return invalidate_inode_pages2(inode->i_mapping); } /* @@ -1326,6 +1345,12 @@ xfs_ioctl_setattr( return code; } + code = xfs_ioctl_setattr_drain_writes(ip, fa, &join_flags); + if (code) { + xfs_iunlock(ip, join_flags); + goto error_free_dquots; + } + /* * Changing DAX config may require inode locking for mapping * invalidation. These need to be held all the way to transaction commit @@ -1334,8 +1359,10 @@ xfs_ioctl_setattr( * appropriately. */ code = xfs_ioctl_setattr_dax_invalidate(ip, fa, &join_flags); - if (code) + if (code) { + xfs_iunlock(ip, join_flags); goto error_free_dquots; + } tp = xfs_ioctl_setattr_get_trans(ip, join_flags); if (IS_ERR(tp)) { @@ -1485,6 +1512,12 @@ xfs_ioc_setxflags( if (error) return error; + error = xfs_ioctl_setattr_drain_writes(ip, &fa, &join_flags); + if (error) { + xfs_iunlock(ip, join_flags); + goto out_drop_write; + } + /* * Changing DAX config may require inode locking for mapping * invalidation. These need to be held all the way to transaction commit @@ -1493,8 +1526,10 @@ xfs_ioc_setxflags( * appropriately. */ error = xfs_ioctl_setattr_dax_invalidate(ip, &fa, &join_flags); - if (error) + if (error) { + xfs_iunlock(ip, join_flags); goto out_drop_write; + } tp = xfs_ioctl_setattr_get_trans(ip, join_flags); if (IS_ERR(tp)) { diff --git a/include/linux/fs.h b/include/linux/fs.h index 51266c9dbadc..675ce9743bc1 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3560,6 +3560,9 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, struct fsxattr *fa); +int vfs_ioc_fssetxattr_prepare(struct inode *inode, + const struct fsxattr *old_fa, + struct fsxattr *fa); /* * Flush file data before changing attributes. Caller must hold any locks