From nobody Wed Apr 8 04:28:48 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30EDDC32772 for ; Tue, 23 Aug 2022 16:39:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245213AbiHWQi7 (ORCPT ); Tue, 23 Aug 2022 12:38:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243647AbiHWQiE (ORCPT ); Tue, 23 Aug 2022 12:38:04 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DC434D4C1 for ; Tue, 23 Aug 2022 06:07:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661260054; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E9ORJYSZYbAzoak3DB6oNeDOw/eyq14PJdfI25alqlE=; b=KWSsaJ/s3Lrf7ngaldRC4imEeXyPnOAK8jRpSn1WUUozJoN402/PYdxLjSPz73MTRfScqr Q07fVhJFCOzC1nvAqsdvADtCYLbM7fC0xVmbtOsi5ZqFHv290L+k8+jbllsausCuAoShM5 TM4s/zW0zUKE0Lvom0NClzNVUCdtALs= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-187-hJ7USIJtNyOnShiPXKs8ZQ-1; Tue, 23 Aug 2022 09:07:30 -0400 X-MC-Unique: hJ7USIJtNyOnShiPXKs8ZQ-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B22FA3826A48; Tue, 23 Aug 2022 13:07:29 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.72]) by smtp.corp.redhat.com (Postfix) with ESMTP id 92154492D1A; Tue, 23 Aug 2022 13:07:28 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 1/5] smb3: Move the flush out of smb2_copychunk_range() into its callers From: David Howells To: sfrench@samba.org, linux-cifs@vger.kernel.org Cc: lsahlber@redhat.com, jlayton@kernel.org, dchinner@redhat.com, willy@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samba-technical@lists.samba.org Date: Tue, 23 Aug 2022 14:07:28 +0100 Message-ID: <166126004796.548536.8555773200873112505.stgit@warthog.procyon.org.uk> In-Reply-To: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> References: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.4 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Move the flush out of smb2_copychunk_range() into its callers. This will allow the pagecache to be invalidated between the flush and the operation in smb3_collapse_range() and smb3_insert_range(). Signed-off-by: David Howells cc: Steve French cc: Ronnie Sahlberg --- fs/cifs/cifsfs.c | 2 ++ fs/cifs/smb2ops.c | 20 ++++++++------------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index f54d8bf2732a..e9fb338b8e7e 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -1219,6 +1219,8 @@ ssize_t cifs_file_copychunk_range(unsigned int xid, =20 cifs_dbg(FYI, "copychunk range\n"); =20 + filemap_write_and_wait(src_inode->i_mapping); + if (!src_file->private_data || !dst_file->private_data) { rc =3D -EBADF; cifs_dbg(VFS, "missing cifsFileInfo on copy range src file\n"); diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 96f3b0573606..7e3de6a0e1dc 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -1600,17 +1600,8 @@ smb2_copychunk_range(const unsigned int xid, int chunks_copied =3D 0; bool chunk_sizes_updated =3D false; ssize_t bytes_written, total_bytes_written =3D 0; - struct inode *inode; =20 pcchunk =3D kmalloc(sizeof(struct copychunk_ioctl), GFP_KERNEL); - - /* - * We need to flush all unwritten data before we can send the - * copychunk ioctl to the server. - */ - inode =3D d_inode(trgtfile->dentry); - filemap_write_and_wait(inode->i_mapping); - if (pcchunk =3D=3D NULL) return -ENOMEM; =20 @@ -3689,6 +3680,8 @@ static long smb3_collapse_range(struct file *file, st= ruct cifs_tcon *tcon, goto out; } =20 + filemap_write_and_wait(inode->i_mapping); + rc =3D smb2_copychunk_range(xid, cfile, cfile, off + len, i_size_read(inode) - off - len, off); if (rc < 0) @@ -3716,18 +3709,21 @@ static long smb3_insert_range(struct file *file, st= ruct cifs_tcon *tcon, int rc; unsigned int xid; struct cifsFileInfo *cfile =3D file->private_data; + struct inode *inode =3D file_inode(file); __le64 eof; __u64 count; =20 xid =3D get_xid(); =20 - if (off >=3D i_size_read(file->f_inode)) { + if (off >=3D i_size_read(inode)) { rc =3D -EINVAL; goto out; } =20 - count =3D i_size_read(file->f_inode) - off; - eof =3D cpu_to_le64(i_size_read(file->f_inode) + len); + count =3D i_size_read(inode) - off; + eof =3D cpu_to_le64(i_size_read(inode) + len); + + filemap_write_and_wait(inode->i_mapping); =20 rc =3D SMB2_set_eof(xid, tcon, cfile->fid.persistent_fid, cfile->fid.volatile_fid, cfile->pid, &eof); From nobody Wed Apr 8 04:28:48 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6263C32772 for ; Tue, 23 Aug 2022 16:39:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245239AbiHWQjY (ORCPT ); Tue, 23 Aug 2022 12:39:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56256 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245160AbiHWQi1 (ORCPT ); Tue, 23 Aug 2022 12:38:27 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2062557897 for ; Tue, 23 Aug 2022 06:07:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661260063; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9xAYAAOCpEEEwELWePUFnuDfySASzSuNbOm12cspl+0=; b=brZbXO8HDkNL26mH4N6+CZRX7er+gGOUAn3M8zv+Tz4S80EOmjQHP6ZGt+JvGinIEJJDgY L6VvJSbO6xU0vBAzJh6Hv8hrxju7EbOzeEoKpIT1vUBzR/59TBzQKPVZ50Y6NNSjSy5twY D8q/88Yly+WuaAHb414DmDpALwZrkEQ= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-434-chscAqNLNMC1MwvnguUTyg-1; Tue, 23 Aug 2022 09:07:37 -0400 X-MC-Unique: chscAqNLNMC1MwvnguUTyg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AB11029AB449; Tue, 23 Aug 2022 13:07:36 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.72]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7003118EA8; Tue, 23 Aug 2022 13:07:35 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 2/5] smb3: missing inode locks in zero range From: David Howells To: sfrench@samba.org, linux-cifs@vger.kernel.org Cc: lsahlber@redhat.com, jlayton@kernel.org, dchinner@redhat.com, willy@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samba-technical@lists.samba.org Date: Tue, 23 Aug 2022 14:07:34 +0100 Message-ID: <166126005487.548536.8031989219056277959.stgit@warthog.procyon.org.uk> In-Reply-To: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> References: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.4 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org smb3 fallocate zero range was not grabbing the inode or filemap_invalidate locks so could have race with pagemap reinstantiating the page. Cc: stable@vger.kernel.org Signed-off-by: David Howells Signed-off-by: Steve French --- fs/cifs/smb2ops.c | 55 +++++++++++++++++++++++++++++--------------------= ---- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 7e3de6a0e1dc..1c5a93ced946 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3298,26 +3298,43 @@ get_smb2_acl(struct cifs_sb_info *cifs_sb, return pntsd; } =20 +static long smb3_zero_data(struct file *file, struct cifs_tcon *tcon, + loff_t offset, loff_t len, unsigned int xid) +{ + struct cifsFileInfo *cfile =3D file->private_data; + struct file_zero_data_information fsctl_buf; + + cifs_dbg(FYI, "Offset %lld len %lld\n", offset, len); + + fsctl_buf.FileOffset =3D cpu_to_le64(offset); + fsctl_buf.BeyondFinalZero =3D cpu_to_le64(offset + len); + + return SMB2_ioctl(xid, tcon, cfile->fid.persistent_fid, + cfile->fid.volatile_fid, FSCTL_SET_ZERO_DATA, + (char *)&fsctl_buf, + sizeof(struct file_zero_data_information), + 0, NULL, NULL); +} + static long smb3_zero_range(struct file *file, struct cifs_tcon *tcon, loff_t offset, loff_t len, bool keep_size) { struct cifs_ses *ses =3D tcon->ses; - struct inode *inode; - struct cifsInodeInfo *cifsi; + struct inode *inode =3D file_inode(file); + struct cifsInodeInfo *cifsi =3D CIFS_I(inode); struct cifsFileInfo *cfile =3D file->private_data; - struct file_zero_data_information fsctl_buf; long rc; unsigned int xid; __le64 eof; =20 xid =3D get_xid(); =20 - inode =3D d_inode(cfile->dentry); - cifsi =3D CIFS_I(inode); - trace_smb3_zero_enter(xid, cfile->fid.persistent_fid, tcon->tid, ses->Suid, offset, len); =20 + inode_lock(inode); + filemap_invalidate_lock(inode->i_mapping); + /* * We zero the range through ioctl, so we need remove the page caches * first, otherwise the data may be inconsistent with the server. @@ -3325,26 +3342,12 @@ static long smb3_zero_range(struct file *file, stru= ct cifs_tcon *tcon, truncate_pagecache_range(inode, offset, offset + len - 1); =20 /* if file not oplocked can't be sure whether asking to extend size */ - if (!CIFS_CACHE_READ(cifsi)) - if (keep_size =3D=3D false) { - rc =3D -EOPNOTSUPP; - trace_smb3_zero_err(xid, cfile->fid.persistent_fid, - tcon->tid, ses->Suid, offset, len, rc); - free_xid(xid); - return rc; - } - - cifs_dbg(FYI, "Offset %lld len %lld\n", offset, len); - - fsctl_buf.FileOffset =3D cpu_to_le64(offset); - fsctl_buf.BeyondFinalZero =3D cpu_to_le64(offset + len); + rc =3D -EOPNOTSUPP; + if (keep_size =3D=3D false && !CIFS_CACHE_READ(cifsi)) + goto zero_range_exit; =20 - rc =3D SMB2_ioctl(xid, tcon, cfile->fid.persistent_fid, - cfile->fid.volatile_fid, FSCTL_SET_ZERO_DATA, - (char *)&fsctl_buf, - sizeof(struct file_zero_data_information), - 0, NULL, NULL); - if (rc) + rc =3D smb3_zero_data(file, tcon, offset, len, xid); + if (rc < 0) goto zero_range_exit; =20 /* @@ -3357,6 +3360,8 @@ static long smb3_zero_range(struct file *file, struct= cifs_tcon *tcon, } =20 zero_range_exit: + filemap_invalidate_unlock(inode->i_mapping); + inode_unlock(inode); free_xid(xid); if (rc) trace_smb3_zero_err(xid, cfile->fid.persistent_fid, tcon->tid, From nobody Wed Apr 8 04:28:48 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46802C32789 for ; Tue, 23 Aug 2022 16:39:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245283AbiHWQjp (ORCPT ); Tue, 23 Aug 2022 12:39:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244834AbiHWQjM (ORCPT ); Tue, 23 Aug 2022 12:39:12 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7579E606A7 for ; Tue, 23 Aug 2022 06:07:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661260070; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YAOIxblxocTtO3BL0vdfFElttBlZxbKdOb+H6jWEd7M=; b=fNgdcccuRlVz9pfgy7SxPPjNWf573WoXc/Kygaf5nFUC5eWjL6ig0VMFcOmiU3G5jMs9b2 T9C3rPFaOGpLpfvdFx05yMYGuyXdMs64/wWVhyNFuxTgkA5g8Lkt2cg2V5qzPYJ1TbpxsD 8Bax1hUhIuRvBqy5tUcpPi3bDBEMIRI= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-464-lxsTvF6MOa6DNJO6C88fTQ-1; Tue, 23 Aug 2022 09:07:47 -0400 X-MC-Unique: lxsTvF6MOa6DNJO6C88fTQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8CDD43C0CD5A; Tue, 23 Aug 2022 13:07:43 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.72]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6817F40CFD0A; Tue, 23 Aug 2022 13:07:42 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 3/5] smb3: fix temporary data corruption in collapse range From: David Howells To: sfrench@samba.org, linux-cifs@vger.kernel.org Cc: lsahlber@redhat.com, jlayton@kernel.org, dchinner@redhat.com, willy@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samba-technical@lists.samba.org Date: Tue, 23 Aug 2022 14:07:41 +0100 Message-ID: <166126006184.548536.12909933168251738646.stgit@warthog.procyon.org.uk> In-Reply-To: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> References: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.4 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Steve French collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest generic/031 I also decided to merge a minor cleanup to this into the same patch (avoiding rereading inode size repeatedly unnecessarily) to make it clearer. Cc: stable@vger.kernel.org Fixes: 5476b5dd82c8b ("cifs: add support for FALLOC_FL_COLLAPSE_RANGE") Reported-by: David Howells Tested-by: David Howells Reviewed-by: David Howells Signed-off-by: Steve French cc: Ronnie Sahlberg --- fs/cifs/smb2ops.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 1c5a93ced946..75fcf6a0df56 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3669,41 +3669,47 @@ static long smb3_collapse_range(struct file *file, = struct cifs_tcon *tcon, { int rc; unsigned int xid; - struct inode *inode; + struct inode *inode =3D file_inode(file); struct cifsFileInfo *cfile =3D file->private_data; - struct cifsInodeInfo *cifsi; + struct cifsInodeInfo *cifsi =3D CIFS_I(inode); __le64 eof; + loff_t old_eof; =20 xid =3D get_xid(); =20 - inode =3D d_inode(cfile->dentry); - cifsi =3D CIFS_I(inode); + inode_lock(inode); =20 - if (off >=3D i_size_read(inode) || - off + len >=3D i_size_read(inode)) { + old_eof =3D i_size_read(inode); + if ((off >=3D old_eof) || + off + len >=3D old_eof) { rc =3D -EINVAL; goto out; } =20 + filemap_invalidate_lock(inode->i_mapping); filemap_write_and_wait(inode->i_mapping); + truncate_pagecache_range(inode, off, old_eof); =20 rc =3D smb2_copychunk_range(xid, cfile, cfile, off + len, - i_size_read(inode) - off - len, off); + old_eof - off - len, off); if (rc < 0) - goto out; + goto out_2; =20 - eof =3D cpu_to_le64(i_size_read(inode) - len); + eof =3D cpu_to_le64(old_eof - len); rc =3D SMB2_set_eof(xid, tcon, cfile->fid.persistent_fid, cfile->fid.volatile_fid, cfile->pid, &eof); if (rc < 0) - goto out; + goto out_2; =20 rc =3D 0; =20 cifsi->server_eof =3D i_size_read(inode) - len; truncate_setsize(inode, cifsi->server_eof); fscache_resize_cookie(cifs_inode_cookie(inode), cifsi->server_eof); +out_2: + filemap_invalidate_unlock(inode->i_mapping); out: + inode_unlock(inode); free_xid(xid); return rc; } From nobody Wed Apr 8 04:28:48 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5326C32772 for ; Tue, 23 Aug 2022 16:41:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245303AbiHWQl0 (ORCPT ); Tue, 23 Aug 2022 12:41:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245232AbiHWQjW (ORCPT ); Tue, 23 Aug 2022 12:39:22 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0169169F54 for ; Tue, 23 Aug 2022 06:07:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661260076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=41srhtC1DtBCiKuNUZse2LJ9UWvjGkyUijYd/UmDvl8=; b=WTAQrnXaCC/zjR5pGjvqPRjFWxooxVOsYtGwGSoEbnGk0QJwxT8wj1oCle+zF2zhz+tfN7 xRy9HSz/ZZM9g5oVkij/2EPJgk0WJGGxfZuCUwFU10YhDx+I3xKGWnxl2aWJVrGMTu+b4q zwjbLUzi+vanjN9FxaxyCiI+vqzMXmI= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-483-Qpmpwwt-O9i9IEC4IzE4_A-1; Tue, 23 Aug 2022 09:07:51 -0400 X-MC-Unique: Qpmpwwt-O9i9IEC4IzE4_A-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 71E7B3C0CD5D; Tue, 23 Aug 2022 13:07:50 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.72]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4FEE940CFD0A; Tue, 23 Aug 2022 13:07:49 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 4/5] smb3: missing inode locks in punch hole From: David Howells To: sfrench@samba.org, linux-cifs@vger.kernel.org Cc: lsahlber@redhat.com, jlayton@kernel.org, dchinner@redhat.com, willy@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samba-technical@lists.samba.org Date: Tue, 23 Aug 2022 14:07:48 +0100 Message-ID: <166126006871.548536.9826412629988468617.stgit@warthog.procyon.org.uk> In-Reply-To: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> References: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.4 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org smb3 fallocate punch hole was not grabbing the inode or filemap_invalidate locks so could have race with pagemap reinstantiating the page. Cc: stable@vger.kernel.org Signed-off-by: David Howells Signed-off-by: Steve French --- fs/cifs/smb2ops.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 75fcf6a0df56..5b5ddc1b4638 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3375,7 +3375,7 @@ static long smb3_zero_range(struct file *file, struct= cifs_tcon *tcon, static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon, loff_t offset, loff_t len) { - struct inode *inode; + struct inode *inode =3D file_inode(file); struct cifsFileInfo *cfile =3D file->private_data; struct file_zero_data_information fsctl_buf; long rc; @@ -3384,14 +3384,12 @@ static long smb3_punch_hole(struct file *file, stru= ct cifs_tcon *tcon, =20 xid =3D get_xid(); =20 - inode =3D d_inode(cfile->dentry); - + inode_lock(inode); /* Need to make file sparse, if not already, before freeing range. */ /* Consider adding equivalent for compressed since it could also work */ if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse)) { rc =3D -EOPNOTSUPP; - free_xid(xid); - return rc; + goto out; } =20 filemap_invalidate_lock(inode->i_mapping); @@ -3411,8 +3409,10 @@ static long smb3_punch_hole(struct file *file, struc= t cifs_tcon *tcon, (char *)&fsctl_buf, sizeof(struct file_zero_data_information), CIFSMaxBufSize, NULL, NULL); - free_xid(xid); filemap_invalidate_unlock(inode->i_mapping); +out: + inode_unlock(inode); + free_xid(xid); return rc; } From nobody Wed Apr 8 04:28:48 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB0FCC32772 for ; Tue, 23 Aug 2022 16:40:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244961AbiHWQkG (ORCPT ); Tue, 23 Aug 2022 12:40:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245160AbiHWQjZ (ORCPT ); Tue, 23 Aug 2022 12:39:25 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A402E59269 for ; Tue, 23 Aug 2022 06:08:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661260080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=d3i5wVY9ochj5YmCQFYqh+DQ+Bg9CInRp2iKPoE27ps=; b=VPoMqsMxfFZH2WDU4/U9OxTsrMcokgByCj0CvRzKaVlTcQgu5Mxg6XB/pX/LDJefmn4XNH aD3SkBVm7DHdOmf6iOT52Ioe9WkZ0eGqr0shzhcnAA8NJtXocM25CQVXhnf/oXyYgVqZD5 n50vX/tgF7WsgK7BqeHKI7U8RrHKG6g= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-98--U2nptawM7S0xhEt02RCBA-1; Tue, 23 Aug 2022 09:07:57 -0400 X-MC-Unique: -U2nptawM7S0xhEt02RCBA-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4D1433806650; Tue, 23 Aug 2022 13:07:57 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.72]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2CB52492C3B; Tue, 23 Aug 2022 13:07:56 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 5/5] smb3: fix temporary data corruption in insert range From: David Howells To: sfrench@samba.org, linux-cifs@vger.kernel.org Cc: lsahlber@redhat.com, jlayton@kernel.org, dchinner@redhat.com, willy@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, samba-technical@lists.samba.org Date: Tue, 23 Aug 2022 14:07:55 +0100 Message-ID: <166126007561.548536.12315282792952269215.stgit@warthog.procyon.org.uk> In-Reply-To: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> References: <166126004083.548536.11195647088995116235.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.4 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org insert range doesn't discard the affected cached region so can risk temporarily corrupting file data. Also includes some minor cleanup (avoiding rereading inode size repeatedly unnecessarily) to make it clearer. Cc: stable@vger.kernel.org Fixes: 7fe6fe95b9360 ("cifs: FALLOC_FL_INSERT_RANGE support") Signed-off-by: David Howells Signed-off-by: Steve French cc: Ronnie Sahlberg --- fs/cifs/smb2ops.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 5b5ddc1b4638..00c8d6a715c7 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3722,35 +3722,43 @@ static long smb3_insert_range(struct file *file, st= ruct cifs_tcon *tcon, struct cifsFileInfo *cfile =3D file->private_data; struct inode *inode =3D file_inode(file); __le64 eof; - __u64 count; + __u64 count, old_eof; + + inode_lock(inode); =20 xid =3D get_xid(); =20 - if (off >=3D i_size_read(inode)) { + old_eof =3D i_size_read(inode); + if (off >=3D old_eof) { rc =3D -EINVAL; goto out; } =20 - count =3D i_size_read(inode) - off; - eof =3D cpu_to_le64(i_size_read(inode) + len); + count =3D old_eof - off; + eof =3D cpu_to_le64(old_eof + len); =20 + filemap_invalidate_lock(inode->i_mapping); filemap_write_and_wait(inode->i_mapping); + truncate_pagecache_range(inode, off, old_eof); =20 rc =3D SMB2_set_eof(xid, tcon, cfile->fid.persistent_fid, cfile->fid.volatile_fid, cfile->pid, &eof); if (rc < 0) - goto out; + goto out_2; =20 rc =3D smb2_copychunk_range(xid, cfile, cfile, off, count, off + len); if (rc < 0) - goto out; + goto out_2; =20 - rc =3D smb3_zero_range(file, tcon, off, len, 1); + rc =3D smb3_zero_data(file, tcon, off, len, xid); if (rc < 0) - goto out; + goto out_2; =20 rc =3D 0; +out_2: + filemap_invalidate_unlock(inode->i_mapping); out: + inode_unlock(inode); free_xid(xid); return rc; }