From patchwork Sat Aug 20 00:06:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 12949401 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9EA2DC28D13 for ; Sat, 20 Aug 2022 00:07:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244575AbiHTAHD (ORCPT ); Fri, 19 Aug 2022 20:07:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244803AbiHTAGu (ORCPT ); Fri, 19 Aug 2022 20:06:50 -0400 Received: from mail-vk1-xa2e.google.com (mail-vk1-xa2e.google.com [IPv6:2607:f8b0:4864:20::a2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8159810A760 for ; Fri, 19 Aug 2022 17:06:32 -0700 (PDT) Received: by mail-vk1-xa2e.google.com with SMTP id bi51so2977134vkb.5 for ; Fri, 19 Aug 2022 17:06:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc; bh=5DH/Br20uh0S0uM7a97XFHs3DEWj4p/xGq9YXiL8J/w=; b=Hq6c5TPGergSrPfdWctKxf9ri6268GT7w1WFXJPAjd0phB5HZahS7Xwjy+KmwrKluG Sx0GvaPC+obgrevOfk62g1fItkIn8+HqiDu4aeKLr4ZD8GnHuYwMr131zXAVyeemHeWs 5iVorihRImCaL6/HUVk/SR179zbePssHg9CYcMLpLSvDQ7erm/CyWpJC+9XC42+nkz6T +WwmYfwhRTDNPM7EC1EqwJB9SQ1iS2Yjs5KJj5cuzUJ/jucdfh2zGfehdwa5SNFgi+At 9v8q9Oo/jp2Sj4wqAXH9C8N9G3SNuIKoATcJnvoQ3q/tfkOL3CchrJHEkHAJa7A7pEcN 94qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc; bh=5DH/Br20uh0S0uM7a97XFHs3DEWj4p/xGq9YXiL8J/w=; b=Yvx10JlpgFEy9qVi5TMhDl4sVclxd8zRmEbqMJhnmC1/8ZDUzgqH7Gv4U7AOCX6OkP tYlDh3omIgdmyLdgN4hm2vVTYsZrhPTBYXXwXFC05xTFwuzCmQcCgUPmNhJwEnnu/FkW CoVRCyzhVU/t7dJcAicNYjcgpTDSLpxO3xCrrpB1c62E6rOxKkUXZYKOzgqB8nmWX2gE rGJPSsHS5uFYfRb63yzx/3vLn738CKYuZBWYKq0LkSS8LhZSQIGz6kbXFIkLWMVC/wB2 ISjTiKU2sbWYepJizsVdPqxC4U56u2OjZ8sdhbSKlHOjoICJK9J94WeEKVu5b/y+oI3Y 2T3A== X-Gm-Message-State: ACgBeo2ZnpeZhqg3I9v/iCUuXDcy8H4QhaFwKSzONw2qv7HlKViMSd6j bN5FXhKi2uE/Aws4DqY0va45ZabeObVpqwoWvozkAoAYSh7C2A== X-Google-Smtp-Source: AA6agR4CZfYkayjHfI5c2xoi1NInue7drQBosTIiLsdCS16Uz9bExEEgtkr2j3Hb3wOOKN1irPHM03Ma99C3mSsnaGw= X-Received: by 2002:a1f:5c42:0:b0:382:3eac:56f7 with SMTP id q63-20020a1f5c42000000b003823eac56f7mr4024297vkb.24.1660953991304; Fri, 19 Aug 2022 17:06:31 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Fri, 19 Aug 2022 19:06:20 -0500 Message-ID: Subject: [PATCH][SMB3] fix temporary data corruption in collapse range To: CIFS Cc: David Howells , ronnie sahlberg Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest generic/031 I also decided to merge a minor cleanup to this into the same patch (avoiding rereading inode size repeatedly unnecessarily) to make it clearer. Cc: stable@vger.kernel.org Fixes: 5476b5dd82c8b ("cifs: add support for FALLOC_FL_COLLAPSE_RANGE") Reported-by: David Howells Tested-by: David Howells Reviewed-by: David Howells Signed-off-by: Steve French See attached: From bce7aeed5e9263097209cf7cfb0c7ce1a2afcce1 Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 19 Aug 2022 18:57:05 -0500 Subject: [PATCH] smb3: fix collapse range temporary data corruption collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest generic/031 Cc: stable@vger.kernel.org Fixes: 5476b5dd82c8b ("cifs: add support for FALLOC_FL_COLLAPSE_RANGE") Reported-by: David Howells Tested-by: David Howells Reviewed-by: David Howells Signed-off-by: Steve French --- fs/cifs/smb2ops.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 96f3b0573606..cd9fa984538a 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3677,24 +3677,25 @@ static long smb3_collapse_range(struct file *file, struct cifs_tcon *tcon, struct cifsFileInfo *cfile = file->private_data; struct cifsInodeInfo *cifsi; __le64 eof; + loff_t old_eof; xid = get_xid(); inode = d_inode(cfile->dentry); cifsi = CIFS_I(inode); - - if (off >= i_size_read(inode) || - off + len >= i_size_read(inode)) { + old_eof = i_size_read(inode); + if ((off >= old_eof) || + off + len >= old_eof) { rc = -EINVAL; goto out; } rc = smb2_copychunk_range(xid, cfile, cfile, off + len, - i_size_read(inode) - off - len, off); + old_eof - off - len, off); if (rc < 0) goto out; - eof = cpu_to_le64(i_size_read(inode) - len); + eof = cpu_to_le64(old_eof - len); rc = SMB2_set_eof(xid, tcon, cfile->fid.persistent_fid, cfile->fid.volatile_fid, cfile->pid, &eof); if (rc < 0) @@ -3702,6 +3703,7 @@ static long smb3_collapse_range(struct file *file, struct cifs_tcon *tcon, rc = 0; + truncate_pagecache_range(inode, off, old_eof); cifsi->server_eof = i_size_read(inode) - len; truncate_setsize(inode, cifsi->server_eof); fscache_resize_cookie(cifs_inode_cookie(inode), cifsi->server_eof); -- 2.34.1