From patchwork Tue Dec 12 09:36:34 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Baokun Li <libaokun1@huawei.com>
X-Patchwork-Id: 13488816
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 16A5EC4167B
	for <linux-mm@archiver.kernel.org>; Tue, 12 Dec 2023 09:33:15 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 968D16B02A4; Tue, 12 Dec 2023 04:33:14 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 93F726B02A5; Tue, 12 Dec 2023 04:33:14 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 807D76B02A6; Tue, 12 Dec 2023 04:33:14 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com
 [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 6C98E6B02A4
	for <linux-mm@kvack.org>; Tue, 12 Dec 2023 04:33:14 -0500 (EST)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 3A07B80818
	for <linux-mm@kvack.org>; Tue, 12 Dec 2023 09:33:14 +0000 (UTC)
X-FDA: 81557652708.22.0A6239F
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190])
	by imf10.hostedemail.com (Postfix) with ESMTP id 8C41AC0014
	for <linux-mm@kvack.org>; Tue, 12 Dec 2023 09:33:11 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=none;
	spf=pass (imf10.hostedemail.com: domain of libaokun1@huawei.com designates
 45.249.212.190 as permitted sender) smtp.mailfrom=libaokun1@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1702373592;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references; bh=0tNwWofSi6NEJ+s+I+mDvuG5nFLvPkDLQ755EToKnsY=;
	b=fTGQCD7oJt+kMDPQ8ncdRJV9nxceDFcbzJVOzmp/GwZ/exij2W1d0ioozEXhzUlz3wBBp6
	I1vxWYu+1gGe7aRZ9ILlAydDMu7pF+7WJXPOILz3kvMbyI4BRhHQzVmg+myaJDOH5Ch3Qf
	Wrmwl2OTKVnzS4yfyNZbGIrehjpMp9Q=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702373592; a=rsa-sha256;
	cv=none;
	b=zrm55CfdGryk9QIOo2IAgFMg97haDBgarW580M393gcwaGORnnyY2cfxr1Nltd1ZC2cXXB
	ZDSWG7vKSXwnyJrqdUZHdOCDNXBLvNCnUzBohj3XAXGM2xxrzr1zDA1EzTJU4GSuJti2hi
	ULRHxvRIAsw+anZdiZfdx2ypVjFtwGs=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=none;
	spf=pass (imf10.hostedemail.com: domain of libaokun1@huawei.com designates
 45.249.212.190 as permitted sender) smtp.mailfrom=libaokun1@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
Received: from mail.maildlp.com (unknown [172.19.162.112])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4SqD1T0SBpz1wnf7;
	Tue, 12 Dec 2023 17:33:01 +0800 (CST)
Received: from dggpeml500021.china.huawei.com (unknown [7.185.36.21])
	by mail.maildlp.com (Postfix) with ESMTPS id 03A0E1406C8;
	Tue, 12 Dec 2023 17:33:07 +0800 (CST)
Received: from huawei.com (10.175.127.227) by dggpeml500021.china.huawei.com
 (7.185.36.21) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 12 Dec
 2023 17:33:06 +0800
From: Baokun Li <libaokun1@huawei.com>
To: <linux-mm@kvack.org>, <linux-ext4@vger.kernel.org>
CC: <tytso@mit.edu>, <adilger.kernel@dilger.ca>, <jack@suse.cz>,
	<willy@infradead.org>, <akpm@linux-foundation.org>, <david@fromorbit.com>,
	<hch@infradead.org>, <ritesh.list@gmail.com>, <linux-kernel@vger.kernel.org>,
	<yi.zhang@huawei.com>, <yangerkun@huawei.com>, <yukuai3@huawei.com>,
	<libaokun1@huawei.com>, <stable@kernel.org>
Subject: [RFC PATCH] mm/filemap: avoid buffered read/write race to read
 inconsistent data
Date: Tue, 12 Dec 2023 17:36:34 +0800
Message-ID: <20231212093634.2464108-1-libaokun1@huawei.com>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
X-Originating-IP: [10.175.127.227]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 dggpeml500021.china.huawei.com (7.185.36.21)
X-Rspamd-Queue-Id: 8C41AC0014
X-Rspam-User: 
X-Stat-Signature: 8uk4mympserrspm3b78dzobfykhz8wwz
X-Rspamd-Server: rspam03
X-HE-Tag: 1702373591-536913
X-HE-Meta: 
 U2FsdGVkX1/SuIZyKHMBjrEizGeaLAx31+oZ6kJ5FpPfNQ/wFCdRxRfHxKpCGbj2lYun2afXtTkozrN9/zzanAPuFErSxdbcVZ732O5rBTv1oU9RH8LpmWcvS2X3MwFqmHq6xnzCwRYeZ07t1hxavE0+dpBBqLGLgrwAvatEzq0ntVOyFRZLga3vfLz+/rBTAPFh4mNjd9PfAy9xRrDOt8snxO3T0vZgpKZYjPx6fTpMets6Y4s9nOHypoAvexbTBMtDeu7r7LboFjp2Sa/cybTix5LXkxaBzd0an5mBw5DCg8VgAfQ1LO5tID2z/2CGfkuCefz+ymlpuwvWWIe7gK3U4WTn+qnwzXjM5qQldvgxvkSBqTp2X7Dw465IVDZKoYMzpRCRLy4V3i4ll1qhhY5nJs/jSDfCPoE6Fe7yKWSCb/kWm1mnQYTKeKbqGZxXhO31BOApYzSQxAb+F9+84XYgd0wYm9LqhoL2o1DQeyZXIJBbaf+tdTGB3G4AUFb+F3s+6zfVC/OWOfeR5FzoTj9xuiF6cR3udRVzaSeJhNYSpfylx3fcJR5ZtkBTuKNabdqDluX+l/1BqmU8Qiucgp0vDVfLNzMwQ5ZItFLzehdafm9KQ4e+WjOM5jZYpSM6Vwk9m2x9m38Wyz3WHVGA9ASid9t9M/p+tqvC2yUFTuK1TI3RR0+EyGwiX3cMRLv8d7cvwK/xqq9aIO3ybUzWXtMpP4/ZfCwLS5y+PZn6zC6kELHFCShX5t+sMzxfvD8b0Io+dLfVnQHLNCiQWs4JINGAZhrEJdPV5EBXj2KHrUAmmJ3EhD+GlpMhcSslHw2qPsBeWDSm0Bw5Fij8DCO2HaNJ2duTs7xZriaYf4FLSSKpXusytnkcu7RwufdnH2EHSskmBceG+RxbMZUlmNXuM9Ke6jYeFkAHgQfNFR9OKWvBEoGvp38f0KRp+NVrVnBeqmXZ/oUMpLZLEOFFdnY
 CUNXaz8+
 y/oXlXjRthfn1gKTGacDAW84T+ZXlm2Ouoaz+6t4pTHQj3ju/G7HWWIpE+I7ytdND8q9JlfZRkkyTW3p2XgcFKJOuHlaHSypVvNIXQyaAMcNmBxOzBCtMtjJWPr7QY4EDb5I6WhJBllRMAt9uJ4GjWZOf+tHJr1j5VcZl9qMm98Iec8YIdK65qVff+h1Y4WLgfiqikvjp4LdUJ3KfDMpb2BTDoIPqMP5loVU08S27vCRqA90/vY5nsbb48avT2Dmv2cczhLkG459fql2IdzFtQoqGkQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

The following concurrency may cause the data read to be inconsistent with
the data on disk:

             cpu1                           cpu2
------------------------------|------------------------------
                               // Buffered write 2048 from 0
                               ext4_buffered_write_iter
                                generic_perform_write
                                 copy_page_from_iter_atomic
                                 ext4_da_write_end
                                  ext4_da_do_write_end
                                   block_write_end
                                    __block_commit_write
                                     folio_mark_uptodate
// Buffered read 4096 from 0          smp_wmb()
ext4_file_read_iter                   set_bit(PG_uptodate, folio_flags)
 generic_file_read_iter            i_size_write // 2048
  filemap_read                     unlock_page(page)
   filemap_get_pages
    filemap_get_read_batch
    folio_test_uptodate(folio)
     ret = test_bit(PG_uptodate, folio_flags)
     if (ret)
      smp_rmb();
      // Ensure that the data in page 0-2048 is up-to-date.

                               // New buffered write 2048 from 2048
                               ext4_buffered_write_iter
                                generic_perform_write
                                 copy_page_from_iter_atomic
                                 ext4_da_write_end
                                  ext4_da_do_write_end
                                   block_write_end
                                    __block_commit_write
                                     folio_mark_uptodate
                                      smp_wmb()
                                      set_bit(PG_uptodate, folio_flags)
                                   i_size_write // 4096
                                   unlock_page(page)

   isize = i_size_read(inode) // 4096
   // Read the latest isize 4096, but without smp_rmb(), there may be
   // Load-Load disorder resulting in the data in the 2048-4096 range
   // in the page is not up-to-date.
   copy_page_to_iter
   // copyout 4096

In the concurrency above, we read the updated i_size, but there is no read
barrier to ensure that the data in the page is the same as the i_size at
this point, so we may copy the unsynchronized page out. Hence adding the
missing read memory barrier to fix this.

This is a Load-Load reordering issue, which only occurs on some weak
mem-ordering architectures (e.g. ARM64, ALPHA), but not on strong
mem-ordering architectures (e.g. X86). And theoretically the problem
doesn't only happen on ext4, filesystems that call filemap_read() but
don't hold inode lock (e.g. btrfs, f2fs, ubifs ...) will have this
problem, while filesystems with inode lock (e.g. xfs, nfs) won't have
this problem.

Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
---
 mm/filemap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mm/filemap.c b/mm/filemap.c
index 71f00539ac00..6324e2ac3e74 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2607,6 +2607,9 @@ ssize_t filemap_read(struct kiocb *iocb, struct iov_iter *iter,
 			goto put_folios;
 		end_offset = min_t(loff_t, isize, iocb->ki_pos + iter->count);
 
+		/* Ensure that the page cache within isize is updated. */
+		smp_rmb();
+
 		/*
 		 * Once we start copying data, we don't want to be touching any
 		 * cachelines that might be contended: