From: Christoph Hellwig Date: Thu, 8 Feb 2024 23:20:46 +0000 (-0800) Subject: xfs: only remap the written blocks in xfs_reflink_end_cow_extent X-Git-Tag: v6.6.17~97 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=767a94d8161692ad5909435efb9dd0552650c367;p=platform%2Fkernel%2Flinux-starfive.git xfs: only remap the written blocks in xfs_reflink_end_cow_extent commit 55f669f34184ecb25b8353f29c7f6f1ae5b313d1 upstream. xfs_reflink_end_cow_extent looks up the COW extent and the data fork extent at offset_fsb, and then proceeds to remap the common subset between the two. It does however not limit the remapped extent to the passed in [*offset_fsbm end_fsb] range and thus potentially remaps more blocks than the one handled by the current I/O completion. This means that with sufficiently large data and COW extents we could be remapping COW fork mappings that have not been written to, leading to a stale data exposure on a powerfail event. We use to have a xfs_trim_range to make the remap fit the I/O completion range, but that got (apparently accidentally) removed in commit df2fd88f8ac7 ("xfs: rewrite xfs_reflink_end_cow to use intents"). Note that I've only found this by code inspection, and a test case would probably require very specific delay and error injection. Fixes: df2fd88f8ac7 ("xfs: rewrite xfs_reflink_end_cow to use intents") Signed-off-by: Christoph Hellwig Reviewed-by: "Darrick J. Wong" Signed-off-by: Chandan Babu R Signed-off-by: Catherine Hoang Acked-by: Chandan Babu R Signed-off-by: Sasha Levin --- diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c index 658edee..e5b62dc 100644 --- a/fs/xfs/xfs_reflink.c +++ b/fs/xfs/xfs_reflink.c @@ -784,6 +784,7 @@ xfs_reflink_end_cow_extent( } } del = got; + xfs_trim_extent(&del, *offset_fsb, end_fsb - *offset_fsb); /* Grab the corresponding mapping in the data fork. */ nmaps = 1;