evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs
History
Jan Kara 1200efcca9 BACKPORT: ext4: fix data exposure after a crash 
Huang has reported that in his powerfail testing he is seeing stale
block contents in some of recently allocated blocks although he mounts
ext4 in data=ordered mode. After some investigation I have found out
that indeed when delayed allocation is used, we don't add inode to
transaction's list of inodes needing flushing before commit. Originally
we were doing that but commit f3b59291a6 removed the logic with a
flawed argument that it is not needed.

The problem is that although for delayed allocated blocks we write their
contents immediately after allocating them, there is no guarantee that
the IO scheduler or device doesn't reorder things and thus transaction
allocating blocks and attaching them to inode can reach stable storage
before actual block contents. Actually whenever we attach freshly
allocated blocks to inode using a written extent, we should add inode to
transaction's ordered inode list to make sure we properly wait for block
contents to be written before committing the transaction. So that is
what we do in this patch. This also handles other cases where stale data
exposure was possible - like filling hole via mmap in
data=ordered,nodelalloc mode.

The only exception to the above rule are extending direct IO writes where
blkdev_direct_IO() waits for IO to complete before increasing i_size and
thus stale data exposure is not possible. For now we don't complicate
the code with optimizing this special case since the overhead is pretty
low. In case this is observed to be a performance problem we can always
handle it using a special flag to ext4_map_blocks().

CC: stable@vger.kernel.org
Fixes: f3b59291a6
Reported-by: "HUANG Weller (CM/ESW12-CN)" <Weller.Huang@cn.bosch.com>
Tested-by: "HUANG Weller (CM/ESW12-CN)" <Weller.Huang@cn.bosch.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
(cherry picked from commit 06bd3c36a733ac27962fea7d6f47168841376824)
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 62198330

Change-Id: Idc78b64e4f23e6085301c60057af6029b49a8193
2017-06-21 14:17:19 -07:00
..
9p 9p: fix a potential acl leak 2017-05-14 13:32:54 +02:00
adfs
affs affs: fix remount failure when there are no options changed 2016-06-07 18:14:32 -07:00
afs
autofs4 autofs: use dentry flags to block walks during expire 2016-09-30 10:18:37 +02:00
befs
bfs
btrfs btrfs: fix memory leak in update_space_info failure path 2017-06-14 13:16:24 +02:00
cachefiles FS-Cache: Add missing initialization of ret in cachefiles_write_page() 2015-11-16 20:38:43 -05:00
ceph fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
cifs CIFS: add misssing SFM mapping for doublequote 2017-05-20 14:27:01 +02:00
coda fs/coda: fix readlink buffer overflow 2015-09-10 13:29:01 -07:00
configfs configfs: allow dynamic group creation 2015-11-20 16:17:32 -08:00
cramfs
debugfs debugfs: Make automount point inodes permanently empty 2016-05-04 14:48:41 -07:00
devpts devpts: clean up interface to pty drivers 2016-08-16 09:30:49 +02:00
dlm dlm: free workqueues after the connections 2016-10-22 12:26:56 +02:00
ecryptfs ecryptfs: fix handling of directory opening 2016-09-15 08:27:47 +02:00
efivarfs efi: Make efivarfs entries immutable by default 2016-03-03 15:07:09 -08:00
efs
exofs osd fs: __r4w_get_page rely on PageUptodate for uptodate 2015-12-12 10:15:34 -08:00
exportfs
ext2 BACKPORT: [UPSTREAM] ext2: convert to mbcache2 2017-04-18 18:26:03 -07:00
ext4 BACKPORT: ext4: fix data exposure after a crash 2017-06-21 14:17:19 -07:00
f2fs BACKPORT: f2fs: sanity check size of nat and sit cache 2017-06-02 13:58:20 -07:00
fat fat: fix using uninitialized fields of fat_inode/fsinfo_inode 2017-03-15 09:57:15 +08:00
freevxfs freevxfs: Grammar s/an negative/a negative/ 2015-08-07 13:59:24 +02:00
fscache FS-Cache: Handle a write to the page immediately beyond the EOF marker 2015-11-11 02:11:02 -05:00
fuse fuse: add missing FR_FORCE 2017-03-12 08:20:05 +00:00
gfs2 gfs2: avoid uninitialized variable warning 2017-04-30 05:49:28 +02:00
hfs hfs: fix B-tree corruption after insertion at position 0 2015-09-10 13:29:01 -07:00
hfsplus BACKPORT: posix_acl: Clear SGID bit when setting file permissions 2017-02-07 15:21:07 +00:00
hostfs hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common() 2016-09-30 10:18:39 +02:00
hpfs hpfs: implement the show_options method 2016-06-01 12:15:54 -07:00
hugetlbfs fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() 2016-02-25 12:01:22 -08:00
isofs isofs: Do not return EACCES for unknown filesystems 2016-10-28 03:01:34 -04:00
jbd2 jbd2: don't leak modified metadata buffers on an aborted journal 2017-03-12 06:37:26 +01:00
jffs2 BACKPORT: posix_acl: Clear SGID bit when setting file permissions 2017-02-07 15:21:07 +00:00
jfs fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
kernfs kernfs: don't depend on d_find_any_alias() when generating notifications 2016-09-24 10:07:36 +02:00
lockd Mainly smaller bugfixes and cleanup. We're still finding some bugs from 2015-11-11 20:11:28 -08:00
logfs mm, fs: introduce mapping_gfp_constraint() 2015-11-06 17:50:42 -08:00
minix
ncpfs ncpfs: fix a braino in OOM handling in ncp_fill_cache() 2016-03-16 08:42:59 -07:00
nfs NFSv4: Don't perform cached access checks before we've OPENed the file 2017-06-14 13:16:26 +02:00
nfs_common lockd: NLM grace period shouldn't block NFSv4 opens 2015-08-13 10:22:06 -04:00
nfsd fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
nilfs2 fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
nls
notify Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
ntfs mm, fs: introduce mapping_gfp_constraint() 2015-11-06 17:50:42 -08:00
ocfs2 fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
omfs
openpromfs
overlayfs ovl: fsync after copy-up 2016-11-10 16:36:34 +01:00
proc This is the 4.4.70 stable release 2017-05-25 17:31:28 +02:00
pstore This is the 4.4.28 stable release 2016-10-28 10:44:19 -07:00
qnx4
qnx6
quota quota: Fix possible GPF due to uninitialised pointers 2016-04-12 09:08:56 -07:00
ramfs mm, fs: obey gfp_mapping for add_to_page_cache() 2015-10-16 11:42:28 -07:00
reiserfs fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
romfs
sdcardfs ANDROID: sdcardfs: remove dead function open_flags_to_access_mode() 2017-06-20 13:39:39 -07:00
squashfs Squashfs: optimize reading uncompressed data 2017-02-09 04:04:18 +00:00
sysfs sysfs: be careful of error returns from ops->show() 2017-04-12 12:38:33 +02:00
sysv fix sysvfs symlinks 2015-11-23 21:11:08 -05:00
tracefs tracefs: Fix refcount imbalance in start_creating() 2015-11-04 22:13:45 -05:00
ubifs ubifs: Fix journal replay wrt. xattr nodes 2017-01-26 08:23:48 +01:00
udf fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
ufs ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path 2017-06-14 13:16:24 +02:00
xfs Make __xfs_xattr_put_listen preperly report errors. 2017-06-14 13:16:27 +02:00
aio.c aio: mark AIO pseudo-fs noexec 2016-10-07 15:23:47 +02:00
anon_inodes.c
attr.c ANDROID: vfs: user permission2 in notify_change2 2017-03-14 15:54:59 -07:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c FROMLIST: mm: ASLR: use get_random_long() 2016-03-16 16:50:34 -07:00
binfmt_elf_fdpic.c libnvdimm for 4.4: 2015-11-10 12:07:22 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c fs/block_dev: always invalidate cleancache in invalidate_bdev() 2017-05-20 14:27:01 +02:00
buffer.c fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
char_dev.c fs/char_dev.c: fix incorrect documentation for unregister_chrdev_region 2015-08-05 13:49:35 -07:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c i2c-dev: Fix typo in ioctl name reference 2015-10-23 23:26:43 +02:00
coredump.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
dax.c dax: disable pmd mappings 2015-11-16 23:54:45 -08:00
dcache.c This is the 4.4.45 stable release 2017-01-26 13:42:20 -08:00
dcookies.c
direct-io.c fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
drop_caches.c inode: convert inode_sb_list_lock to per-sb 2015-08-17 18:39:46 -04:00
eventfd.c
eventpoll.c BACKPORT: timer: convert timer_slack_ns from unsigned long to u64 2016-07-01 18:12:06 -07:00
exec.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
fcntl.c
fhandle.c fs/coredump: prevent fsuid=0 dumps into user-controlled directories 2016-04-12 09:08:58 -07:00
file.c vfs: clear remainder of 'full_fds_bits' in dup_fd() 2015-11-05 23:05:32 -08:00
file_table.c fs, file table: reinit files_stat.max_files after deferred memory initialisation 2015-08-07 04:39:40 +03:00
filesystems.c
fs-writeback.c This is the 4.4.16 stable release 2016-08-01 15:57:55 -07:00
fs_pin.c
fs_struct.c ANDROID: fs: Export free_fs_struct and set_fs_pwd 2017-01-30 17:59:59 -08:00
inode.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
internal.h ANDROID: vfs: Allow filesystems to access their private mount data 2017-01-26 15:53:30 -08:00
ioctl.c
Kconfig Included sdcardfs source code for kernel 3.0 2016-03-22 20:27:13 -07:00
Kconfig.binfmt
libfs.c fs: Set the size of empty dirs to 0. 2015-08-12 15:28:45 -05:00
locks.c locks: use file_inode() 2016-08-10 11:49:27 +02:00
Makefile BACKPORT: [UPSTREAM] mbcache2: reimplement mbcache 2017-04-18 18:24:00 -07:00
mbcache.c
mbcache2.c BACKPORT: [UPSTREAM] mbcache2: reimplement mbcache 2017-04-18 18:24:00 -07:00
mount.h mnt: Add a per mount namespace limit on the number of mounts 2017-04-30 05:49:28 +02:00
mpage.c This is the 4.4.72 stable release 2017-06-14 16:33:25 +02:00
namei.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
namespace.c This is the 4.4.65 stable release 2017-04-30 07:30:52 +02:00
no-block.c
nsfs.c fs/seq_file: convert int seq_vprint/seq_printf/etc... returns to void 2015-09-11 15:21:34 -07:00
open.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
pipe.c pipe: limit the per-user amount of pages allocated in pipes 2016-06-07 18:14:35 -07:00
pnode.c ANDROID: mnt: Fix next_descendent 2017-05-29 19:11:06 -07:00
pnode.h This is the 4.4.65 stable release 2017-04-30 07:30:52 +02:00
posix_acl.c BACKPORT: posix_acl: Clear SGID bit when setting file permissions 2017-02-07 15:21:07 +00:00
proc_namespace.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
read_write.c
readdir.c
select.c BACKPORT: timer: convert timer_slack_ns from unsigned long to u64 2016-07-01 18:12:06 -07:00
seq_file.c fs/seq_file: fix out-of-bounds read 2016-09-07 08:32:43 +02:00
signalfd.c signalfd: fix information leak in signalfd_copyinfo 2015-08-07 04:39:40 +03:00
splice.c vfs: fix uninitialized flags in splice_to_pipe() 2017-02-23 17:43:09 +01:00
stack.c
stat.c ufs: restore maintaining ->i_blocks 2017-06-14 13:16:24 +02:00
statfs.c
super.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
sync.c ANDROID: sched: add a counter to track fsync 2017-03-14 13:07:19 -07:00
timerfd.c timerfd: Protect the might cancel mechanism proper 2017-05-08 07:46:01 +02:00
userfaultfd.c This is the 4.4.16 stable release 2016-08-01 15:57:55 -07:00
utimes.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
xattr.c fs/xattr.c: zero out memory copied to userspace in getxattr 2017-05-20 14:27:01 +02:00