releases/3.10.85/ext4-correctly-migrate-a-file-with-a-hole-at-the-beginning.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 8974fec7d72e3e02752fe0f27b4c3719c78d9a15 Mon Sep 17 00:00:00 2001
 From: Eryu Guan <guaneryu@gmail.com>
 Date: Sat, 4 Jul 2015 00:03:44 -0400
 Subject: ext4: correctly migrate a file with a hole at the beginning

 From: Eryu Guan <guaneryu@gmail.com>

 commit 8974fec7d72e3e02752fe0f27b4c3719c78d9a15 upstream.

 Currently ext4_ind_migrate() doesn't correctly handle a file which
 contains a hole at the beginning of the file.  This caused the migration
 to be done incorrectly, and then if there is a subsequent following
 delayed allocation write to the "hole", this would reclaim the same data
 blocks again and results in fs corruption.

   # assmuing 4k block size ext4, with delalloc enabled
   # skip the first block and write to the second block
   xfs_io -fc "pwrite 4k 4k" -c "fsync" /mnt/ext4/testfile

   # converting to indirect-mapped file, which would move the data blocks
   # to the beginning of the file, but extent status cache still marks
   # that region as a hole
   chattr -e /mnt/ext4/testfile

   # delayed allocation writes to the "hole", reclaim the same data block
   # again, results in i_blocks corruption
   xfs_io -c "pwrite 0 4k" /mnt/ext4/testfile
   umount /mnt/ext4
   e2fsck -nf /dev/sda6
   ...
   Inode 53, i_blocks is 16, should be 8.  Fix? no
   ...

 Signed-off-by: Eryu Guan <guaneryu@gmail.com>
 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  fs/ext4/migrate.c |    9 +++++----
  1 file changed, 5 insertions(+), 4 deletions(-)

 --- a/fs/ext4/migrate.c
 +++ b/fs/ext4/migrate.c
 @@ -616,7 +616,7 @@ int ext4_ind_migrate(struct inode *inode
  	struct ext4_inode_info		*ei = EXT4_I(inode);
  	struct ext4_extent		*ex;
  	unsigned int			i, len;
 -	ext4_lblk_t			end;
 +	ext4_lblk_t			start, end;
  	ext4_fsblk_t			blk;
  	handle_t			*handle;
  	int				ret;
 @@ -655,11 +655,12 @@ int ext4_ind_migrate(struct inode *inode
  		goto errout;
  	}
  	if (eh->eh_entries == 0)
 -		blk = len = 0;
 +		blk = len = start = end = 0;
  	else {
  		len = le16_to_cpu(ex->ee_len);
  		blk = ext4_ext_pblock(ex);
 -		end = le32_to_cpu(ex->ee_block) + len - 1;
 +		start = le32_to_cpu(ex->ee_block);
 +		end = start + len - 1;
  		if (end >= EXT4_NDIR_BLOCKS) {
  			ret = -EOPNOTSUPP;
  			goto errout;
 @@ -668,7 +669,7 @@ int ext4_ind_migrate(struct inode *inode

  	ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);
  	memset(ei->i_data, 0, sizeof(ei->i_data));
 -	for (i=0; i < len; i++)
 +	for (i = start; i <= end; i++)
  		ei->i_data[i] = cpu_to_le32(blk++);
  	ext4_mark_inode_dirty(handle, inode);
  errout:
	From 8974fec7d72e3e02752fe0f27b4c3719c78d9a15 Mon Sep 17 00:00:00 2001
	From: Eryu Guan <guaneryu@gmail.com>
	Date: Sat, 4 Jul 2015 00:03:44 -0400
	Subject: ext4: correctly migrate a file with a hole at the beginning

	From: Eryu Guan <guaneryu@gmail.com>

	commit 8974fec7d72e3e02752fe0f27b4c3719c78d9a15 upstream.

	Currently ext4_ind_migrate() doesn't correctly handle a file which
	contains a hole at the beginning of the file. This caused the migration
	to be done incorrectly, and then if there is a subsequent following
	delayed allocation write to the "hole", this would reclaim the same data
	blocks again and results in fs corruption.

	# assmuing 4k block size ext4, with delalloc enabled
	# skip the first block and write to the second block
	xfs_io -fc "pwrite 4k 4k" -c "fsync" /mnt/ext4/testfile

	# converting to indirect-mapped file, which would move the data blocks
	# to the beginning of the file, but extent status cache still marks
	# that region as a hole
	chattr -e /mnt/ext4/testfile

	# delayed allocation writes to the "hole", reclaim the same data block
	# again, results in i_blocks corruption
	xfs_io -c "pwrite 0 4k" /mnt/ext4/testfile
	umount /mnt/ext4
	e2fsck -nf /dev/sda6
	...
	Inode 53, i_blocks is 16, should be 8. Fix? no
	...

	Signed-off-by: Eryu Guan <guaneryu@gmail.com>
	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	fs/ext4/migrate.c \| 9 +++++----
	1 file changed, 5 insertions(+), 4 deletions(-)

	--- a/fs/ext4/migrate.c
	+++ b/fs/ext4/migrate.c
	@@ -616,7 +616,7 @@ int ext4_ind_migrate(struct inode *inode
	struct ext4_inode_info *ei = EXT4_I(inode);
	struct ext4_extent *ex;
	unsigned int i, len;
	- ext4_lblk_t end;
	+ ext4_lblk_t start, end;
	ext4_fsblk_t blk;
	handle_t *handle;
	int ret;
	@@ -655,11 +655,12 @@ int ext4_ind_migrate(struct inode *inode
	goto errout;
	}
	if (eh->eh_entries == 0)
	- blk = len = 0;
	+ blk = len = start = end = 0;
	else {
	len = le16_to_cpu(ex->ee_len);
	blk = ext4_ext_pblock(ex);
	- end = le32_to_cpu(ex->ee_block) + len - 1;
	+ start = le32_to_cpu(ex->ee_block);
	+ end = start + len - 1;
	if (end >= EXT4_NDIR_BLOCKS) {
	ret = -EOPNOTSUPP;
	goto errout;
	@@ -668,7 +669,7 @@ int ext4_ind_migrate(struct inode *inode

	ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);
	memset(ei->i_data, 0, sizeof(ei->i_data));
	- for (i=0; i < len; i++)
	+ for (i = start; i <= end; i++)
	ei->i_data[i] = cpu_to_le32(blk++);
	ext4_mark_inode_dirty(handle, inode);
	errout: