ext4: prevent data corruption with journaling + DAX
authorRoss Zwisler <ross.zwisler@linux.intel.com>
Thu, 12 Oct 2017 15:54:08 +0000 (11:54 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Thu, 12 Oct 2017 15:54:08 +0000 (11:54 -0400)
The current code has the potential for data corruption when changing an
inode's journaling mode, as that can result in a subsequent unsafe change
in S_DAX.

I've captured an instance of this data corruption in the following fstest:

https://patchwork.kernel.org/patch/9948377/

Prevent this data corruption from happening by disallowing changes to the
journaling mode if the '-o dax' mount option was used.  This means that for
a given filesystem we could have a mix of inodes using either DAX or
data journaling, but whatever state the inodes are in will be held for the
duration of the mount.

Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@vger.kernel.org
fs/ext4/inode.c
fs/ext4/ioctl.c

index edfe95f..350e091 100644 (file)
@@ -6004,11 +6004,6 @@ int ext4_change_inode_journal_flag(struct inode *inode, int val)
                ext4_clear_inode_flag(inode, EXT4_INODE_JOURNAL_DATA);
        }
        ext4_set_aops(inode);
-       /*
-        * Update inode->i_flags after EXT4_INODE_JOURNAL_DATA was updated.
-        * E.g. S_DAX may get cleared / set.
-        */
-       ext4_set_inode_flags(inode);
 
        jbd2_journal_unlock_updates(journal);
        percpu_up_write(&sbi->s_journal_flag_rwsem);
index afb66d4..b0b754b 100644 (file)
@@ -290,10 +290,20 @@ flags_err:
        if (err)
                goto flags_out;
 
-       if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
+       if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
+               /*
+                * Changes to the journaling mode can cause unsafe changes to
+                * S_DAX if we are using the DAX mount option.
+                */
+               if (test_opt(inode->i_sb, DAX)) {
+                       err = -EBUSY;
+                       goto flags_out;
+               }
+
                err = ext4_change_inode_journal_flag(inode, jflag);
-       if (err)
-               goto flags_out;
+               if (err)
+                       goto flags_out;
+       }
        if (migrate) {
                if (flags & EXT4_EXTENTS_FL)
                        err = ext4_ext_migrate(inode);