From patchwork Wed Apr 13 07:31:59 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Artem Bityutskiy X-Patchwork-Id: 90964 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [18.85.46.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id D182EB6F54 for ; Wed, 13 Apr 2011 17:37:21 +1000 (EST) Received: from canuck.infradead.org ([2001:4978:20e::1]) by bombadil.infradead.org with esmtps (Exim 4.72 #1 (Red Hat Linux)) id 1Q9ubI-00050W-AP; Wed, 13 Apr 2011 07:34:56 +0000 Received: from localhost ([127.0.0.1] helo=canuck.infradead.org) by canuck.infradead.org with esmtp (Exim 4.72 #1 (Red Hat Linux)) id 1Q9ubG-0008Ny-My; Wed, 13 Apr 2011 07:34:54 +0000 Received: from mail-ww0-f49.google.com ([74.125.82.49]) by canuck.infradead.org with esmtps (Exim 4.72 #1 (Red Hat Linux)) id 1Q9ubD-0008Ne-0P for linux-mtd@lists.infradead.org; Wed, 13 Apr 2011 07:34:52 +0000 Received: by wwb39 with SMTP id 39so279648wwb.18 for ; Wed, 13 Apr 2011 00:34:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:from:reply-to:to:cc:in-reply-to :references:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; bh=kkb05F4SYj68Ngd514C0wSMeeVaMrN7CsmNNTX38v38=; b=LMfjlMVi/OJX4a3d6yuL5ZMyfNIxz7juFYa2dKvWdXSmLvYUi/4lMzGSjRliiLbC5W Orz4uS/OppyHl4NAed8dYc/z8D/vLYqULVOfffcI3Ud6FN1AgC2UmBGMeANFqmSiGc+U GMimDEX1Dezum58C76JX9CNltQY0B+xdCQ9nY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:reply-to:to:cc:in-reply-to:references:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; b=i0Q4VcEjgqwBc8s5SxgrP6g3LZw4lQz3V3U2x0a8xK59+mBG6l3i/gCavrxCX9ZEsf GO/9FIBASydSCcQhgLYubKwmeYkiWDDgyasKRvBMAVAepS8E1tyTaVW4E2uTcW5/Lrj+ 9ZaPBHPnU/27glAmSyc6bSgg9fypA0kr/rJBQ= Received: by 10.216.69.131 with SMTP id n3mr11479wed.47.1302680089636; Wed, 13 Apr 2011 00:34:49 -0700 (PDT) Received: from ?IPv6:::1? (shutemov.name [188.40.19.243]) by mx.google.com with ESMTPS id k76sm102768wej.19.2011.04.13.00.34.47 (version=SSLv3 cipher=OTHER); Wed, 13 Apr 2011 00:34:48 -0700 (PDT) Subject: Re: Oops when calling fsync on read-only file-system From: Artem Bityutskiy To: Reuben Dowle In-Reply-To: <70F6AAAFDC054F41B9994A9BCD3DF64E1284E165@exch01-aklnz.MARINE.NET.INT> References: <70F6AAAFDC054F41B9994A9BCD3DF64E1284E165@exch01-aklnz.MARINE.NET.INT> Date: Wed, 13 Apr 2011 10:31:59 +0300 Message-ID: <1302679919.2768.9.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 (2.32.2-1.fc14) X-CRM114-Version: 20090807-BlameThorstenAndJenny ( TRE 0.7.6 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20110413_033451_374643_ECD6AFB3 X-CRM114-Status: GOOD ( 26.16 ) X-Spam-Score: 1.4 (+) X-Spam-Report: SpamAssassin version 3.3.1 on canuck.infradead.org summary: Content analysis details: (1.4 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [74.125.82.49 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is freemail (dedekind1[at]gmail.com) 2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (dedekind1[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: linux-mtd@lists.infradead.org X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: dedekind1@gmail.com List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Hi, thanks a lot for reporting this! On Tue, 2011-04-12 at 13:32 +1200, Reuben Dowle wrote: > On my system, calling the fsync system call on any file in a UBI > file-system that is mounted read-only leads to a kernel oops. Our > system is running a customise version of 2.6.31, but as far as I can > see (without testing which is not possible due to extensive vendor > customisation of .31 kernel version), the current git branch also > contains this bug. > > I have created a patch against 2.6.31 that fixes the problem in my > system. Perhaps someone could test on latest kernel version. > > Signed-off-by: Reuben Dowle Wow! Shame on me for this bug! And it is funny that it is there for several years already and there are product with this bug! Here is the fix which I will merge upstream soon: From: Artem Bityutskiy Subject: [PATCH] UBIFS: fix oops when R/O file-system is fsync'ed This patch fixes severe UBIFS bug: UBIFS oopses when we 'fsync()' an file on R/O-mounter file-system. We (the UBIFS authors) incorrectly thought that VFS would not propagate 'fsync()' down to the file-system if it is read-only, but this is not the case. It is easy to exploit this bug using the following simple perl script: use strict; use File::Sync qw(fsync sync); die "File path is not specified" if not defined $ARGV[0]; my $path = $ARGV[0]; open FILE, "<", "$path" or die "Cannot open $path: $!"; fsync(\*FILE) or die "cannot fsync $path: $!"; close FILE or die "Cannot close $path: $!"; Thanks to Reuben Dowle for reporting about this issue. Signed-off-by: Artem Bityutskiy Reported-by: Reuben Dowle Cc: stable@kernel.org --- fs/ubifs/file.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index a2b5012..3594aae 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1312,6 +1312,9 @@ int ubifs_fsync(struct file *file, int datasync) dbg_gen("syncing inode %lu", inode->i_ino); + if (inode->i_sb->s_flags & MS_RDONLY) + return 0; + /* * VFS has already synchronized dirty pages for this inode. Synchronize * the inode unless this is a 'datasync()' call.