From patchwork Mon Mar 13 00:47:08 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 737947
Return-Path: <linux-ext4-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3vhK3Q56Xlz9s7F
	for <patchwork-incoming@ozlabs.org>;
	Mon, 13 Mar 2017 11:48:02 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="J7dONTcu"; dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752079AbdCMAr5 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 12 Mar 2017 20:47:57 -0400
Received: from mail-pf0-f193.google.com ([209.85.192.193]:32984 "EHLO
	mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751138AbdCMAr4 (ORCPT
	<rfc822; linux-ext4@vger.kernel.org>); Sun, 12 Mar 2017 20:47:56 -0400
Received: by mail-pf0-f193.google.com with SMTP id v190so17256909pfb.0;
	Sun, 12 Mar 2017 17:47:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=Wx4Con7/+lhBaa5V1KzpGZUs4ojoqh/XDDHqU9MEb/M=;
	b=J7dONTcuIbjX9cUGcFLF3rBJpxqxyx5S7rNXjQT2+iljgUbA9mPxR8ketdL7ez85+3
	zyvmmeisv1benR7sLO4nDTsrxjjGB7FIGdcNEod+rPA1kFAB59JKItWGMbsezPMf0fMJ
	gKV/LPDuJxae5wmK3bf9ee1DMvFRCEAm44W+GPPHJUjV3LQEHP22oGmw6AW9DirMWrXS
	yD7txaeMd5VxubxioGbkw+1ZN/zhA4BlM8P8BoCcQ3P2pkEgAFU3AHIgwfAFLHJC+bS+
	MN7vSPgwJQabR7Ps5BAWp29DYKaKfbxDpsR7waT6EfDB5WOCaqNB6wSEPrXrwNKMTV1+
	5r8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=Wx4Con7/+lhBaa5V1KzpGZUs4ojoqh/XDDHqU9MEb/M=;
	b=M+U6hI1kueaQQiFjXtZNROkXQ19XAdy33Y7RGLx3hFni3Fk8iHogCxVNYb5FHC/Odn
	qO9gdKp9Ksj1Lc6nMQPuKQjOmTDwd9EzzSTw26GlsOcB5DOp3zni3D3WQqwYIDbhp++d
	718ynBadEn4vng7DOuS+uS4lXNX+kJhTyjCCrECleg4hZud6y1043VXpCmg4KbHR71U1
	wTFjSBRM0BHFH4xWFhoGp28mppnKbddql/U1zF3B3Ykosd7JArORnik62jCyvah/8WZd
	a7/iY2LGOIsILwC4xpis1p5biNNAGQvEs1TBCvsMBIh/bD52Ha0gVrE2QS/VW0yukcFw
	0+8g==
X-Gm-Message-State: 
 AMke39nqKXV2D3xKSk5p+1x7cumFHqHAF0km6BdAV7Utpv4cfnUwkitEGOdmqwiBA78lxg==
X-Received: by 10.99.178.9 with SMTP id x9mr32971561pge.48.1489366074833;
	Sun, 12 Mar 2017 17:47:54 -0700 (PDT)
Received: from zzz.hsd1.wa.comcast.net
	(c-73-239-167-150.hsd1.wa.comcast.net. [73.239.167.150])
	by smtp.gmail.com with ESMTPSA id
	c11sm30088607pfe.68.2017.03.12.17.47.53
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 12 Mar 2017 17:47:54 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-ext4@vger.kernel.org
Cc: Theodore Ts'o <tytso@mit.edu>, Andreas Dilger <adilger.kernel@dilger.ca>,
	Nick Alcock <nick.alcock@oracle.com>,
	Eric Biggers <ebiggers@google.com>, stable@vger.kernel.org
Subject: [PATCH] ext4: evict inline data when writing to memory map
Date: Sun, 12 Mar 2017 17:47:08 -0700
Message-Id: <20170313004708.29838-1-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.12.0
Sender: linux-ext4-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

From: Eric Biggers <ebiggers@google.com>

Currently the case of writing via mmap to a file with inline data is not
handled.  This is maybe a rare case since it requires a writable memory
map of a very small file, but it is trivial to trigger with on
inline_data filesystem, and it causes the
'BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA));' in
ext4_writepages() to be hit:

    mkfs.ext4 -O inline_data /dev/vdb
    mount /dev/vdb /mnt
    xfs_io -f /mnt/file \
	-c 'pwrite 0 1' \
	-c 'mmap -w 0 1m' \
	-c 'mwrite 0 1' \
	-c 'fsync'

	kernel BUG at fs/ext4/inode.c:2723!
	invalid opcode: 0000 [#1] SMP
	CPU: 1 PID: 2532 Comm: xfs_io Not tainted 4.11.0-rc1-xfstests-00301-g071d9acf3d1f #633
	Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
	task: ffff88003d3a8040 task.stack: ffffc90000300000
	RIP: 0010:ext4_writepages+0xc89/0xf8a
	RSP: 0018:ffffc90000303ca0 EFLAGS: 00010283
	RAX: 0000028410000000 RBX: ffff8800383fa3b0 RCX: ffffffff812afcdc
	RDX: 00000a9d00000246 RSI: ffffffff81e660e0 RDI: 0000000000000246
	RBP: ffffc90000303dc0 R08: 0000000000000002 R09: 869618e8f99b4fa5
	R10: 00000000852287a2 R11: 00000000a03b49f4 R12: ffff88003808e698
	R13: 0000000000000000 R14: 7fffffffffffffff R15: 7fffffffffffffff
	FS:  00007fd3e53094c0(0000) GS:ffff88003e400000(0000) knlGS:0000000000000000
	CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	CR2: 00007fd3e4c51000 CR3: 000000003d554000 CR4: 00000000003406e0
	Call Trace:
	 ? _raw_spin_unlock+0x27/0x2a
	 ? kvm_clock_read+0x1e/0x20
	 do_writepages+0x23/0x2c
	 ? do_writepages+0x23/0x2c
	 __filemap_fdatawrite_range+0x80/0x87
	 filemap_write_and_wait_range+0x67/0x8c
	 ext4_sync_file+0x20e/0x472
	 vfs_fsync_range+0x8e/0x9f
	 ? syscall_trace_enter+0x25b/0x2d0
	 vfs_fsync+0x1c/0x1e
	 do_fsync+0x31/0x4a
	 SyS_fsync+0x10/0x14
	 do_syscall_64+0x69/0x131
	 entry_SYSCALL64_slow_path+0x25/0x25

We could try to be smart and keep the inline data in this case, or at
least support delayed allocation when allocating the block, but these
solutions would be more complicated and don't seem worthwhile given how
rare this case seems to be.  So just fix the bug by calling
ext4_convert_inline_data() when we're asked to make a page writable, so
that any inline data gets evicted, with the block allocated immediately.

Reported-by: Nick Alcock <nick.alcock@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
---
 fs/ext4/inode.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 7385e6a6b6cb..0fc3e25ef531 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5839,6 +5839,11 @@ int ext4_page_mkwrite(struct vm_fault *vmf)
 	file_update_time(vma->vm_file);
 
 	down_read(&EXT4_I(inode)->i_mmap_sem);
+
+	ret = ext4_convert_inline_data(inode);
+	if (ret)
+		goto out_ret;
+
 	/* Delalloc case is easy... */
 	if (test_opt(inode->i_sb, DELALLOC) &&
 	    !ext4_should_journal_data(inode) &&