• D
    xfs: fix inode size update overflow in xfs_map_direct() · 3e12dbbd
    Dave Chinner 提交于
    Both direct IO and DAX pass an offset and count into get_blocks that
    will overflow a s64 variable when an IO goes into the last supported
    block in a file (i.e. at offset 2^63 - 1FSB bytes). This can be seen
    from the tracing:
    
    xfs_get_blocks_alloc: [...] offset 0x7ffffffffffff000 count 4096
    xfs_gbmap_direct:     [...] offset 0x7ffffffffffff000 count 4096
    xfs_gbmap_direct_none:[...] offset 0x7ffffffffffff000 count 4096
    
    0x7ffffffffffff000 + 4096 = 0x8000000000000000, and hence that
    overflows the s64 offset and we fail to detect the need for a
    filesize update and an ioend is not allocated.
    
    This is *mostly* avoided for direct IO because such extending IOs
    occur with full block allocation, and so the "IS_UNWRITTEN()" check
    still evaluates as true and we get an ioend that way. However, doing
    single sector extending IOs to this last block will expose the fact
    that file size updates will not occur after the first allocating
    direct IO as the overflow will then be exposed.
    
    There is one further complexity: the DAX page fault path also
    exposes the same issue in block allocation. However, page faults
    cannot extend the file size, so in this case we want to allocate the
    block but do not want to allocate an ioend to enable file size
    update at IO completion. Hence we now need to distinguish between
    the direct IO patch allocation and dax fault path allocation to
    avoid leaking ioend structures.
    Signed-off-by: NDave Chinner <dchinner@redhat.com>
    Reviewed-by: NBrian Foster <bfoster@redhat.com>
    Signed-off-by: NDave Chinner <david@fromorbit.com>
    3e12dbbd
xfs_aops.h 2.4 KB