android_kernel_google_msm/fs/btrfs
Filipe David Borba Manana dba79490e5 Btrfs: fix data corruption when reading/updating compressed extents
commit a2aa75e18a upstream.

When using a mix of compressed file extents and prealloc extents, it
is possible to fill a page of a file with random, garbage data from
some unrelated previous use of the page, instead of a sequence of zeroes.

A simple sequence of steps to get into such case, taken from the test
case I made for xfstests, is:

   _scratch_mkfs
   _scratch_mount "-o compress-force=lzo"
   $XFS_IO_PROG -f -c "pwrite -S 0x06 -b 18670 266978 18670" $SCRATCH_MNT/foobar
   $XFS_IO_PROG -c "falloc 26450 665194" $SCRATCH_MNT/foobar
   $XFS_IO_PROG -c "truncate 542872" $SCRATCH_MNT/foobar
   $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foobar

This results in the following file items in the fs tree:

   item 4 key (257 INODE_ITEM 0) itemoff 15879 itemsize 160
       inode generation 6 transid 6 size 542872 block group 0 mode 100600
   item 5 key (257 INODE_REF 256) itemoff 15863 itemsize 16
       inode ref index 2 namelen 6 name: foobar
   item 6 key (257 EXTENT_DATA 0) itemoff 15810 itemsize 53
       extent data disk byte 0 nr 0 gen 6
       extent data offset 0 nr 24576 ram 266240
       extent compression 0
   item 7 key (257 EXTENT_DATA 24576) itemoff 15757 itemsize 53
       prealloc data disk byte 12849152 nr 241664 gen 6
       prealloc data offset 0 nr 241664
   item 8 key (257 EXTENT_DATA 266240) itemoff 15704 itemsize 53
       extent data disk byte 12845056 nr 4096 gen 6
       extent data offset 0 nr 20480 ram 20480
       extent compression 2
   item 9 key (257 EXTENT_DATA 286720) itemoff 15651 itemsize 53
       prealloc data disk byte 13090816 nr 405504 gen 6
       prealloc data offset 0 nr 258048

The on disk extent at offset 266240 (which corresponds to 1 single disk block),
contains 5 compressed chunks of file data. Each of the first 4 compress 4096
bytes of file data, while the last one only compresses 3024 bytes of file data.
Therefore a read into the file region [285648 ; 286720[ (length = 4096 - 3024 =
1072 bytes) should always return zeroes (our next extent is a prealloc one).

The solution here is the compression code path to zero the remaining (untouched)
bytes of the last page it uncompressed data into, as the information about how
much space the file data consumes in the last page is not known in the upper layer
fs/btrfs/extent_io.c:__do_readpage(). In __do_readpage we were correctly zeroing
the remainder of the page but only if it corresponds to the last page of the inode
and if the inode's size is not a multiple of the page size.

This would cause not only returning random data on reads, but also permanently
storing random data when updating parts of the region that should be zeroed.
For the example above, it means updating a single byte in the region [285648 ; 286720[
would store that byte correctly but also store random data on disk.

A test case for xfstests follows soon.

Signed-off-by: Filipe David Borba Manana <fdmanana@gmail.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-03-23 21:37:08 -07:00
..
acl.c
async-thread.c Btrfs: call the ordered free operation without any locks held 2012-08-09 08:31:37 -07:00
async-thread.h
backref.c
backref.h
btrfs_inode.h
check-integrity.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-03-20 21:12:50 -07:00
check-integrity.h Btrfs: add optional integrity check code 2011-12-21 19:14:09 +01:00
compat.h
compression.c Btrfs: fix data corruption when reading/updating compressed extents 2014-03-23 21:37:08 -07:00
compression.h
ctree.c Btrfs: avoid sleeping in verify_parent_transid while atomic 2012-05-06 07:23:47 -04:00
ctree.h Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2012-04-28 09:30:07 -07:00
delayed-inode.c
delayed-inode.h
delayed-ref.c
delayed-ref.h
dir-item.c
disk-io.c Btrfs: avoid sleeping in verify_parent_transid while atomic 2012-05-06 07:23:47 -04:00
disk-io.h Btrfs: avoid sleeping in verify_parent_transid while atomic 2012-05-06 07:23:47 -04:00
export.c
export.h
extent-tree.c Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot() 2014-02-06 11:05:48 -08:00
extent_io.c Btrfs: fix race between mmap writes and compression 2013-04-05 10:04:34 -07:00
extent_io.h Btrfs: fix race between mmap writes and compression 2013-04-05 10:04:34 -07:00
extent_map.c
extent_map.h
file-item.c
file.c Btrfs: reduce lock contention during extent insertion 2012-04-27 14:51:05 -04:00
free-space-cache.c
free-space-cache.h
hash.h
inode-item.c
inode-map.c
inode-map.h
inode.c Btrfs: fix race between mmap writes and compression 2013-04-05 10:04:34 -07:00
ioctl.c btrfs: don't stop searching after encountering the wrong item 2013-05-24 11:14:22 -07:00
ioctl.h btrfs: Fix mismatching struct members in ioctl.h 2012-05-04 15:16:06 -04:00
Kconfig
locking.c
locking.h
lzo.c
Makefile
ordered-data.c
ordered-data.h
orphan.c
print-tree.c
print-tree.h
reada.c
relocation.c Btrfs: change how we queue blocks for backref checking 2013-10-13 15:42:50 -07:00
root-tree.c
scrub.c Btrfs: don't drop path when printing out tree errors in scrub 2013-04-05 10:04:34 -07:00
struct-funcs.c
super.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2012-04-28 09:30:07 -07:00
sysfs.c
transaction.c
transaction.h
tree-defrag.c
tree-log.c Btrfs: make sure nbytes are right after log replay 2013-04-25 21:19:56 -07:00
tree-log.h btrfs: return void in functions without error conditions 2012-03-22 01:45:34 +01:00
ulist.c
ulist.h
version.h
volumes.c btrfs: use rcu_barrier() to wait for bdev puts at unmount 2013-03-20 13:05:00 -07:00
volumes.h
xattr.c
xattr.h
zlib.c