Re: [PATCH] mm: cleancache: fix corruption on missed inode invalidation
From: Andrey Ryabinin
Date: Mon Nov 12 2018 - 06:40:16 EST
On 11/12/18 2:31 PM, Jan Kara wrote:
> On Mon 12-11-18 12:57:34, Pavel Tikhomirov wrote:
>> If all pages are deleted from the mapping by memory reclaim and also
>> moved to the cleancache:
>>
>> __delete_from_page_cache
>> (no shadow case)
>> unaccount_page_cache_page
>> cleancache_put_page
>> page_cache_delete
>> mapping->nrpages -= nr
>> (nrpages becomes 0)
>>
>> We don't clean the cleancache for an inode after final file truncation
>> (removal).
>>
>> truncate_inode_pages_final
>> check (nrpages || nrexceptional) is false
>> no truncate_inode_pages
>> no cleancache_invalidate_inode(mapping)
>>
>> These way when reading the new file created with same inode we may get
>> these trash leftover pages from cleancache and see wrong data instead of
>> the contents of the new file.
>>
>> Fix it by always doing truncate_inode_pages which is already ready for
>> nrpages == 0 && nrexceptional == 0 case and just invalidates inode.
>>
>> Fixes: commit 91b0abe36a7b ("mm + fs: store shadow entries in page cache")
>> To: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
>> Cc: Johannes Weiner <hannes@xxxxxxxxxxx>
>> Cc: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx>
>> Cc: Jan Kara <jack@xxxxxxx>
>> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
>> Cc: Andi Kleen <ak@xxxxxxxxxxxxxxx>
>> Cc: linux-mm@xxxxxxxxx
>> Cc: linux-kernel@xxxxxxxxxxxxxxx
>> Reviewed-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
>> Reviewed-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
>> Signed-off-by: Pavel Tikhomirov <ptikhomirov@xxxxxxxxxxxxx>
>> ---
>> mm/truncate.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> The patch looks good but can you add a short comment before the
> truncate_inode_pages() call explaining why it needs to be called always?
> Something like:
>
> /*
> * Cleancache needs notification even if there are no pages or
> * shadow entries...
> */
Or we can just call cleancache_invalidate_inode(mapping) on else branch,
so the code would be more self-explanatory, and also avoid
function call in no-cleancache setups, which should the most of setups.