[PATCH v2 0/3] iomap/xfs: fix stale data exposure when truncating realtime inodes

From: Zhang Yi
Date: Thu May 16 2024 - 03:41:12 EST


Changes since v1:
- In iomap_truncate_page() and dax_truncate_page(), for the case of
truncate blocksize is not power of 2, use do_dive() to calculate the
offset.

This series fix a stale data exposure issue reported by Chandan when
running fstests generic/561 on xfs with realtime device[1]. The real
problem is xfs_setattr_size() doesn't zero out enough range when
truncating a realtime inode, please see the third patch or [1] for
details.

The first two patches modify iomap_truncate_page() and
dax_truncate_page() to pass filesystem identified blocksize, and drop
the assumption of i_blocksize() as Dave suggested. The third patch fix
the issue by modifying xfs_truncate_page() to pass the correct
blocksize, and make sure zeroed range have been flushed to disk before
updating i_size.

[1] https://lore.kernel.org/linux-xfs/87ttj8ircu.fsf@debian-BULLSEYE-live-builder-AMD64/

Thanks,
Yi.

Zhang Yi (3):
iomap: pass blocksize to iomap_truncate_page()
fsdax: pass blocksize to dax_truncate_page()
xfs: correct the zeroing truncate range

fs/dax.c | 11 ++++++-----
fs/ext2/inode.c | 4 ++--
fs/iomap/buffered-io.c | 11 ++++++-----
fs/xfs/xfs_iomap.c | 36 ++++++++++++++++++++++++++++++++----
fs/xfs/xfs_iops.c | 10 ----------
include/linux/dax.h | 4 ++--
include/linux/iomap.h | 4 ++--
7 files changed, 50 insertions(+), 30 deletions(-)

--
2.39.2