On Fri 09-08-24 20:15:32, Zhihao Cheng wrote: > From: Zhihao Cheng <chengzhihao1@xxxxxxxxxx> > > The dax_iomap_rw() does two things in each iteration: map written blocks > and copy user data to blocks. If the process is killed by user(See signal > handling in dax_iomap_iter()), the copied data will be returned and added > on inode size, which means that the length of written extents may exceed > the inode size, then fsck will fail. An example is given as: > > dd if=/dev/urandom of=file bs=4M count=1 > dax_iomap_rw > iomap_iter // round 1 > ext4_iomap_begin > ext4_iomap_alloc // allocate 0~2M extents(written flag) > dax_iomap_iter // copy 2M data > iomap_iter // round 2 > iomap_iter_advance > iter->pos += iter->processed // iter->pos = 2M > ext4_iomap_begin > ext4_iomap_alloc // allocate 2~4M extents(written flag) > dax_iomap_iter > fatal_signal_pending > done = iter->pos - iocb->ki_pos // done = 2M > ext4_handle_inode_extension > ext4_update_inode_size // inode size = 2M > > fsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix? > > Fix the problem by truncating extents if the written length is smaller > than expected. > > Fixes: 776722e85d3b ("ext4: DAX iomap write support") > CC: stable@xxxxxxxxxxxxxxx > Link: https://bugzilla.kernel.org/show_bug.cgi?id=219136 > Signed-off-by: Zhihao Cheng <chengzhihao1@xxxxxxxxxx> Good catch! Feel free to add: Reviewed-by: Jan Kara <jack@xxxxxxx> Honza > --- > fs/ext4/file.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/fs/ext4/file.c b/fs/ext4/file.c > index c89e434db6b7..be061bb64067 100644 > --- a/fs/ext4/file.c > +++ b/fs/ext4/file.c > @@ -334,10 +334,10 @@ static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset, > * Clean up the inode after DIO or DAX extending write has completed and the > * inode size has been updated using ext4_handle_inode_extension(). > */ > -static void ext4_inode_extension_cleanup(struct inode *inode, ssize_t count) > +static void ext4_inode_extension_cleanup(struct inode *inode, bool need_trunc) > { > lockdep_assert_held_write(&inode->i_rwsem); > - if (count < 0) { > + if (need_trunc) { > ext4_truncate_failed_write(inode); > /* > * If the truncate operation failed early, then the inode may > @@ -586,7 +586,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from) > * writeback of delalloc blocks. > */ > WARN_ON_ONCE(ret == -EIOCBQUEUED); > - ext4_inode_extension_cleanup(inode, ret); > + ext4_inode_extension_cleanup(inode, ret < 0); > } > > out: > @@ -670,7 +670,7 @@ ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from) > > if (extend) { > ret = ext4_handle_inode_extension(inode, offset, ret); > - ext4_inode_extension_cleanup(inode, ret); > + ext4_inode_extension_cleanup(inode, ret < (ssize_t)count); > } > out: > inode_unlock(inode); > -- > 2.39.2 > -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR