On 2024/8/13 0:49, Darrick J. Wong wrote: > On Mon, Aug 12, 2024 at 08:11:58PM +0800, Zhang Yi wrote: >> From: Zhang Yi <yi.zhang@xxxxxxxxxx> >> >> In __iomap_write_begin(), if we unaligned buffered write data to a hole >> of a regular file, we only zero out the place where aligned to block >> size that we don't want to write, but mark the whole range uptodate if >> block size < folio size. This is wrong since the not zeroed part will >> contains stale data and can be accessed by a concurrent buffered read >> easily (on the filesystem may not hold inode->i_rwsem) once we mark the >> range uptodate. Fix this by drop iomap_set_range_uptodate() in the >> zeroing out branch. >> >> Fixes: 9dc55f1389f9 ("iomap: add support for sub-pagesize buffered I/O without buffer heads") >> Reported-by: Matthew Wilcox <willy@xxxxxxxxxxxxx> >> Closes: https://lore.kernel.org/all/ZqsN5ouQTEc1KAzV@xxxxxxxxxxxxxxxxxxxx/ >> Signed-off-by: Zhang Yi <yi.zhang@xxxxxxxxxx> >> --- >> fs/iomap/buffered-io.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c >> index ac762de9a27f..96600405dbb5 100644 >> --- a/fs/iomap/buffered-io.c >> +++ b/fs/iomap/buffered-io.c >> @@ -744,8 +744,8 @@ static int __iomap_write_begin(const struct iomap_iter *iter, loff_t pos, >> poff, plen, srcmap); >> if (status) >> return status; >> + iomap_set_range_uptodate(folio, poff, plen); >> } >> - iomap_set_range_uptodate(folio, poff, plen); > > Don't we need to iomap_set_range_uptodate for the bytes that we zeroed > with folio_zero_segments? > We must do partial block zeroing here, hence we don't need to set update bit. Thanks, Yi. > --D > >> } while ((block_start += plen) < block_end); >> >> return 0; >> -- >> 2.39.2 >> >>