On Tue, Mar 02, 2021 at 12:04:19PM -0800, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
ext4 didn't properly clean up if verity failed to be enabled on a file:
It left verity metadata (pages past EOF) in the page cache, which would be exposed to userspace if the file was later extended.
It didn't truncate the verity metadata at all (either from cache or from disk) if an error occurred while setting the verity bit.
Fix these bugs by adding a call to truncate_inode_pages() and ensuring that we truncate the verity metadata (both from cache and from disk) in all error paths. Also rework the code to cleanly separate the success path from the error paths, which makes it much easier to understand.
Reported-by: Yunlei He heyunlei@hihonor.com Fixes: c93d8f885809 ("ext4: add basic fs-verity support") Cc: stable@vger.kernel.org # v5.4+ Signed-off-by: Eric Biggers ebiggers@google.com
Thanks, LGTM.
I've applied this to the ext4 with minor adjustment; I eliminated the double blank line here:
- ext4_clear_inode_state(inode, EXT4_STATE_VERITY_IN_PROGRESS);
- return 0;
+stop_and_cleanup:
- ext4_journal_stop(handle);
...
- Ted