在 2024/1/22 22:40, Matthew Wilcox 写道:
On Mon, Jan 22, 2024 at 03:22:45PM +0800, Zhihao Cheng wrote:
在 2024/1/21 7:08, Matthew Wilcox (Oracle) 写道:
Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page.
This solution looks good to me, and I think 'SetPageUptodate' should be removed from write_begin_slow(slow path) too.
I didn't bother because we have just read into the page so it is uptodate. A racing read will see the data from before the write, but that's an acceptable ordering of events. .
I can't find where the page is read and set uptodate. I think the uninitialized data can be found in following path:
writer reader ubifs_write_begin page1 = grab_cache_page_write_begin err = allocate_budget // ENOSPC unlock_page(page1) put_page(page1) write_begin_slow page2 = grab_cache_page_write_begin SetPageChecked(page2) SetPageUptodate(page2) generic_file_read_iter filemap_read filemap_get_pages filemap_get_read_batch if (!folio_test_uptodate) // page2 is uptodate copy_folio_to_iter // read uninitialized page content! copy_page_from_iter_atomic // copy data to cover uninitialized page content