From owner-svn-src-head@freebsd.org Tue Aug 16 17:31:00 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29462BBCEE1; Tue, 16 Aug 2016 17:31:00 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF23D1EAE; Tue, 16 Aug 2016 17:30:59 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7GHUwZJ091528; Tue, 16 Aug 2016 17:30:58 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7GHUwQG091527; Tue, 16 Aug 2016 17:30:58 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201608161730.u7GHUwQG091527@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Tue, 16 Aug 2016 17:30:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r304232 - head/sys/ufs/ffs X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 17:31:00 -0000 Author: kib Date: Tue Aug 16 17:30:58 2016 New Revision: 304232 URL: https://svnweb.freebsd.org/changeset/base/304232 Log: In UFS_BALLOC(), invalidate pages of indirect buffers on failed block allocation unwinding. Dandling buffers are released on UFS_BALLOC() failure to ensure that later attempt to allocate blocks in close range do not find the blocks with invalid content, since possible partial block allocations are unwound. As such, it is not enough to just release the buffers, the pages must also invalidated and removed from the vnode vm_object queue. Otherwise the pages might be found later and used to reconstruct indirect buffers when doing allocations at offset close to the failure point, and their stale content compromise the filesystem integrity. Note that just marking the buffer as B_INVAL is not enough, B_NOCACHE is required. To be sure, clear the B_CACHE flag as well. This complements the r174973, which started releasing buffers. Reported and tested by: pho Reviewed by: mckusick Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/ufs/ffs/ffs_balloc.c Modified: head/sys/ufs/ffs/ffs_balloc.c ============================================================================== --- head/sys/ufs/ffs/ffs_balloc.c Tue Aug 16 17:18:38 2016 (r304231) +++ head/sys/ufs/ffs/ffs_balloc.c Tue Aug 16 17:30:58 2016 (r304232) @@ -492,8 +492,8 @@ fail: (intmax_t)bp->b_lblkno, (uintmax_t)*lbns_remfree, (uintmax_t)bp->b_blkno, (uintmax_t)fsbtodb(fs, *blkp))); - bp->b_flags |= (B_INVAL | B_RELBUF); - bp->b_flags &= ~B_ASYNC; + bp->b_flags |= B_INVAL | B_RELBUF | B_NOCACHE; + bp->b_flags &= ~(B_ASYNC | B_CACHE); brelse(bp); } deallocated += fs->fs_bsize; @@ -1087,8 +1087,8 @@ fail: (intmax_t)bp->b_lblkno, (uintmax_t)*lbns_remfree, (uintmax_t)bp->b_blkno, (uintmax_t)fsbtodb(fs, *blkp))); - bp->b_flags |= (B_INVAL | B_RELBUF); - bp->b_flags &= ~B_ASYNC; + bp->b_flags |= B_INVAL | B_RELBUF | B_NOCACHE; + bp->b_flags &= ~(B_ASYNC | B_CACHE); brelse(bp); } deallocated += fs->fs_bsize;