xfs: flush eof folio before insert range size update

The flush in xfs_buffered_write_iomap_begin() for zero range over a
data fork hole fronted by COW fork prealloc is primarily designed to
provide correct zeroing behavior in particular pagecache conditions.
As it turns out, this also partially masks some odd behavior in
insert range (via zero range via setattr).

Insert range bumps i_size the length of the new range, flushes,
unmaps pagecache and cancels COW prealloc, and then right shifts
extents from the end of the file back to the target offset of the
insert. Since the i_size update occurs before the pagecache flush,
this creates a transient situation where writeback around EOF can
behave differently.

This appears to be corner case situation, but if happens to be
fronted by COW fork speculative preallocation and a large, dirty
folio that contains at least one full COW block beyond EOF, the
writeback after i_size is bumped may remap that COW fork block into
the data fork within EOF. The block is zeroed and then shifted back
out to post-eof, but this is unexpected in that it leads to a
written post-eof data fork block. This can cause a zero range
warning on a subsequent size extension, because we should never find
blocks that require physical zeroing beyond i_size.

To avoid this quirk, flush the EOF folio before the i_size update
during insert range. The entire range will be flushed, unmapped and
invalidated anyways, so this should be relatively unnoticeable.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
index 7918968e1d623b00364ca0ecdb8da0df862ea5fb..845a97c9b0630ba813e67ab6a6e39608e9c5b394 100644 (file)
--- a/fs/xfs/xfs_file.c
+++ b/fs/xfs/xfs_file.c
@@ -1306,6 +1306,23 @@ xfs_falloc_insert_range(
        if (offset >= isize)
                return -EINVAL;
 
+       /*
+        * Let writeback clean up EOF folio state before we bump i_size. The
+        * insert flushes before it starts shifting and under certain
+        * circumstances we can write back blocks that should technically be
+        * considered post-eof (and thus should not be submitted for writeback).
+        *
+        * For example, a large, dirty folio that spans EOF and is backed by
+        * post-eof COW fork preallocation can cause block remap into the data
+        * fork. This shifts back out beyond EOF, but creates an expectedly
+        * written post-eof block. The insert is going to flush, unmap and
+        * cancel prealloc across this whole range, so flush EOF now before we
+        * bump i_size to provide consistent behavior.
+        */
+       error = filemap_write_and_wait_range(inode->i_mapping, isize, isize);
+       if (error)
+               return error;
+
        error = xfs_falloc_setsize(file, isize + len);
        if (error)
                return error;