From: Al Viro <viro@ZenIV.linux.org.uk>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: linux-fsdevel@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>,
Christoph Hellwig <hch@lst.de>
Subject: Re: fs: possible deadlock in do_iter_write/do_splice
Date: Thu, 6 Jul 2017 14:18:34 +0100 [thread overview]
Message-ID: <20170706131834.GP10672@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CAAeHK+wVSpiHjZ-oUX1Mnw7mnUOBLMYUPuswFegS3C1iocnLQw@mail.gmail.com>
On Thu, Jul 06, 2017 at 03:01:11PM +0200, Andrey Konovalov wrote:
> Hi,
>
> I've got the following error report while fuzzing the kernel with syzkaller.
>
> On commit 9b51f04424e17051a89ab32d892ca66b2a104825 (4.12+).
It's "fs: implement vfs_iter_write using do_iter_write", actually.
vfs_iter_write() has no business playing with file_start_write(); do_iter_write()
does.
commit 62473a2d6f513296e896b64ccfd7ceb7b963795e
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Thu Jul 6 09:15:47 2017 -0400
move file_{start,end}_write() out of do_iter_write()
... and do *not* grab it in vfs_write_iter().
Fixes: "fs: implement vfs_iter_read using do_iter_read"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/read_write.c b/fs/read_write.c
index acfd3dc63d57..be1125b30aec 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -931,12 +931,10 @@ static ssize_t do_iter_write(struct file *file, struct iov_iter *iter,
if (ret < 0)
return ret;
- file_start_write(file);
if (file->f_op->write_iter)
ret = do_iter_readv_writev(file, iter, pos, WRITE, flags);
else
ret = do_loop_readv_writev(file, iter, pos, WRITE, flags);
- file_end_write(file);
if (ret > 0)
fsnotify_modify(file);
return ret;
@@ -979,7 +977,9 @@ ssize_t vfs_writev(struct file *file, const struct iovec __user *vec,
ret = import_iovec(WRITE, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
if (ret >= 0) {
+ file_start_write(file);
ret = do_iter_write(file, &iter, pos, flags);
+ file_end_write(file);
kfree(iov);
}
return ret;
@@ -1247,7 +1247,9 @@ static size_t compat_writev(struct file *file,
ret = compat_import_iovec(WRITE, vec, vlen, UIO_FASTIOV, &iov, &iter);
if (ret >= 0) {
+ file_start_write(file);
ret = do_iter_write(file, &iter, pos, flags);
+ file_end_write(file);
kfree(iov);
}
if (ret > 0)
prev parent reply other threads:[~2017-07-06 13:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-06 13:01 fs: possible deadlock in do_iter_write/do_splice Andrey Konovalov
2017-07-06 13:18 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170706131834.GP10672@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=andreyknvl@google.com \
--cc=dvyukov@google.com \
--cc=hch@lst.de \
--cc=kcc@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.