From: Christoph Hellwig <hch@infradead.org>
To: axboe@kernel.dk, linux-block@vger.kernel.org
Subject: Re: [PATCH V5] loop: Add sanity check for read/write_iter
Date: Sun, 4 May 2025 23:30:01 -0700 [thread overview]
Message-ID: <aBha6QnS6lrPNnow@infradead.org> (raw)
In-Reply-To: <20250428143626.3318717-1-lizhi.xu@windriver.com>
Can you pick this one up?
On Mon, Apr 28, 2025 at 10:36:26PM +0800, Lizhi Xu wrote:
> Some file systems do not support read_iter/write_iter, such as selinuxfs
> in this issue.
> So before calling them, first confirm that the interface is supported and
> then call it.
>
> It is releavant in that vfs_iter_read/write have the check, and removal
> of their used caused szybot to be able to hit this issue.
>
> Fixes: f2fed441c69b ("loop: stop using vfs_iter__{read,write} for buffered I/O")
> Reported-by: syzbot+6af973a3b8dfd2faefdc@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=6af973a3b8dfd2faefdc
> Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> ---
> V1 -> V2: move check to loop_configure and loop_change_fd
> V2 -> V3: using helper for this check
> V3 -> V4: remove input parameters change and mode
> V4 -> V5: remove braces around !file->f_op->write_iter
>
> drivers/block/loop.c | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/drivers/block/loop.c b/drivers/block/loop.c
> index 46cba261075f..655d33e63cb9 100644
> --- a/drivers/block/loop.c
> +++ b/drivers/block/loop.c
> @@ -505,6 +505,17 @@ static void loop_assign_backing_file(struct loop_device *lo, struct file *file)
> lo->lo_min_dio_size = loop_query_min_dio_size(lo);
> }
>
> +static int loop_check_backing_file(struct file *file)
> +{
> + if (!file->f_op->read_iter)
> + return -EINVAL;
> +
> + if ((file->f_mode & FMODE_WRITE) && !file->f_op->write_iter)
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> /*
> * loop_change_fd switched the backing store of a loopback device to
> * a new file. This is useful for operating system installers to free up
> @@ -526,6 +537,10 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
> if (!file)
> return -EBADF;
>
> + error = loop_check_backing_file(file);
> + if (error)
> + return error;
> +
> /* suppress uevents while reconfiguring the device */
> dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 1);
>
> @@ -963,6 +978,14 @@ static int loop_configure(struct loop_device *lo, blk_mode_t mode,
>
> if (!file)
> return -EBADF;
> +
> + if ((mode & BLK_OPEN_WRITE) && !file->f_op->write_iter)
> + return -EINVAL;
> +
> + error = loop_check_backing_file(file);
> + if (error)
> + return error;
> +
> is_loop = is_loop_device(file);
>
> /* This is safe, since we have a reference from open(). */
> --
> 2.43.0
>
>
---end quoted text---
next prev parent reply other threads:[~2025-05-05 6:30 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 14:08 [syzbot] [block?] BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio syzbot
2025-04-25 1:19 ` [syzbot] " syzbot
2025-04-25 1:55 ` syzbot
2025-04-25 3:40 ` [PATCH] loop: Add sanity check for read/write_iter Lizhi Xu
2025-04-25 4:06 ` Zhu Yanjun
2025-04-25 4:19 ` Lizhi Xu
2025-04-25 4:20 ` Ming Lei
2025-04-25 4:33 ` Lizhi Xu
2025-04-25 5:38 ` [PATCH V2] " Lizhi Xu
2025-04-25 13:28 ` Christoph Hellwig
2025-04-26 1:50 ` Lizhi Xu
2025-04-28 12:46 ` Christoph Hellwig
2025-04-28 13:48 ` Lizhi Xu
2025-04-28 13:49 ` Christoph Hellwig
2025-04-26 2:10 ` [PATCH V3] " Lizhi Xu
2025-04-28 12:49 ` Christoph Hellwig
2025-04-28 13:42 ` Lizhi Xu
2025-04-28 13:48 ` Christoph Hellwig
2025-04-28 14:15 ` [PATCH V4] " Lizhi Xu
2025-04-28 14:26 ` Christoph Hellwig
2025-04-28 14:36 ` [PATCH V5] " Lizhi Xu
2025-05-05 6:30 ` Christoph Hellwig [this message]
2025-05-05 13:18 ` Jens Axboe
2025-05-19 15:56 ` Christian Hesse
2025-05-20 3:00 ` Lizhi Xu
2025-05-20 5:39 ` Christian Hesse
2025-05-20 6:29 ` 回复: " Xu, Lizhi
2025-05-20 6:31 ` Christian Hesse
2025-05-20 6:49 ` Xu, Lizhi
2025-05-20 6:46 ` 回复: " hch
2025-05-20 6:59 ` 回复: " Xu, Lizhi
2025-05-20 11:28 ` hch
2025-05-20 11:39 ` 回复: " Xu, Lizhi
2025-05-20 11:41 ` hch
2025-05-20 11:44 ` 回复: " Xu, Lizhi
2025-05-20 11:52 ` Xu, Lizhi
2025-05-20 12:27 ` Xu, Lizhi
2025-05-20 12:46 ` Christian Hesse
2025-05-20 12:49 ` hch
2025-05-20 13:12 ` Xu, Lizhi
2025-05-20 16:53 ` christian
2025-05-20 12:46 ` hch
2025-04-25 4:54 ` [syzbot] Re: [syzbot] [block?] BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBha6QnS6lrPNnow@infradead.org \
--to=hch@infradead.org \
--cc=axboe@kernel.dk \
--cc=linux-block@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.