From: Catalin Marinas <catalin.marinas@arm.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Andreas Gruenbacher <agruenba@redhat.com>,
Josef Bacik <josef@toxicpanda.com>,
Al Viro <viro@zeniv.linux.org.uk>, Chris Mason <clm@fb.com>,
David Sterba <dsterba@suse.com>, Will Deacon <will@kernel.org>,
linux-fsdevel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v4 0/3] Avoid live-lock in btrfs fault-in+uaccess loop
Date: Sat, 23 Apr 2022 11:07:48 +0100 [thread overview]
Message-ID: <20220423100751.1870771-1-catalin.marinas@arm.com> (raw)
Hi,
A minor update from v3 here:
https://lore.kernel.org/r/20220406180922.1522433-1-catalin.marinas@arm.com
In patch 3/3 I dropped the 'len' local variable, so the btrfs patch
simply replaces fault_in_writeable() with fault_in_subpage_writeable()
and adds a comment. I kept David's ack as there's no functional change
since v3.
Andrew, since there was no objection last time around, I'd like this
series to land in 5.19. As it touches arch, fs and mm, it should
probably go in via the mm tree but I'm also happy to merge the series
via arm64. Please let me know if you have any preference.
The btrfs search_ioctl() function can potentially live-lock on arm64
with MTE enabled due to a fault_in_writeable() + copy_to_user_nofault()
unbounded loop. The uaccess can fault in the middle of a page (MTE tag
check fault) even if a prior fault_in_writeable() successfully wrote to
the beginning of that page. The btrfs loop always restarts the fault-in
loop from the beginning of the user buffer, hence the live-lock.
The series introduces fault_in_subpage_writeable() together with the
arm64 probing counterpart and the btrfs fix.
Thanks.
Catalin Marinas (3):
mm: Add fault_in_subpage_writeable() to probe at sub-page granularity
arm64: Add support for user sub-page fault probing
btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page
faults
arch/Kconfig | 7 +++++++
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/mte.h | 1 +
arch/arm64/include/asm/uaccess.h | 15 +++++++++++++++
arch/arm64/kernel/mte.c | 30 ++++++++++++++++++++++++++++++
fs/btrfs/ioctl.c | 7 ++++++-
include/linux/pagemap.h | 1 +
include/linux/uaccess.h | 22 ++++++++++++++++++++++
mm/gup.c | 29 +++++++++++++++++++++++++++++
9 files changed, 112 insertions(+), 1 deletion(-)
base-commit: b2d229d4ddb17db541098b83524d901257e93845
next reply other threads:[~2022-04-23 10:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-23 10:07 Catalin Marinas [this message]
2022-04-23 10:07 ` [PATCH v4 1/3] mm: Add fault_in_subpage_writeable() to probe at sub-page granularity Catalin Marinas
2022-04-23 23:49 ` Andrew Morton
2022-04-23 10:07 ` [PATCH v4 2/3] arm64: Add support for user sub-page fault probing Catalin Marinas
2022-04-23 10:07 ` [PATCH v4 3/3] btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page faults Catalin Marinas
2022-04-23 16:35 ` [PATCH v4 0/3] Avoid live-lock in btrfs fault-in+uaccess loop Linus Torvalds
2022-04-23 18:40 ` Catalin Marinas
2022-04-25 11:08 ` Andreas Gruenbacher
2022-04-25 16:13 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220423100751.1870771-1-catalin.marinas@arm.com \
--to=catalin.marinas@arm.com \
--cc=agruenba@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=josef@toxicpanda.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).