* [PATCH] fs: Fix jfs_fsync() Sleeping in Invalid Context
@ 2025-03-25 17:33 Purva Yeshi
2025-03-25 18:16 ` Matthew Wilcox
0 siblings, 1 reply; 2+ messages in thread
From: Purva Yeshi @ 2025-03-25 17:33 UTC (permalink / raw)
To: Alexander Viro
Cc: linux-fsdevel, linux-kernel, Purva Yeshi,
syzbot+219127d0a3bce650e1b6
Bug detected by Syzbot:
BUG: sleeping function called from invalid context in jfs_fsync
generic_write_sync() is called within dio_complete(), which can be
triggered by dio_bio_end_aio(), a bio completion handler running in
SoftIRQ context. Since fsync() can sleep, executing it in SoftIRQ
causes an invalid context bug.
Fix this by deferring generic_write_sync() when dio_complete() is
triggered from dio_bio_end_aio(). Modify the completion path to
ensure fsync() is not executed in an atomic context, maintaining
proper synchronization and preventing unexpected failures.
Reported-by: syzbot+219127d0a3bce650e1b6@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=219127d0a3bce650e1b6
Tested-by: syzbot+219127d0a3bce650e1b6@syzkaller.appspotmail.com
Fixes: 5955102c9984 ("wrappers for ->i_mutex access")
Signed-off-by: Purva Yeshi <purvayeshi550@gmail.com>
---
V1 - https://lore.kernel.org/all/20250322142134.35325-1-purvayeshi550@gmail.com/
V2 - Fix invalid jfs_fsync() invocation by deferring generic_write_sync()
in dio_complete().
fs/direct-io.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/fs/direct-io.c b/fs/direct-io.c
index 03d381377ae1..2ae832e7c57b 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -356,13 +356,9 @@ static void dio_bio_end_aio(struct bio *bio)
defer_completion = dio->defer_completion ||
(dio_op == REQ_OP_WRITE &&
dio->inode->i_mapping->nrpages);
- if (defer_completion) {
- INIT_WORK(&dio->complete_work, dio_aio_complete_work);
- queue_work(dio->inode->i_sb->s_dio_done_wq,
- &dio->complete_work);
- } else {
- dio_complete(dio, 0, DIO_COMPLETE_ASYNC);
- }
+
+ INIT_WORK(&dio->complete_work, dio_aio_complete_work);
+ queue_work(dio->inode->i_sb->s_dio_done_wq, &dio->complete_work);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] fs: Fix jfs_fsync() Sleeping in Invalid Context
2025-03-25 17:33 [PATCH] fs: Fix jfs_fsync() Sleeping in Invalid Context Purva Yeshi
@ 2025-03-25 18:16 ` Matthew Wilcox
0 siblings, 0 replies; 2+ messages in thread
From: Matthew Wilcox @ 2025-03-25 18:16 UTC (permalink / raw)
To: Purva Yeshi
Cc: Alexander Viro, linux-fsdevel, linux-kernel,
syzbot+219127d0a3bce650e1b6
On Tue, Mar 25, 2025 at 11:03:36PM +0530, Purva Yeshi wrote:
> +++ b/fs/direct-io.c
> @@ -356,13 +356,9 @@ static void dio_bio_end_aio(struct bio *bio)
> defer_completion = dio->defer_completion ||
> (dio_op == REQ_OP_WRITE &&
> dio->inode->i_mapping->nrpages);
> - if (defer_completion) {
> - INIT_WORK(&dio->complete_work, dio_aio_complete_work);
> - queue_work(dio->inode->i_sb->s_dio_done_wq,
> - &dio->complete_work);
> - } else {
> - dio_complete(dio, 0, DIO_COMPLETE_ASYNC);
> - }
> +
> + INIT_WORK(&dio->complete_work, dio_aio_complete_work);
> + queue_work(dio->inode->i_sb->s_dio_done_wq, &dio->complete_work);
This patch is definitely wrong. If it were the right thing to do, then
since defer_completion is now un-read, we should stop calculating it.
I'm not sure what the right solution is; should we simply do:
defer_completion = dio->defer_completion ||
+ in_atomic() ||
(dio_op == REQ_OP_WRITE &&
dio->inode->i_mapping->nrpages);
I'm kind of surprised this problem hasn't cropped up before now ...
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-03-25 18:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-25 17:33 [PATCH] fs: Fix jfs_fsync() Sleeping in Invalid Context Purva Yeshi
2025-03-25 18:16 ` Matthew Wilcox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).