From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com [209.85.161.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8675A32F765 for ; Tue, 31 Mar 2026 13:32:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774963962; cv=none; b=JGFYzCeGy68lVoaU5h0/bVfprKrrKz52KDxhHIuZb1TX8R3XQn7RRXVxAfplCQoAQ+oGVT6KB9b9TGyiaCeRPsSHz7juAquFdxwpxOiFlcnalKGcLQGm9CmaBcHnSESXmchXc1xIXavcwXFlpAVyrZdIaTatmFqDhv3nV7SWQlI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774963962; c=relaxed/simple; bh=Wfxc9Jvu01LuJeIXc9Ci8t/2fCy0RFq5kmo+owUynfo=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=tXUH4kEwxvYVICPqzfCcjEaREFKBPyoZ4znEe3091KI77dAjr2uk16stwmvsW4Xh4SCjdnslMwBjI1drIQPLkkHBcXKwblLDv7RKSkDf+psazHz6X+EYLoEfOrd0D2scvYCFRvEtoKTNKvpbg8M0zXydNE2u8/3PAA98u+EOi0s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.dk; spf=pass smtp.mailfrom=kernel.dk; dkim=pass (2048-bit key) header.d=kernel-dk.20230601.gappssmtp.com header.i=@kernel-dk.20230601.gappssmtp.com header.b=O8gdE8xD; arc=none smtp.client-ip=209.85.161.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.dk Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kernel.dk Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel-dk.20230601.gappssmtp.com header.i=@kernel-dk.20230601.gappssmtp.com header.b="O8gdE8xD" Received: by mail-oo1-f51.google.com with SMTP id 006d021491bc7-67d52ba8458so3649362eaf.1 for ; Tue, 31 Mar 2026 06:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20230601.gappssmtp.com; s=20230601; t=1774963958; x=1775568758; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=Ui6y6e7r2v03MUXf5GqhDfyt5JoqpZVHnb40SG6xI2c=; b=O8gdE8xDsTDJR/HIjN0DbmOHM3h3xvgTwMQw6Ih+81OP4snXAzkYkKUcXGgQ9BGv9f hO6KGiJC85qtufYhPwtQfeqseAaYKNtsfaIOtgE3oi+yrkdYBvvTRcQCmi4NAjgEQcQh bTM0Lq9Qp0vHkWwye4joaiiVHFuovvsMLlnaqu7wXejfDufAAbPm73HVZ+1he+RwujtY /D25ImZ1EiLjUOpDM+TRaWw0JTSQL3vifg/SW1f3I4qjjv/yjZU1OE1utOrj6I/hrSHz 1PHTxky8XRjG4tiMnkj9DMuIstI1g7ks4sc80S0/YhtERZ/2b+UraLA5UXZf4mi7kCxt Yq4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774963958; x=1775568758; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Ui6y6e7r2v03MUXf5GqhDfyt5JoqpZVHnb40SG6xI2c=; b=XqfYkqyI7h5ECiNmOoIKA34Se3TxpoEQAtYQHCpxzaQC8TmufSDhrk9fdp/JYKvjZo 5BuaIZTG5WFi45cBgghmmZZTBxO8zffs3Jk7vOy/z6AhEKrFpxSrdD1+ODac/Xs05H0K OuPVcQzBKxmgjqxNFzfsnhb3Dz8vHgCXtTsm/GMR3zofX7Dt6EJXE1Y1yjKX1Ag/X7l4 5BChGflsihw1lGvFycg0kn2qR1zmGIhrL+RWnluyTfb79E9zrs2ktRpGgRUJtGY+3LuL QdadzS/CjDHpOnnqZ9mx926S/pGx1/Yaegky9oneoN+Brxgt8EbwS8ISCetO4LnU9tbT zKzA== X-Forwarded-Encrypted: i=1; AJvYcCWdbCCmHqx1xUjHAM9yySR3bFtfQoF2XUDPZ8fmudgFrcbPs40aYyL+iSDddUdOJpc9yOp+w+0xRZzBzlA=@vger.kernel.org X-Gm-Message-State: AOJu0YyCekn83slEL/OKTlOCVUoqMMJ9hvmrBLbmXF+C9IHEGID3hqUY Za5lHmDix+OWmuokbT1oGFB3G3DVLs99BomuY67P0DlUi/nEHedQvJgv8z3+CPMKe+8= X-Gm-Gg: ATEYQzxZiBXej19/frpOz3M0JmRk0CjQRDiDrszW5lCT9frEb6vRNXRFozQK65t7lQr 24uZcOoKSNqFO+XsNmCIvSOeca9UZtumliuuCn0anreEkuWgBid9kkdSMJPhgtTLQTMtD7YhjuR RlO5m7usDESCIVbErmLaahZYiPGngQzJETOj+823Clv4GxnupmSSk6V9SHMg6IzkXaMTp5eDsX5 /iR6C5k47CF/LJGLjaOWol4gkRoDFhHY2HVT95pJ45w0fWx6addyKpdO0+7Qu70s+VOqnjR8Uq3 IrhcoKO7LFs6gJGmhTFU4bB4UZyF5TnT9V/FpAqZO+WLMjH5v19iptE6b9pnlWYuAWfMwZB/SxH FnZQAl0uyA7waGb+QxFN6+sh/NQzcVlDUqpI8t+Bsmrlr4PbiTYHfldBnwZG1IGT4DFhBDKkzCg qhdcWzlV9T/GdRzntp2R+kQWd7uglPvM2rYFYqKAwUyEu05MK9A5/O0M5ksxpfzxJNIgukp9I6k fy6FNbNPg== X-Received: by 2002:a4a:e749:0:b0:67e:151b:1554 with SMTP id 006d021491bc7-67e3d95e5cdmr1673416eaf.30.1774963958399; Tue, 31 Mar 2026 06:32:38 -0700 (PDT) Received: from [192.168.1.150] ([198.8.77.157]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-41d04958090sm7633561fac.7.2026.03.31.06.32.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 31 Mar 2026 06:32:37 -0700 (PDT) Message-ID: <1ec5669f-9dee-43f2-aed9-48d1247b68cb@kernel.dk> Date: Tue, 31 Mar 2026 07:32:36 -0600 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] splice: prevent deadlock when splicing a file to itself To: Christian Brauner , Deepanshu Kartikey Cc: viro@zeniv.linux.org.uk, jack@suse.cz, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+d31a3b77e5cba96b9f69@syzkaller.appspotmail.com References: <20260320130615.1109449-1-kartikey406@gmail.com> <20260331-hornissen-beklagen-f63db82fdcc1@brauner> Content-Language: en-US From: Jens Axboe In-Reply-To: <20260331-hornissen-beklagen-f63db82fdcc1@brauner> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 3/31/26 3:33 AM, Christian Brauner wrote: > On Fri, Mar 20, 2026 at 06:36:15PM +0530, Deepanshu Kartikey wrote: >> >> When do_splice_direct_actor() is called with the same inode >> for both input and output files (either via the same fd or a >> dup'd fd), it causes a hung task in blkdev_write_iter(). >> >> The deadlock occurs because sendfile() calls do_splice_direct() >> which tries to acquire inode_lock_shared() for reading, while >> the write side already holds the same inode lock, causing the >> task to block indefinitely in rwsem_down_read_slowpath(). >> >> Fix this by checking if the input and output files share the >> same inode before proceeding, returning -EINVAL if they do. >> This mirrors the existing check in do_splice() for the >> pipe-to-pipe case where ipipe == opipe. >> >> Reported-by: syzbot+d31a3b77e5cba96b9f69@syzkaller.appspotmail.com >> Closes: https://syzkaller.appspot.com/bug?extid=d31a3b77e5cba96b9f69 >> Tested-by: syzbot+d31a3b77e5cba96b9f69@syzkaller.appspotmail.com >> Signed-off-by: Deepanshu Kartikey >> --- > > @Jens? Fix looks reasonable to me. -- Jens Axboe