linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: asmadeus@codewreck.org
To: Oleg Nesterov <oleg@redhat.com>
Cc: syzbot <syzbot+62262fdc0e01d99573fc@syzkaller.appspotmail.com>,
	brauner@kernel.org, dhowells@redhat.com, ericvh@kernel.org,
	jack@suse.cz, jlayton@kernel.org, kprateek.nayak@amd.com,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux_oss@crudebyte.com, lucho@ionkov.net, mjguzik@gmail.com,
	netfs@lists.linux.dev, swapnil.sapkal@amd.com,
	syzkaller-bugs@googlegroups.com, v9fs@lists.linux.dev,
	viro@zeniv.linux.org.uk
Subject: Re: [syzbot] [netfs?] INFO: task hung in netfs_unbuffered_write_iter
Date: Sun, 30 Mar 2025 08:27:33 +0900	[thread overview]
Message-ID: <Z-iB5QkZyayj0Sua@codewreck.org> (raw)
In-Reply-To: <20250329142138.GA9144@redhat.com>

Oleg Nesterov wrote on Sat, Mar 29, 2025 at 03:21:39PM +0100:
> First of all, let me remind that I know nothing about 9p or netfs ;)
> And I am not sure that my patch is the right solution.
> 
> I am not even sure we need the fix, according to syzbot testing the
> problem goes away with the fixes from David
> https://web.git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=netfs-fixes
> but I didn't even try to read them, this is not my area.

(gah, I hate emails when one gets added to thread later.. I've just now
opened the thread on lore and seen David's test :/)

> > - due to the new optimization (aaec5a95d59615 "pipe_read: don't wake up
> > the writer if the pipe is still full"), that 'if there is room to send'
> > check started failing and tx thread doesn't start?
> 
> Again, I can be easily wrong, but no.
> 
> With or without the optimization above, it doesn't make sense to start
> the tx thread when the pipe is full, p9_fd_poll() can't report EPOLLOUT.
> 
> Lets recall that the idle read worker did kernel_read() -> pipe_read().
> Before this optimization, pipe_read() did the unnecessary
> 
> 	wake_up_interruptible_sync_poll(&pipe->wr_wait);
> 
> when the pipe was full before the reading _and_ is still full after the
> reading.
> 
> This wakeup calls p9_pollwake() which kicks p9_poll_workfn().

Aah, that's the bit I didn't get, thank you!

> This no longer happens after the optimization. So in some sense the
> p9_fd_request() -> p9_poll_mux() hack (which wakes the rx thread in this
> case) restores the old behaviour.
> 
> But again, again, quite possibly I completely misread this (nontrivial)
> code.

Yes, this totally makes sense; I agree with your analysis.

So basically 9p was optimizing for this impossible (on a normal server)
behaviour in the 9p side (it doesn't make any sense for the tx pipe to
be full with 0 in flight request, and tx pipe never goes unfull, and
reply comes (was there) before the actual write happened!!), but this
old behaviour made it work anyway...
So part of me wants to just leave it there and if anything try to make
this kind of usage impossible by adding more checks to mount -o
trans=fd, but I don't think it's possible to lock down all kind of weird
behaviour root users (=syzbot) can engage in...
OTOH syzbot does find some useful bugs so I guess it might be worth
fixing, I don't know.
If David's patch also happens to fix it I guess we can also just wait
for that?

Thanks,
-- 
Dominique Martinet | Asmadeus

  reply	other threads:[~2025-03-29 23:27 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-22 15:54 [syzbot] [netfs?] INFO: task hung in netfs_unbuffered_write_iter syzbot
2025-03-23 18:48 ` Oleg Nesterov
2025-03-23 19:17   ` syzbot
2025-03-23 19:47     ` Oleg Nesterov
2025-03-23 19:50       ` K Prateek Nayak
2025-03-23 19:52       ` Mateusz Guzik
2025-03-23 21:02         ` Oleg Nesterov
2025-03-24 10:47           ` K Prateek Nayak
2025-03-24 11:15             ` syzbot
2025-03-24 13:17             ` Mateusz Guzik
2025-03-24 13:19               ` K Prateek Nayak
2025-03-24 14:52                 ` K Prateek Nayak
2025-03-24 16:03                   ` Mateusz Guzik
2025-03-24 16:25                     ` K Prateek Nayak
2025-03-24 16:36                       ` K Prateek Nayak
2025-03-25  2:52                   ` K Prateek Nayak
2025-03-25 12:15                     ` Oleg Nesterov
2025-03-25 12:36                       ` Dominique Martinet
2025-03-25 13:04                       ` Oleg Nesterov
2025-03-25 14:49                         ` K Prateek Nayak
2025-03-25 14:58                           ` Dominique Martinet
2025-03-26 12:19                             ` Oleg Nesterov
2025-03-26 12:44                               ` Oleg Nesterov
2025-03-26 13:05                                 ` Oleg Nesterov
2025-03-27 17:46                             ` K Prateek Nayak
2025-03-27 21:19                               ` syzbot
2025-03-27 22:18                                 ` asmadeus
2025-03-28  4:01                                   ` K Prateek Nayak
2025-03-28  4:43                                     ` syzbot
2025-03-28 13:06                                     ` Oleg Nesterov
2025-03-28 13:07                                       ` syzbot
2025-03-28 13:25                                         ` Oleg Nesterov
2025-03-28 13:49                                           ` syzbot
2025-03-28 14:49                                             ` Oleg Nesterov
2025-03-28 15:22                                               ` syzbot
2025-03-28 17:00                                                 ` Oleg Nesterov
2025-03-28 17:56                                                   ` K Prateek Nayak
2025-03-28 18:20                                                     ` Oleg Nesterov
2025-03-29  0:00                                                   ` asmadeus
2025-03-29 14:21                                                     ` Oleg Nesterov
2025-03-29 23:27                                                       ` asmadeus [this message]
2025-03-30 10:21                                                         ` Oleg Nesterov
2025-03-23 20:03     ` Mateusz Guzik
2025-03-23 20:43       ` syzbot
2025-03-24 12:49 ` Edward Adam Davis
2025-03-24 13:37   ` syzbot
2025-03-28 18:14 ` David Howells
2025-03-28 18:44   ` syzbot
2025-03-28 19:01   ` Oleg Nesterov
2025-08-03 12:09 ` syzbot
     [not found] <20250323002028.3563-1-hdanton@sina.com>
2025-03-23  1:15 ` syzbot
     [not found] <20250323021219.3580-1-hdanton@sina.com>
2025-03-23  2:48 ` syzbot
     [not found] <20250324111613.3620-1-hdanton@sina.com>
2025-03-24 11:34 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z-iB5QkZyayj0Sua@codewreck.org \
    --to=asmadeus@codewreck.org \
    --cc=brauner@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=ericvh@kernel.org \
    --cc=jack@suse.cz \
    --cc=jlayton@kernel.org \
    --cc=kprateek.nayak@amd.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux_oss@crudebyte.com \
    --cc=lucho@ionkov.net \
    --cc=mjguzik@gmail.com \
    --cc=netfs@lists.linux.dev \
    --cc=oleg@redhat.com \
    --cc=swapnil.sapkal@amd.com \
    --cc=syzbot+62262fdc0e01d99573fc@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=v9fs@lists.linux.dev \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).