From: Christoph Hellwig <hch@infradead.org>
To: asmadeus@codewreck.org
Cc: Eric Van Hensbergen <ericvh@kernel.org>,
Latchesar Ionkov <lucho@ionkov.net>,
Christian Schoenebeck <linux_oss@crudebyte.com>,
v9fs@lists.linux.dev, linux-kernel@vger.kernel.org,
David Howells <dhowells@redhat.com>,
Matthew Wilcox <willy@infradead.org>,
linux-fsdevel@vger.kernel.org,
Chris Arges <carges@cloudflare.com>
Subject: Re: [PATCH] 9p/virtio: restrict page pinning to user_backed_iter() iovec
Date: Tue, 9 Dec 2025 22:04:30 -0800 [thread overview]
Message-ID: <aTkNbptI5stvpBPn@infradead.org> (raw)
In-Reply-To: <20251210-virtio_trans_iter-v1-1-92eee6d8b6db@codewreck.org>
On Wed, Dec 10, 2025 at 06:04:23AM +0900, Dominique Martinet via B4 Relay wrote:
> From: Dominique Martinet <asmadeus@codewreck.org>
>
> When doing a loop mount of a filesystem over 9p, read requests can come
> from unexpected places and blow up as reported by Chris Arges with this
> reproducer:
> ```
> dd if=/dev/zero of=./xfs.img bs=1M count=300
> yes | mkfs.xfs -b size=8192 ./xfs.img
> rm -rf ./mount && mkdir -p ./mount
> mount -o loop ./xfs.img ./mount
We should really wire this up to xfstests so that all file systems
see the pattern of kmalloc allocations passed into the block layer
and then on to the direct I/O code.
> The problem is that iov_iter_get_pages_alloc2() apparently cannot be
> called on folios (as illustrated by the backtrace below), so limit what
> iov we can pin from !iov_iter_is_kvec() to user_backed_iter()
As willy pointed out this is a kmalloc.
And 9p (just like NFS) really needs to switch away from
iov_iter_get_pages_alloc2 to iov_iter_extract_pages, which handles not
just this perfectly fine but also fixes various other issues.
Note that the networking code still wants special treatment for kmalloc
pages, so you might have more work there.
next prev parent reply other threads:[~2025-12-10 6:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-09 21:04 [PATCH] 9p/virtio: restrict page pinning to user_backed_iter() iovec Dominique Martinet via B4 Relay
2025-12-10 4:21 ` Matthew Wilcox
2025-12-10 6:04 ` Christoph Hellwig [this message]
2025-12-10 7:38 ` asmadeus
2025-12-10 8:32 ` Christoph Hellwig
2025-12-13 13:28 ` asmadeus
2025-12-15 5:55 ` Christoph Hellwig
2025-12-15 7:34 ` Dominique Martinet
2025-12-15 11:16 ` Christian Schoenebeck
2025-12-15 14:37 ` Christoph Hellwig
2025-12-10 13:33 ` Christian Schoenebeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aTkNbptI5stvpBPn@infradead.org \
--to=hch@infradead.org \
--cc=asmadeus@codewreck.org \
--cc=carges@cloudflare.com \
--cc=dhowells@redhat.com \
--cc=ericvh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux_oss@crudebyte.com \
--cc=lucho@ionkov.net \
--cc=v9fs@lists.linux.dev \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).