* [to-be-updated] btrfs-avoid-live-lock-in-search_ioctl-on-hardware-with-sub-page-faults.patch removed from -mm tree
@ 2022-01-13 21:08 akpm
0 siblings, 0 replies; only message in thread
From: akpm @ 2022-01-13 21:08 UTC (permalink / raw)
To: agruenba, catalin.marinas, dsterba, josef, mm-commits, stable,
viro, will, willy
The patch titled
Subject: btrfs: avoid live-lock in search_ioctl() on hardware with sub-page faults
has been removed from the -mm tree. Its filename was
btrfs-avoid-live-lock-in-search_ioctl-on-hardware-with-sub-page-faults.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Catalin Marinas <catalin.marinas@arm.com>
Subject: btrfs: avoid live-lock in search_ioctl() on hardware with sub-page faults
Commit a48b73eca4ce ("btrfs: fix potential deadlock in the search ioctl")
addressed a lockdep warning by pre-faulting the user pages and attempting
the copy_to_user_nofault() in an infinite loop. On architectures like
arm64 with MTE, an access may fault within a page at a location different
from what fault_in_writeable() probed. Since the sk_offset is rewound to
the previous struct btrfs_ioctl_search_header boundary, there is no
guaranteed forward progress and search_ioctl() may live-lock.
Use fault_in_exact_writeable() instead which probes the entire user
buffer for faults at sub-page granularity.
Link: https://lkml.kernel.org/r/20211124192024.2408218-4-catalin.marinas@arm.com
Fixes: a48b73eca4ce ("btrfs: fix potential deadlock in the search ioctl")
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: David Sterba <dsterba@suse.com>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Will Deacon <will@kernel.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/btrfs/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/ioctl.c~btrfs-avoid-live-lock-in-search_ioctl-on-hardware-with-sub-page-faults
+++ a/fs/btrfs/ioctl.c
@@ -2225,7 +2225,8 @@ static noinline int search_ioctl(struct
while (1) {
ret = -EFAULT;
- if (fault_in_writeable(ubuf + sk_offset, *buf_size - sk_offset))
+ if (fault_in_exact_writeable(ubuf + sk_offset,
+ *buf_size - sk_offset))
break;
ret = btrfs_search_forward(root, &key, path, sk->min_transid);
_
Patches currently in -mm which might be from catalin.marinas@arm.com are
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-13 21:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-13 21:08 [to-be-updated] btrfs-avoid-live-lock-in-search_ioctl-on-hardware-with-sub-page-faults.patch removed from -mm tree akpm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).