All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] autofs4: Fix endless loop in autofs4_write
@ 2016-06-10 17:07 ` Laurent Dufour
  0 siblings, 0 replies; 6+ messages in thread
From: Laurent Dufour @ 2016-06-10 17:07 UTC (permalink / raw)
  To: autofs; +Cc: Ian Kent, linux-kernel, stable

The 'commit e9a7c2f1a548 ("autofs4: coding style fixes")' removed the
check done on the __vfs_write()'s returned value in autofs4_write().
This may lead to a spinning process which can't catch any signal.

Call stack showed in xmon could be :
[c0000003a76c7500] c00000000030df74 __vfs_write+0x134/0x1c0
(unreliable)
[c0000003a76c75a0] d0000000052a35d4 autofs4_notify_daemon+0x174/0x3f0
[autofs4]
[c0000003a76c7780] d0000000052a3fa0 autofs4_wait+0x750/0xa10 [autofs4]
[c0000003a76c78b0] d0000000052a24d8 autofs4_mount_wait+0x78/0x140
[autofs4]
[c0000003a76c7930] d0000000052a2f48 autofs4_d_automount+0x1d8/0x370
[autofs4]
[c0000003a76c79c0] c0000000003221e4 follow_managed+0x204/0x3a0
[c0000003a76c7a20] c000000000322c10 lookup_fast+0x220/0x420
[c0000003a76c7a90] c00000000032324c walk_component+0x5c/0x3e0
[c0000003a76c7b00] c000000000323794 link_path_walk+0x1c4/0x5f0
[c0000003a76c7b90] c000000000324b00 path_openat+0xf0/0x1620
[c0000003a76c7c90] c000000000327f6c do_filp_open+0xfc/0x170
[c0000003a76c7dc0] c00000000030d06c do_sys_open+0x1bc/0x2e0
[c0000003a76c7e30] c000000000009260 system_call+0x38/0x108
--- Exception: c01 (System Call) at 00003fffa38a0988

Cc: Ian Kent <raven@themaw.net>
Cc: autofs@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Fixes: e9a7c2f1a548 ("autofs4: coding style fixes")
---
 fs/autofs4/waitq.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 0146d911f468..106d94139281 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -66,11 +66,12 @@ static int autofs4_write(struct autofs_sb_info *sbi,
 	set_fs(KERNEL_DS);
 
 	mutex_lock(&sbi->pipe_mutex);
-	wr = __vfs_write(file, data, bytes, &file->f_pos);
-	while (bytes && wr) {
+	while (bytes) {
+		wr = __vfs_write(file, data, bytes, &file->f_pos);
+		if (wr < 0)
+			break;
 		data += wr;
 		bytes -= wr;
-		wr = __vfs_write(file, data, bytes, &file->f_pos);
 	}
 	mutex_unlock(&sbi->pipe_mutex);
 
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [PATCH] autofs4: Fix endless loop in autofs4_write
@ 2016-06-10 17:07 ` Laurent Dufour
  0 siblings, 0 replies; 6+ messages in thread
From: Laurent Dufour @ 2016-06-10 17:07 UTC (permalink / raw)
  To: autofs; +Cc: Ian Kent, linux-kernel, stable

The 'commit e9a7c2f1a548 ("autofs4: coding style fixes")' removed the
check done on the __vfs_write()'s returned value in autofs4_write().
This may lead to a spinning process which can't catch any signal.

Call stack showed in xmon could be :
[c0000003a76c7500] c00000000030df74 __vfs_write+0x134/0x1c0
(unreliable)
[c0000003a76c75a0] d0000000052a35d4 autofs4_notify_daemon+0x174/0x3f0
[autofs4]
[c0000003a76c7780] d0000000052a3fa0 autofs4_wait+0x750/0xa10 [autofs4]
[c0000003a76c78b0] d0000000052a24d8 autofs4_mount_wait+0x78/0x140
[autofs4]
[c0000003a76c7930] d0000000052a2f48 autofs4_d_automount+0x1d8/0x370
[autofs4]
[c0000003a76c79c0] c0000000003221e4 follow_managed+0x204/0x3a0
[c0000003a76c7a20] c000000000322c10 lookup_fast+0x220/0x420
[c0000003a76c7a90] c00000000032324c walk_component+0x5c/0x3e0
[c0000003a76c7b00] c000000000323794 link_path_walk+0x1c4/0x5f0
[c0000003a76c7b90] c000000000324b00 path_openat+0xf0/0x1620
[c0000003a76c7c90] c000000000327f6c do_filp_open+0xfc/0x170
[c0000003a76c7dc0] c00000000030d06c do_sys_open+0x1bc/0x2e0
[c0000003a76c7e30] c000000000009260 system_call+0x38/0x108
--- Exception: c01 (System Call) at 00003fffa38a0988

Cc: Ian Kent <raven@themaw.net>
Cc: autofs@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Fixes: e9a7c2f1a548 ("autofs4: coding style fixes")
---
 fs/autofs4/waitq.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 0146d911f468..106d94139281 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -66,11 +66,12 @@ static int autofs4_write(struct autofs_sb_info *sbi,
 	set_fs(KERNEL_DS);
 
 	mutex_lock(&sbi->pipe_mutex);
-	wr = __vfs_write(file, data, bytes, &file->f_pos);
-	while (bytes && wr) {
+	while (bytes) {
+		wr = __vfs_write(file, data, bytes, &file->f_pos);
+		if (wr < 0)
+			break;
 		data += wr;
 		bytes -= wr;
-		wr = __vfs_write(file, data, bytes, &file->f_pos);
 	}
 	mutex_unlock(&sbi->pipe_mutex);
 
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe autofs" in

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] autofs4: Fix endless loop in autofs4_write
  2016-06-10 17:07 ` Laurent Dufour
@ 2016-06-11  1:09   ` Ian Kent
  -1 siblings, 0 replies; 6+ messages in thread
From: Ian Kent @ 2016-06-11  1:09 UTC (permalink / raw)
  To: Laurent Dufour, autofs; +Cc: linux-kernel, stable

On Fri, 2016-06-10 at 19:07 +0200, Laurent Dufour wrote:
> The 'commit e9a7c2f1a548 ("autofs4: coding style fixes")' removed the
> check done on the __vfs_write()'s returned value in autofs4_write().
> This may lead to a spinning process which can't catch any signal.

Yeah, sorry my bad.

> 
> Call stack showed in xmon could be :
> [c0000003a76c7500] c00000000030df74 __vfs_write+0x134/0x1c0
> (unreliable)
> [c0000003a76c75a0] d0000000052a35d4 autofs4_notify_daemon+0x174/0x3f0
> [autofs4]
> [c0000003a76c7780] d0000000052a3fa0 autofs4_wait+0x750/0xa10 [autofs4]
> [c0000003a76c78b0] d0000000052a24d8 autofs4_mount_wait+0x78/0x140
> [autofs4]
> [c0000003a76c7930] d0000000052a2f48 autofs4_d_automount+0x1d8/0x370
> [autofs4]
> [c0000003a76c79c0] c0000000003221e4 follow_managed+0x204/0x3a0
> [c0000003a76c7a20] c000000000322c10 lookup_fast+0x220/0x420
> [c0000003a76c7a90] c00000000032324c walk_component+0x5c/0x3e0
> [c0000003a76c7b00] c000000000323794 link_path_walk+0x1c4/0x5f0
> [c0000003a76c7b90] c000000000324b00 path_openat+0xf0/0x1620
> [c0000003a76c7c90] c000000000327f6c do_filp_open+0xfc/0x170
> [c0000003a76c7dc0] c00000000030d06c do_sys_open+0x1bc/0x2e0
> [c0000003a76c7e30] c000000000009260 system_call+0x38/0x108
> --- Exception: c01 (System Call) at 00003fffa38a0988
> 
> Cc: Ian Kent <raven@themaw.net>
> Cc: autofs@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: stable@vger.kernel.org
> Reviewed-by: Greg Kurz <groug@kaod.org>
> Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
> Fixes: e9a7c2f1a548 ("autofs4: coding style fixes")
> ---
>  fs/autofs4/waitq.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
> index 0146d911f468..106d94139281 100644
> --- a/fs/autofs4/waitq.c
> +++ b/fs/autofs4/waitq.c
> @@ -66,11 +66,12 @@ static int autofs4_write(struct autofs_sb_info *sbi,
>  	set_fs(KERNEL_DS);
>  
>  	mutex_lock(&sbi->pipe_mutex);
> -	wr = __vfs_write(file, data, bytes, &file->f_pos);
> -	while (bytes && wr) {

Right but why not just wr >= 0 here.

I guess this patch probably saves a few bytes.

I'll add it to the series.
 
> +	while (bytes) {
> +		wr = __vfs_write(file, data, bytes, &file->f_pos);
> +		if (wr < 0)
> +			break;
>  		data += wr;
>  		bytes -= wr;
> -		wr = __vfs_write(file, data, bytes, &file->f_pos);
>  	}
>  	mutex_unlock(&sbi->pipe_mutex);
>  

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] autofs4: Fix endless loop in autofs4_write
@ 2016-06-11  1:09   ` Ian Kent
  0 siblings, 0 replies; 6+ messages in thread
From: Ian Kent @ 2016-06-11  1:09 UTC (permalink / raw)
  To: Laurent Dufour, autofs; +Cc: linux-kernel, stable

On Fri, 2016-06-10 at 19:07 +0200, Laurent Dufour wrote:
> The 'commit e9a7c2f1a548 ("autofs4: coding style fixes")' removed the
> check done on the __vfs_write()'s returned value in autofs4_write().
> This may lead to a spinning process which can't catch any signal.

Yeah, sorry my bad.

> 
> Call stack showed in xmon could be :
> [c0000003a76c7500] c00000000030df74 __vfs_write+0x134/0x1c0
> (unreliable)
> [c0000003a76c75a0] d0000000052a35d4 autofs4_notify_daemon+0x174/0x3f0
> [autofs4]
> [c0000003a76c7780] d0000000052a3fa0 autofs4_wait+0x750/0xa10 [autofs4]
> [c0000003a76c78b0] d0000000052a24d8 autofs4_mount_wait+0x78/0x140
> [autofs4]
> [c0000003a76c7930] d0000000052a2f48 autofs4_d_automount+0x1d8/0x370
> [autofs4]
> [c0000003a76c79c0] c0000000003221e4 follow_managed+0x204/0x3a0
> [c0000003a76c7a20] c000000000322c10 lookup_fast+0x220/0x420
> [c0000003a76c7a90] c00000000032324c walk_component+0x5c/0x3e0
> [c0000003a76c7b00] c000000000323794 link_path_walk+0x1c4/0x5f0
> [c0000003a76c7b90] c000000000324b00 path_openat+0xf0/0x1620
> [c0000003a76c7c90] c000000000327f6c do_filp_open+0xfc/0x170
> [c0000003a76c7dc0] c00000000030d06c do_sys_open+0x1bc/0x2e0
> [c0000003a76c7e30] c000000000009260 system_call+0x38/0x108
> --- Exception: c01 (System Call) at 00003fffa38a0988
> 
> Cc: Ian Kent <raven@themaw.net>
> Cc: autofs@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: stable@vger.kernel.org
> Reviewed-by: Greg Kurz <groug@kaod.org>
> Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
> Fixes: e9a7c2f1a548 ("autofs4: coding style fixes")
> ---
>  fs/autofs4/waitq.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
> index 0146d911f468..106d94139281 100644
> --- a/fs/autofs4/waitq.c
> +++ b/fs/autofs4/waitq.c
> @@ -66,11 +66,12 @@ static int autofs4_write(struct autofs_sb_info *sbi,
>  	set_fs(KERNEL_DS);
>  
>  	mutex_lock(&sbi->pipe_mutex);
> -	wr = __vfs_write(file, data, bytes, &file->f_pos);
> -	while (bytes && wr) {

Right but why not just wr >= 0 here.

I guess this patch probably saves a few bytes.

I'll add it to the series.
 
> +	while (bytes) {
> +		wr = __vfs_write(file, data, bytes, &file->f_pos);
> +		if (wr < 0)
> +			break;
>  		data += wr;
>  		bytes -= wr;
> -		wr = __vfs_write(file, data, bytes, &file->f_pos);
>  	}
>  	mutex_unlock(&sbi->pipe_mutex);
>  


--
To unsubscribe from this list: send the line "unsubscribe autofs" in

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] autofs4: Fix endless loop in autofs4_write
  2016-06-11  1:09   ` Ian Kent
@ 2016-06-11  1:49     ` Ian Kent
  -1 siblings, 0 replies; 6+ messages in thread
From: Ian Kent @ 2016-06-11  1:49 UTC (permalink / raw)
  To: Laurent Dufour, autofs; +Cc: linux-kernel, stable

On Sat, 2016-06-11 at 09:09 +0800, Ian Kent wrote:
> On Fri, 2016-06-10 at 19:07 +0200, Laurent Dufour wrote:
> > The 'commit e9a7c2f1a548 ("autofs4: coding style fixes")' removed the
> > check done on the __vfs_write()'s returned value in autofs4_write().
> > This may lead to a spinning process which can't catch any signal.
> 
> Yeah, sorry my bad.

Actually Andrei Vagin has already sent this patch to me some time ago and I'm
working to send it to Andrew Morton (along with several others).

There have been a couple of hold ups on this, sorry about that.

> 
> > 
> > Call stack showed in xmon could be :
> > [c0000003a76c7500] c00000000030df74 __vfs_write+0x134/0x1c0
> > (unreliable)
> > [c0000003a76c75a0] d0000000052a35d4 autofs4_notify_daemon+0x174/0x3f0
> > [autofs4]
> > [c0000003a76c7780] d0000000052a3fa0 autofs4_wait+0x750/0xa10 [autofs4]
> > [c0000003a76c78b0] d0000000052a24d8 autofs4_mount_wait+0x78/0x140
> > [autofs4]
> > [c0000003a76c7930] d0000000052a2f48 autofs4_d_automount+0x1d8/0x370
> > [autofs4]
> > [c0000003a76c79c0] c0000000003221e4 follow_managed+0x204/0x3a0
> > [c0000003a76c7a20] c000000000322c10 lookup_fast+0x220/0x420
> > [c0000003a76c7a90] c00000000032324c walk_component+0x5c/0x3e0
> > [c0000003a76c7b00] c000000000323794 link_path_walk+0x1c4/0x5f0
> > [c0000003a76c7b90] c000000000324b00 path_openat+0xf0/0x1620
> > [c0000003a76c7c90] c000000000327f6c do_filp_open+0xfc/0x170
> > [c0000003a76c7dc0] c00000000030d06c do_sys_open+0x1bc/0x2e0
> > [c0000003a76c7e30] c000000000009260 system_call+0x38/0x108
> > --- Exception: c01 (System Call) at 00003fffa38a0988
> > 
> > Cc: Ian Kent <raven@themaw.net>
> > Cc: autofs@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > Cc: stable@vger.kernel.org
> > Reviewed-by: Greg Kurz <groug@kaod.org>
> > Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
> > Fixes: e9a7c2f1a548 ("autofs4: coding style fixes")
> > ---
> >  fs/autofs4/waitq.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> > 
> > diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
> > index 0146d911f468..106d94139281 100644
> > --- a/fs/autofs4/waitq.c
> > +++ b/fs/autofs4/waitq.c
> > @@ -66,11 +66,12 @@ static int autofs4_write(struct autofs_sb_info *sbi,
> >  	set_fs(KERNEL_DS);
> >  
> >  	mutex_lock(&sbi->pipe_mutex);
> > -	wr = __vfs_write(file, data, bytes, &file->f_pos);
> > -	while (bytes && wr) {
> 
> Right but why not just wr >= 0 here.
> 
> I guess this patch probably saves a few bytes.
> 
> I'll add it to the series.
>  
> > +	while (bytes) {
> > +		wr = __vfs_write(file, data, bytes, &file->f_pos);
> > +		if (wr < 0)
> > +			break;
> >  		data += wr;
> >  		bytes -= wr;
> > -		wr = __vfs_write(file, data, bytes, &file->f_pos);
> >  	}
> >  	mutex_unlock(&sbi->pipe_mutex);
> >  
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] autofs4: Fix endless loop in autofs4_write
@ 2016-06-11  1:49     ` Ian Kent
  0 siblings, 0 replies; 6+ messages in thread
From: Ian Kent @ 2016-06-11  1:49 UTC (permalink / raw)
  To: Laurent Dufour, autofs; +Cc: linux-kernel, stable

On Sat, 2016-06-11 at 09:09 +0800, Ian Kent wrote:
> On Fri, 2016-06-10 at 19:07 +0200, Laurent Dufour wrote:
> > The 'commit e9a7c2f1a548 ("autofs4: coding style fixes")' removed the
> > check done on the __vfs_write()'s returned value in autofs4_write().
> > This may lead to a spinning process which can't catch any signal.
> 
> Yeah, sorry my bad.

Actually Andrei Vagin has already sent this patch to me some time ago and I'm
working to send it to Andrew Morton (along with several others).

There have been a couple of hold ups on this, sorry about that.

> 
> > 
> > Call stack showed in xmon could be :
> > [c0000003a76c7500] c00000000030df74 __vfs_write+0x134/0x1c0
> > (unreliable)
> > [c0000003a76c75a0] d0000000052a35d4 autofs4_notify_daemon+0x174/0x3f0
> > [autofs4]
> > [c0000003a76c7780] d0000000052a3fa0 autofs4_wait+0x750/0xa10 [autofs4]
> > [c0000003a76c78b0] d0000000052a24d8 autofs4_mount_wait+0x78/0x140
> > [autofs4]
> > [c0000003a76c7930] d0000000052a2f48 autofs4_d_automount+0x1d8/0x370
> > [autofs4]
> > [c0000003a76c79c0] c0000000003221e4 follow_managed+0x204/0x3a0
> > [c0000003a76c7a20] c000000000322c10 lookup_fast+0x220/0x420
> > [c0000003a76c7a90] c00000000032324c walk_component+0x5c/0x3e0
> > [c0000003a76c7b00] c000000000323794 link_path_walk+0x1c4/0x5f0
> > [c0000003a76c7b90] c000000000324b00 path_openat+0xf0/0x1620
> > [c0000003a76c7c90] c000000000327f6c do_filp_open+0xfc/0x170
> > [c0000003a76c7dc0] c00000000030d06c do_sys_open+0x1bc/0x2e0
> > [c0000003a76c7e30] c000000000009260 system_call+0x38/0x108
> > --- Exception: c01 (System Call) at 00003fffa38a0988
> > 
> > Cc: Ian Kent <raven@themaw.net>
> > Cc: autofs@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > Cc: stable@vger.kernel.org
> > Reviewed-by: Greg Kurz <groug@kaod.org>
> > Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
> > Fixes: e9a7c2f1a548 ("autofs4: coding style fixes")
> > ---
> >  fs/autofs4/waitq.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> > 
> > diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
> > index 0146d911f468..106d94139281 100644
> > --- a/fs/autofs4/waitq.c
> > +++ b/fs/autofs4/waitq.c
> > @@ -66,11 +66,12 @@ static int autofs4_write(struct autofs_sb_info *sbi,
> >  	set_fs(KERNEL_DS);
> >  
> >  	mutex_lock(&sbi->pipe_mutex);
> > -	wr = __vfs_write(file, data, bytes, &file->f_pos);
> > -	while (bytes && wr) {
> 
> Right but why not just wr >= 0 here.
> 
> I guess this patch probably saves a few bytes.
> 
> I'll add it to the series.
>  
> > +	while (bytes) {
> > +		wr = __vfs_write(file, data, bytes, &file->f_pos);
> > +		if (wr < 0)
> > +			break;
> >  		data += wr;
> >  		bytes -= wr;
> > -		wr = __vfs_write(file, data, bytes, &file->f_pos);
> >  	}
> >  	mutex_unlock(&sbi->pipe_mutex);
> >  
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
--
To unsubscribe from this list: send the line "unsubscribe autofs" in

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-06-11  1:49 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-10 17:07 [PATCH] autofs4: Fix endless loop in autofs4_write Laurent Dufour
2016-06-10 17:07 ` Laurent Dufour
2016-06-11  1:09 ` Ian Kent
2016-06-11  1:09   ` Ian Kent
2016-06-11  1:49   ` Ian Kent
2016-06-11  1:49     ` Ian Kent

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.