From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752594AbdBEVB4 (ORCPT ); Sun, 5 Feb 2017 16:01:56 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:38096 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752323AbdBEVBy (ORCPT ); Sun, 5 Feb 2017 16:01:54 -0500 Date: Sun, 5 Feb 2017 21:01:51 +0000 From: Al Viro To: Miklos Szeredi Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Linux NFS list , ceph-devel@vger.kernel.org, lustre-devel@lists.lustre.org, v9fs-developer@lists.sourceforge.net, Linus Torvalds , Jan Kara , Chris Wilson , "Kirill A. Shutemov" , Jeff Layton Subject: Re: [PATCH v3 0/2] iov_iter: allow iov_iter_get_pages_alloc to allocate more pages per call Message-ID: <20170205210151.GD13195@ZenIV.linux.org.uk> References: <20170124212327.14517-1-jlayton@redhat.com> <20170125133205.21704-1-jlayton@redhat.com> <20170202095125.GF27291@ZenIV.linux.org.uk> <20170204030842.GL27291@ZenIV.linux.org.uk> <20170205015145.GB13195@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 05, 2017 at 09:15:24PM +0100, Miklos Szeredi wrote: > That case is fine. But nothing guarantees that fuse_abort_conn() > won't be called (in the non-deadlock case) when data is being copied > to the request args. Ending the request at such a point could easily > lead to use after free, So why not leave ending it to your fuse_dev_do_write()/fuse_dev_do_read()? See the reply I'd just sent (your mail arrived while I'd been writing that one - saw it only after I'd sent mine). Basically, what if we keep FR_LOCKED through *all* fuse_dev_do_{read,write}(), rather than dropping and regaining it many times and have fuse_abort_conn() skip request_end() on FR_LOCKED ones? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [PATCH v3 0/2] iov_iter: allow iov_iter_get_pages_alloc to allocate more pages per call Date: Sun, 5 Feb 2017 21:01:51 +0000 Message-ID: <20170205210151.GD13195@ZenIV.linux.org.uk> References: <20170124212327.14517-1-jlayton@redhat.com> <20170125133205.21704-1-jlayton@redhat.com> <20170202095125.GF27291@ZenIV.linux.org.uk> <20170204030842.GL27291@ZenIV.linux.org.uk> <20170205015145.GB13195@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-nfs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Miklos Szeredi Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Linux NFS list , ceph-devel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, lustre-devel-aLEFhgZF4x6X6Mz3xDxJMA@public.gmane.org, v9fs-developer-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, Linus Torvalds , Jan Kara , Chris Wilson , "Kirill A. Shutemov" , Jeff Layton List-Id: ceph-devel.vger.kernel.org On Sun, Feb 05, 2017 at 09:15:24PM +0100, Miklos Szeredi wrote: > That case is fine. But nothing guarantees that fuse_abort_conn() > won't be called (in the non-deadlock case) when data is being copied > to the request args. Ending the request at such a point could easily > lead to use after free, So why not leave ending it to your fuse_dev_do_write()/fuse_dev_do_read()? See the reply I'd just sent (your mail arrived while I'd been writing that one - saw it only after I'd sent mine). Basically, what if we keep FR_LOCKED through *all* fuse_dev_do_{read,write}(), rather than dropping and regaining it many times and have fuse_abort_conn() skip request_end() on FR_LOCKED ones? -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Date: Sun, 5 Feb 2017 21:01:51 +0000 Subject: [lustre-devel] [PATCH v3 0/2] iov_iter: allow iov_iter_get_pages_alloc to allocate more pages per call In-Reply-To: References: <20170124212327.14517-1-jlayton@redhat.com> <20170125133205.21704-1-jlayton@redhat.com> <20170202095125.GF27291@ZenIV.linux.org.uk> <20170204030842.GL27291@ZenIV.linux.org.uk> <20170205015145.GB13195@ZenIV.linux.org.uk> Message-ID: <20170205210151.GD13195@ZenIV.linux.org.uk> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Miklos Szeredi Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Linux NFS list , ceph-devel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, lustre-devel-aLEFhgZF4x6X6Mz3xDxJMA@public.gmane.org, v9fs-developer-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, Linus Torvalds , Jan Kara , Chris Wilson , "Kirill A. Shutemov" , Jeff Layton On Sun, Feb 05, 2017 at 09:15:24PM +0100, Miklos Szeredi wrote: > That case is fine. But nothing guarantees that fuse_abort_conn() > won't be called (in the non-deadlock case) when data is being copied > to the request args. Ending the request at such a point could easily > lead to use after free, So why not leave ending it to your fuse_dev_do_write()/fuse_dev_do_read()? See the reply I'd just sent (your mail arrived while I'd been writing that one - saw it only after I'd sent mine). Basically, what if we keep FR_LOCKED through *all* fuse_dev_do_{read,write}(), rather than dropping and regaining it many times and have fuse_abort_conn() skip request_end() on FR_LOCKED ones?