From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S967786AbcA0U10 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 27 Jan 2016 15:27:26 -0500
Received: from mx2.suse.de ([195.135.220.15]:41268 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S965366AbcA0U1S (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 27 Jan 2016 15:27:18 -0500
Date: Wed, 27 Jan 2016 21:27:15 +0100 (CET)
From: Jiri Kosina <jikos@kernel.org>
X-X-Sender: jkosina@pobox.suse.cz
To: Dmitry Vyukov <dvyukov@google.com>
cc: NeilBrown <neilb@suse.com>, Takashi Iwai <tiwai@suse.de>,
        Jens Axboe <axboe@fb.com>, Hannes Reinecke <hare@suse.de>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>,
        Sasha Levin <sasha.levin@oracle.com>
Subject: Re: floppy: GPF in floppy_rb0_cb
In-Reply-To: <CACT4Y+ZoPYvyA4+gcepYVrCPBePOsJaPNoUgRDNBN+6HuO5Dyw@mail.gmail.com>
Message-ID: <alpine.LNX.2.00.1601272125570.21446@cbobk.fhfr.pm>
References: <CACT4Y+YFG2T=uCd4VPa8KFagf2+UgVTV4--Fk9ozuUcdps_4rA@mail.gmail.com> <alpine.LNX.2.00.1601251448410.21446@cbobk.fhfr.pm> <CACT4Y+YOWzuiUQ96EqvP1Ca7c52uiLKbBR020_f6PbxH_zXdjA@mail.gmail.com> <alpine.LNX.2.00.1601271745230.21446@cbobk.fhfr.pm>
 <CACT4Y+ZoPYvyA4+gcepYVrCPBePOsJaPNoUgRDNBN+6HuO5Dyw@mail.gmail.com>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 27 Jan 2016, Dmitry Vyukov wrote:

> > Alright, there is a serious issue with how floppy_revalidate() handles
> > error from lock_fdc() (in-depth explanation for the curious: it doesn't).
> >
> > In case wait_for_event_interruptible() is actually interrupted without
> > succesfully claiming fdc, we proceed with revalidation, causing all kinds
> > of havoc (because another parallel request is still in progress).
> >
> > The whole story with the 'interruptible' parameter to lock_fdc() is funny
> > as well, because we always wait interruptibly anyway. So it can be nuked.
> > Most of the lock_fdc() callsites do properly handle error (and propagate
> > EINTR), but floppy_revalidate() and floppy_check_events() don't.
> >
> > Could you please let syzkaller retest with the patch below? It fixes all
> > the oopses I am able to trigger here.
> 
> Done. I will get back to you if I see any other oops.

Please also get to me in case you don't see any other oops after the 
timeframe you have been able to reproduce the original problem, so that we 
could consider the issue resolved and I can make proper patch from this 
and send it upstream.

Thanks,

-- 
Jiri Kosina
SUSE Labs