From patchwork Tue Feb 7 13:39:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 13131539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16B6CC636CD for ; Tue, 7 Feb 2023 13:39:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 45AC96B0087; Tue, 7 Feb 2023 08:39:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 40B186B0089; Tue, 7 Feb 2023 08:39:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D2786B0099; Tue, 7 Feb 2023 08:39:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1A5A06B0087 for ; Tue, 7 Feb 2023 08:39:30 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id C8CDF804C9 for ; Tue, 7 Feb 2023 13:39:29 +0000 (UTC) X-FDA: 80440602858.13.81393F7 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf14.hostedemail.com (Postfix) with ESMTP id 1F252100008 for ; Tue, 7 Feb 2023 13:39:27 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=EogV5usZ; spf=pass (imf14.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675777168; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=+ct4EEN1Tx2kpi+pcudcB8r2YKIl9DGh1ohw3MpFlVY=; b=B0r7kRI5vIqVMFU6nk0zjJr8xheD7nVVXrrNKOn/yE34IziQ+UsWv1lD5c7e4NIifcbLaa M6GQGYGzZe8Y5MoKejoPSS09NDjYpfcaSEzaAKx8k7uGrgIW7m94fzUu4xuFv9zmNs1keU /RKVXf03iT3CNJR5Vhv0cQXNYPIZNxE= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=EogV5usZ; spf=pass (imf14.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675777168; a=rsa-sha256; cv=none; b=PLSEy/KhcrmNXPesnDqV4bhdrR1bvpD7pemEGYN20XgNaOWcjIOO9y+F+5XH4hBvD714mF H06g8S/U9Lx/lMhFZXj1XBJNeuhEu8++qXHiAyWUHWancnDdvCMMbtkKjH4zp3ICZnUt92 JapEs2fQTGNv2MjMsh+I2TgPmoNkQhg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1675777167; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=+ct4EEN1Tx2kpi+pcudcB8r2YKIl9DGh1ohw3MpFlVY=; b=EogV5usZ2Zsv4unCeXk52t9gjqtRlL13wfpnxVOtHbow6VRXwL41HgbQ18X9E+mYqA7x7e 6Qu9w4O/jEijJNGPERqPs2Jgho8la4QlpiNJq5zjnrFo1JeTf/ozZYbjJbfDdb+MGT2n9D hhGf3aBhLBvxAE0W4IGIEEzxFLB+71E= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-662-WvHxkaGVM-CnLEd43YiVOQ-1; Tue, 07 Feb 2023 08:39:24 -0500 X-MC-Unique: WvHxkaGVM-CnLEd43YiVOQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8D0D6887401; Tue, 7 Feb 2023 13:39:23 +0000 (UTC) Received: from warthog.procyon.org.uk.com (unknown [10.33.36.97]) by smtp.corp.redhat.com (Postfix) with ESMTP id A8AE3175AD; Tue, 7 Feb 2023 13:39:20 +0000 (UTC) From: David Howells To: Jens Axboe , Al Viro , Christoph Hellwig Cc: David Howells , Matthew Wilcox , Jan Kara , Jeff Layton , David Hildenbrand , Jason Gunthorpe , Logan Gunthorpe , Hillf Danton , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH 0/2] iomap, splice: Fix DIO/splice_read race memory corruptor and kill off ITER_PIPE Date: Tue, 7 Feb 2023 13:39:14 +0000 Message-Id: <20230207133916.3109147-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Rspamd-Queue-Id: 1F252100008 X-Stat-Signature: cakcrrrey4333t1y13qggyfgmxsf46kn X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1675777167-454026 X-HE-Meta: U2FsdGVkX1/y2xMEhDG/Q3DfdR4J07mKUtUz15McLW1igdxhfyVtdyCQkGLw6nfaZ0WWKtRqMs/R1rJSHL10V5flSNHL2qG4mHbUU7ydVrWWOmG1kAlZxOBYfDtvuU6kWssobIlH5p9wmwJvjRmyXIKVdxlIbdoOkxe38RY8Zn1rpXLTcKy7KE4ruBqyZ7xd0Mzjp0XFiZosq58qwabdOpyZSJZqP6D0fRvlf3lCG6YBEE3yFZVEZlsIyThNBos+wlJr5KWUgGmV1wl7kYcgfLEoU2jcnHn8077oL3UhP+aDJ5EH+l/B7s4KVGXwUVr9P7cSItO8fSbVbG6zMree+iLocxN36AiIc8dbZvwRG+WbFmyhcQGvHLepRjRJTgZaAMG+OpuTbHJUfiMgLJ5pY6WU/2DFZyUQArMej2A6stWKrvi4+Gnn6oMOjQkiNnntp/Mg1PnZXkPzS/SGHXhm7YxIDDbqEv+jElW4hFjXV+8TEmgL1bpBpezcEoEifj51FTGaC5cikU8kYhZUkofIkBNDo9u0PrLf8b886+d3+aIB2BomRL5LPYetMvcC6SJLcq6YPUWY2SonKYjxYMxxswNEBihszv4HO9y2vzgINHDODTc5YVFip6Tsg9rtD+kWwT+WmLhLKHFcymKMDSIVqUWROytPqstT+G5/dlpUAC/tkkzTPsC2fh3wlrVTtY/MBHHWicenhmE/p8hNdU10IyRSJuKid7WqvEu22VKZzngVaypKy4PhK4kmq3hINs+JrJmWkW9L1FrLxpjovmsEvgKDLAFOMnCm+waegj5cHukQcSxJp6ACQPCeNdhnNHp1D7A4CUHlDGoFRJvGK+FiMYFmrkGyMIbHfzd+aEd/wRWZ990c2XqaE/z3K5zL8y8besgajwszuB7d8Jp6gIAMQsYZjnMU9D/fEPLj4zg4IMMI+4DzLzIMFhgISqEMxNcFNnWz0cAbmaPIHU0SZMG I51Liq96 OU0qnEHMr2UWIOmIV8e5+BtzO2Bz8WlwE3RIqAaRTodSu84qrSejRZYSGTX9jskDsf00LDwtdREP9jtYr28/UG4b3rZvnZ3djFEIBsGC0ivMucbWlci4Xo4Uc0Tp+IfcPv7fHjQT2IQAR/fTC2+QI4nrMAaBpELOV462Oifuk/A7M65jNXrD0JjMz2SlYUl+25Z5Xr8xR8f6958comBSggA4reoUgOY2VSG3D+BW4+KZQ7RuqbIQxw2b8M0nTd8POkNpnOIwjyaxvTdbdkFIzJXquZNVzk5yweUVcTQoG5W2qS1/VmJPAFyLN/1IADAFKxHBktk2yFHyZ8ByEMCsBMap5z9PkLl/75dBHpIS88MKF37miUJnDqRbkzv92OnddTUEP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Jens, Christoph, Al, Syzbot found a bug[1] that my bio/FOLL_PIN code[2] inadvertently introduced. The problem is that with my patches, pages obtained from kernel-backed iterators aren't ref'd or pinned when they're extracted and thus struct bio doesn't retain them. A DIO-read from a file through iomap that races with truncate may in __iomap_dio_rw() call iov_iter_revert() on the iov_iter it was given. Unfortunately, if the iterator is an ITER_PIPE, the reversion has side effects: the pages rolled back get released. Those pages, however, are not retained by the uncompleted bio and may get modified after their release. The first patch fixes this by switching to bulk allocating all the necessary pages up front and adding them to an ITER_BVEC iterator, doing the I/O and only then trimming the excess pages. The remaining pages are then pushed into the pipe. This has the downside (as the code stands) of not handling any partial page lurking in the pipe - though that could be places as the first element in the bvec. OTOH, using the bulk allocation API should be more efficient. As this is the only user of ITER_PIPE, the second patch removes ITER_PIPE and all its associated iov_iter helper functions. Thanks to Hillf Danton for spotting that iov_iter_revert() was involved[3]. [!] Jens: Note that there's a window in the linux-block/for-next branch with a memory corruptor bug that someone bisecting might hit. These two patches would be better pushed to the front of my iov-extract branch to eliminate the window. Would it be possible for you to replace my branch in your for-next branch at this point? I've pushed the patches here also: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=iov-fixes David Link: https://lore.kernel.org/r/000000000000b0b3c005f3a09383@google.com/ [1] Link: https://lore.kernel.org/r/20230126141626.2809643-1-dhowells@redhat.com/ [2] Link: https://lore.kernel.org/r/20230207094731.1390-1-hdanton@sina.com/ [3] David Howells (2): vfs, iomap: Fix generic_file_splice_read() to avoid reversion of ITER_PIPE iov_iter: Kill ITER_PIPE fs/cifs/file.c | 8 +- fs/splice.c | 76 ++++++- include/linux/uio.h | 14 -- lib/iov_iter.c | 492 +------------------------------------------- mm/filemap.c | 3 - 5 files changed, 72 insertions(+), 521 deletions(-)