From patchwork Wed Apr 12 13:11:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 13209155 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E708C7619A for ; Wed, 12 Apr 2023 13:12:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 17E066B0074; Wed, 12 Apr 2023 09:12:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 12EE06B0075; Wed, 12 Apr 2023 09:12:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01C7D900002; Wed, 12 Apr 2023 09:12:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E618E6B0074 for ; Wed, 12 Apr 2023 09:12:09 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id B1F241C2286 for ; Wed, 12 Apr 2023 13:12:09 +0000 (UTC) X-FDA: 80672777178.02.6FE00B1 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by imf06.hostedemail.com (Postfix) with ESMTP id 6B40D18001B for ; Wed, 12 Apr 2023 13:12:06 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=none; dmarc=none; spf=none (imf06.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681305127; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p1F4jlp/+dJdRoCeDAnBpQf0gkfcnTQKPqxxjPxTHqw=; b=SK2MKwaTO+GMmccuwUvn0hcyAGPLTUZOd2FwxwcOG7l/h/tbChmBZZEQ0eHK7MOy9phAiY Rwy9pgTjNfP4+IkV9a4e7OctIxP+L2MvoDiER9z0KayA3YQZ1qwfw9f0fNuW98rPUcQ/lT twO2Df1QausZf3fucnuf4dypcPjKCf8= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=none; dmarc=none; spf=none (imf06.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681305127; a=rsa-sha256; cv=none; b=MBGI3DHemgBX+i8TlDiIcscgIbmARESqY7UncSAl1NDdn2bLyz7gpD3osltbw+Cl1q1c4k vwK2PnP18sR0Zi9sgUt6pfWc6RfWW+5fpEMPC5my8ZxVeTUXC2CuDWdlC4ERv+P+1C2djX +pn9hH/3EOK+4x6Yk46UDpMv231dcDo= Received: from fsav111.sakura.ne.jp (fsav111.sakura.ne.jp [27.133.134.238]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 33CDB8lO071949; Wed, 12 Apr 2023 22:11:08 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav111.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp); Wed, 12 Apr 2023 22:11:08 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 33CDB8sg071944 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Wed, 12 Apr 2023 22:11:08 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: Date: Wed, 12 Apr 2023 22:11:08 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Subject: [PATCH] fs/ntfs3: disable page fault during ntfs_fiemap() Content-Language: en-US To: syzbot , ntfs3@lists.linux.dev, syzkaller-bugs@googlegroups.com, Konstantin Komarov References: <000000000000e2102c05eeaf9113@google.com> <00000000000031b80705ef5d33d1@google.com> Cc: Hillf Danton , linux-fsdevel , linux-mm , trix@redhat.com, ndesaulniers@google.com, nathan@kernel.org From: Tetsuo Handa In-Reply-To: <00000000000031b80705ef5d33d1@google.com> X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 6B40D18001B X-Stat-Signature: udwkyc9mkrp6fyjfcqsteh8zaqgctwtc X-Rspam-User: X-HE-Tag: 1681305126-270831 X-HE-Meta: U2FsdGVkX1+GrHJ0rg22mjSoUSXXQrapK6Ggr2TPMpsPG8QhH1oHGxScpRTRfVER5hlfRLAhmwODehGoFXWZoJw5jqWGVOCkhnBtrYBlSpZrJzc5pckuzNdu/aKdneJGTCaubyQyf0U/wBLiXk9eYkTpO3+zIExhVTR7v8vd20wTJRIczHx3+8RUg+Rrhj5CWiBHsC3fJPjSp4u5Df8U7w+kwDMoZhJ8LK76PGy1Ca/lq/xptb8qnPo+353xo9k2B7UUrc5tZNvU++pILaoQ3bG+IcubR7lruucLfMVBo4IR59c1fb5Q+n+oAzkc9QkYeOktSsB35aYuPk1oTN+INI3AydHoe+DV7WmsPA6xKwOxwSulkUK+jizwSj0mZZZD2fdhdWIbK7t5R0yADPddCtS8kpm+TNDJsRfqnkNPxLKDIycCnXqLX2csqyu25JKIFAagyrpA1q8zaRVrNy6Hv82ceTeOvKHYnduGdmJHb6ccICmqDLB3zLCtu/5BnG+TABDHjRt+EN0sOAjRsNmOrgA6ZYPEalx2XQGLY0+f3vLCv7A0XckIw41GoDfiBZ4PKu4Q+V3qiS3kyy6cPuhUvXn3U6tkNRaX9iiIeDoFBvospmt5jZ5FYm8qgZRh9ev/hsqhHgqncDlq1quOrD3uyVFzaz9NxfbLc64TwAav2j/ViUIO1AfOwT1YbbCSrbuf7ssT9LBo65SlLPQsKf3bimqdOF5wj0qPVgRjHBaSupTA+78sDI2FAaWsDmWjBVsEiyQrdKsW3pFclot3wEYtWBuhb+f8eMfzK951rC2aAefEa0uItqdoJhjYuv2ITSc1CRzV/wtOzZyGyjNoPA97WOqF3H9u4eEFsdCAFS40yIeB1h64hxP3sz0X+boeXfHH9cgeasKSkvlVfIYIUG68DVqXQ0/pWJmQVqg05RA6rhRC1X1prQc6NtJ2JJlrpr8dMORb3EQnMwjJE4gwlVt pwCGr6b4 A1SXAP+3I5mIKnB4SG/bGGCFu0d4PPSSXJATx0UnPgg6N9QgW8BgQT2F117tMuuIwpqqu6QQvIbZYLmZUyOyAYQnm72TJ4LBQe7ifD0sFvFdzYnTJOJeNYjZcHgUrxMjMxM3cFdBd+RpQSEcfMbwbjKfKh3i7wnGy4OaX2TVZSME/3nOqHeQOze27iuP6u2crPecIN/Pr5/Di5oGsizJ0IsyM8iVwArkll6lo34ZTlxdNJpUBiabuFs8OTEuWfK36IGZWjtLs2KFKb5tpRFB6yq8t3P3dMvnwl0iaSn+QYOH8NsdRBLeSH1diqTXm4wyc3XMYGDmwdHVOBN5lvVf6lbqPfxcAAuM/husHdQ9lvEnIIGqn2P96tcJrORJvTEgURi6SM4JTz/h3ds/68NzKvEQ1HkjQSsHpr1+GqvYDh+/aVVMBuNjNiOY/xReCPSgZStG8ufX2IN6xCuPaC72TOE5q3Pi0ZWfdNaonlJlbonCSYZOgGbi6mx7g3w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: syzbot is reporting circular locking dependency between ntfs_file_mmap() (which has mm->mmap_lock => ni->ni_lock dependency) and ntfs_fiemap() (which has ni->ni_lock => mm->mmap_lock dependency). Since ni_fiemap() is called by ioctl(FS_IOC_FIEMAP) via optional "struct inode_operations"->fiemap callback, I assume that importance of ni_fiemap() is lower than ntfs_file_mmap(). Also, since Documentation/filesystems/fiemap.rst says that "If an error is encountered while copying the extent to user memory, -EFAULT will be returned.", I assume that ioctl(FS_IOC_FIEMAP) users can handle -EFAULT error. Therefore, in order to eliminate possibility of deadlock, until Assumed ni_lock. TODO: Less aggressive locks. comment in ni_fiemap() is removed, use ni_fiemap() with best-effort basis (i.e. fail with -EFAULT when a page fault is inevitable). Reported-by: syzbot Link: https://syzkaller.appspot.com/bug?extid=96cee7d33ca3f87eee86 Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation") Signed-off-by: Tetsuo Handa --- fs/ntfs3/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c index e9bdc1ff08c9..a9e7204e1579 100644 --- a/fs/ntfs3/file.c +++ b/fs/ntfs3/file.c @@ -1146,9 +1146,11 @@ int ntfs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, return err; ni_lock(ni); + pagefault_disable(); err = ni_fiemap(ni, fieinfo, start, len); + pagefault_enable(); ni_unlock(ni); return err;