lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20191118022410.21023-1-msys.mizuma@gmail.com>
Date:   Sun, 17 Nov 2019 21:24:10 -0500
From:   Masayoshi Mizuma <msys.mizuma@...il.com>
To:     Miklos Szeredi <miklos@...redi.hu>, linux-fsdevel@...r.kernel.org
Cc:     Masayoshi Mizuma <msys.mizuma@...il.com>,
        Masayoshi Mizuma <m.mizuma@...fujitsu.com>,
        linux-kernel@...r.kernel.org, virtio-fs@...hat.com
Subject: [PATCH] fuse: Fix the return code of fuse_direct_IO() to deal with the error for aio

From: Masayoshi Mizuma <m.mizuma@...fujitsu.com>

exit_aio() is sometimes stuck in wait_for_completion() after aio is issued
with direct IO and the task receives a signal.

That is because kioctx in mm->ioctx_table is in use by aio_kiocb.
aio_kiocb->ki_refcnt is 1 at that time. That means iocb_put() isn't
called correctly.

fuse_get_req() returns as -EINTR when it's blocked and receives a signal.
fuse_direct_IO() deals with the -EINTER as -EIOCBQUEUED and returns as
-EIOCBQUEUED even though the aio isn't queued.
As the result, aio_rw_done() doesn't handle the error, so iocb_put() isn't
called via aio_complete_rw(), which is the callback.

The flow is something like as:

  io_submit
    aio_get_req
      refcount_set(&req->ki_refcnt, 2)
    __io_submit_one
      aio_read
      ...
        fuse_direct_IO # return as -EIOCBQUEUED
          __fuse_direct_read
          ...
            fuse_get_req # return as -EINTR
        aio_rw_done
          # Nothing to do because ret is -EIOCBQUEUED...
    iocb_put
      refcount_dec_and_test(&iocb->ki_refcnt) # 2->1

Return as the error code of fuse_direct_io() or __fuse_direct_read() in
fuse_direct_IO() so that aio_rw_done() can handle the error and call
iocb_put().

This issue is trucked as a virtio-fs issue:
https://gitlab.com/virtio-fs/qemu/issues/14

Signed-off-by: Masayoshi Mizuma <m.mizuma@...fujitsu.com>
---
 fs/fuse/file.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index db48a5cf8620..87b151aec8f2 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -3115,8 +3115,12 @@ fuse_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
 		fuse_aio_complete(io, ret < 0 ? ret : 0, -1);
 
 		/* we have a non-extending, async request, so return */
-		if (!blocking)
-			return -EIOCBQUEUED;
+		if (!blocking) {
+			if (ret >= 0)
+				return -EIOCBQUEUED;
+			else
+				return ret;
+		}
 
 		wait_for_completion(&wait);
 		ret = fuse_get_res_by_io(io);
-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ