| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250929091022.340341-1-kartikey406@gmail.com>
Date: Mon, 29 Sep 2025 14:40:22 +0530
From: Deepanshu Kartikey <kartikey406@...il.com>
To: kent.overstreet@...ux.dev
Cc: linux-bcachefs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] bcachefs: Fix deadlocks between fallocate and readahead
I found that bchfs_fallocate() only evicts pagecache when FALLOC_FL_ZERO_RANGE is set:
if (mode & FALLOC_FL_ZERO_RANGE) {
truncate_pagecache_range(&inode->v, offset, end - 1);
}
The hole detection code already skips ZERO_RANGE:
if (!(mode & FALLOC_FL_ZERO_RANGE)) {
bch2_clamp_data_hole(...); // Only runs for basic fallocate
}
The syzbot reproducer uses mode=0 (basic fallocate), which doesn't evict pages but does run hole detection and hits the deadlock.
The fix should be to remove pagecache_block_get() from bch2_fallocate_dispatch() and add it only where pages are actually evicted:
In bchfs_fallocate():
if (mode & FALLOC_FL_ZERO_RANGE) {
bch2_pagecache_block_get(inode);
truncate_pagecache_range(...);
// Do allocation work
bch2_pagecache_block_put(inode);
}
Similarly add it to bchfs_fpunch() and bchfs_fcollapse_finsert() around their page eviction calls.
This way basic fallocate never holds the lock, avoiding the deadlock. Does this approach look right?
Powered by blists - more mailing lists