mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 15:20:41 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/fuse
History
Hou Tao 533070db65 fuse: clear FR_SENT when re-adding requests into pending list 
[ Upstream commit 246014876d ]

The following warning was reported by lee bruce:

  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300
  fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300
  Modules linked in:
  CPU: 0 PID: 8264 Comm: ab2 Not tainted 6.9.0-rc7
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
  RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300
  ......
  Call Trace:
  <TASK>
  fuse_dev_do_read.constprop.0+0xd36/0x1dd0 fs/fuse/dev.c:1334
  fuse_dev_read+0x166/0x200 fs/fuse/dev.c:1367
  call_read_iter include/linux/fs.h:2104 [inline]
  new_sync_read fs/read_write.c:395 [inline]
  vfs_read+0x85b/0xba0 fs/read_write.c:476
  ksys_read+0x12f/0x260 fs/read_write.c:619
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xce/0x260 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
  ......
  </TASK>

The warning is due to the FUSE_NOTIFY_RESEND notify sent by the write()
syscall in the reproducer program and it happens as follows:

(1) calls fuse_dev_read() to read the INIT request
The read succeeds. During the read, bit FR_SENT will be set on the
request.
(2) calls fuse_dev_write() to send an USE_NOTIFY_RESEND notify
The resend notify will resend all processing requests, so the INIT
request is moved from processing list to pending list again.
(3) calls fuse_dev_read() with an invalid output address
fuse_dev_read() will try to copy the same INIT request to the output
address, but it will fail due to the invalid address, so the INIT
request is ended and triggers the warning in fuse_request_end().

Fix it by clearing FR_SENT when re-adding requests into pending list.

Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Reported-by: xingwei lee <xrivendell7@gmail.com>
Reported-by: yue sun <samsun1006219@gmail.com>
Closes: https://lore.kernel.org/linux-fsdevel/58f13e47-4765-fce4-daf4-dffcc5ae2330@huaweicloud.com/T/#m091614e5ea2af403b259e7cea6a49e51b9ee07a7
Fixes: 760eac73f9 ("fuse: Introduce a new notification type for resend pending requests")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-12 11:39:21 +02:00
..
acl.c
control.c fuse: remove unneeded lock which protecting update of congestion_threshold 2024-03-06 11:07:51 +01:00
cuse.c cuse: add kernel-doc comments to cuse_process_init_reply() 2024-04-15 11:02:10 +02:00
dax.c fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() 2023-12-04 10:16:53 +01:00
dev.c fuse: clear FR_SENT when re-adding requests into pending list 2024-06-12 11:39:21 +02:00
dir.c fuse: fix leaked ENOSYS error on first statx call 2024-04-15 10:12:44 +02:00
file.c fuse: fix wrong ff->iomode state changes from parallel dio write 2024-04-15 10:12:03 +02:00
fuse_i.h fuse: fix wrong ff->iomode state changes from parallel dio write 2024-04-15 10:12:03 +02:00
inode.c fuse: fix wrong ff->iomode state changes from parallel dio write 2024-04-15 10:12:03 +02:00
ioctl.c fuse: ioctl: translate ENOSYS in outarg 2023-06-21 11:17:36 +02:00
iomode.c fuse: fix parallel dio write on file open in passthrough mode 2024-04-15 10:12:44 +02:00
Kconfig fuse: introduce FUSE_PASSTHROUGH capability 2024-02-23 17:36:32 +01:00
Makefile fuse: introduce FUSE_PASSTHROUGH capability 2024-02-23 17:36:32 +01:00
passthrough.c fuse: verify zero padding in fuse_backing_map 2024-04-22 17:13:43 +02:00
readdir.c fuse: get rid of ff->readdir.lock 2024-03-06 16:20:58 +01:00
virtio_fs.c virtiofs: include a newline in sysfs tag 2024-05-08 09:31:21 +02:00
xattr.c fuse: move fuse_xattr_handlers to .rodata 2023-10-09 16:24:18 +02:00