From patchwork Sun Mar 9 11:52:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amir Goldstein X-Patchwork-Id: 14008380 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD3F71ABED9 for ; Sun, 9 Mar 2025 11:52:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741521138; cv=none; b=jfxhiOj26AIzHbBKhhcoeWvy8DRs4sKralWj9ub9Kj62s4wrHtaLnvRQ50iTMAminkn9oJI2G6Z//GWq52XDOF4UOqIGDkuaJCD7wMq2BWWpyymEH5JmG4rDlSd3t3GZYfeieeffVAi1t934qeVUv3ZWOyfT5ODFpswZbURM+74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741521138; c=relaxed/simple; bh=v1AiuT/CsHaF4DORU3umNKJnzuvwf6GbTcErvVyheKw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=VBYqpMmDtHb59mGkKDYZposklR4XUcy3jXApqEBsSTwwykrV2c1EIFt0oVi0xOMQeL/pAhxbS+msz7xLzkTHgKt0yVzIOhJ/5RPlh4FVGi5U2lgzNKq2bB8X7ZYNxfPwowP/iFsq4WI2cNiYixmiTwb5/sSpH9W/YErvpZ3dEWo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WGP6L54/; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WGP6L54/" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5e614da8615so2234989a12.1 for ; Sun, 09 Mar 2025 04:52:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741521135; x=1742125935; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cQxU3YbjwPi42MJWqznBxmkWXlGLCR5XrFXf/1ZtZ8Y=; b=WGP6L54/D7tVekwgU2koyO1Nfz0l87vyThRLD3Caya0lJYFI/88DKrqhTiABrotkdZ BGwnRCdaXQGJ4gM65oyIAUJjFI9QcWLWR552f6YCqHwSYv5fyx/YuBt5D9h5iMOrieks tG0efI3kdo2Uda+Zf5cjbxQQQ+4RJaiO7yd4rEpK1pFdHa/CU9E+2VhyP8ts1qXk4iT7 6Bp3zKi5uTTViCsVtrlQcQF30R57bZQLZUx6tBAeWVfK2mICHZnTkQRnSMhI4LME6rQb fuqAfulwv6kDm8OEbvTr40rgtfNALK3IvqGvhUx96WWKRMFgJ+tZOZOz9jgUERcsvKRW DNEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741521135; x=1742125935; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cQxU3YbjwPi42MJWqznBxmkWXlGLCR5XrFXf/1ZtZ8Y=; b=dKNWcLJ8gBcoo0djlwz8PL9Azi3QgAJuXiJs9bFgO64Gult+VF+XkekdLJJKsLIBb8 e7wsI03Kt/KiqEibdoH3nvuDItNI1pezTxmYuuxCPl3p+6jYWBTw5X9CcwSkDkhATdzy TvrciL6wxDLQC3K+gXLSPTd+eXPTUvEMO95PDr9BpVjxdQvdgyk962EL+uxbS5n0aDiy ap//yKJXkYiPYESBZMU7ZDMmKaZou4Lbzf5y95HsnKTXLywZn8Aipt9mTj5G6CpX3tnR 5aEqaW2qj/PjpYoqV04kyCKKnlnm2zY7nM7mmI9jWeIluWk4620CXM4M/XeJqmV1MqDM kf9w== X-Forwarded-Encrypted: i=1; AJvYcCVznsjxIIohIne/sXauDxsYKkrmE5vY8CM9TB2/k/cW0UsUGXPvix4NDr0WI39vuvtiFm+wJM5HOhwWb4jc@vger.kernel.org X-Gm-Message-State: AOJu0YxrbZOwEgxRl6RdT41CoJVmaTIYc4p04zmnDNnXFaHVKzCN2Y6M CrpeWOx8gBiPM/w8zr3ofDPJbxA+A6K/a9SADFxUa8qz9JRhOOMKvfj/rSHW X-Gm-Gg: ASbGnctT1Q+EmD/wpcBnR8eQCQE3OeHytdJHHj7levzsKmC6tuC+p1x2fdKNsmjva+Y 5Ulb+HAEecoZJYiuR7sB/gbYj/+ht+MbJdqHaMK4z9mFeQUdPhwP9+YizIYzKfRbocHJz8JQlYU 0Mp6bwqiOJh60E8t1gcBkySceKHtDJ2kGhbcLfVvqBduEvWSdmQOQ7xkOBvaybxhmp5V5Nf597r KGJiCSDuZsW8/Pbc8rfBV48Dx3E55nhdMaSimg1FOcA+PADv/ftN/qoZLK8VOY5ep/bSqJEzbAR IxZ+kQmcXeP5wTz7ACOTk/qGwsmZGySdz2KQX1EMAdP0H3+HZcybevzTSZhCcCj4COfTU1sPO5j LMQvmdudGpssW5sX6MDo6vBELTkPuBIo4lkUQSw+4wg== X-Google-Smtp-Source: AGHT+IEdAvFB3nHM6lOreZ+GpHnxIjFzrc+aUy9jA6DPfto13ags5Nl8gygQACk+A0j+X7HvoZbeXw== X-Received: by 2002:a05:6402:5213:b0:5db:7353:2b5c with SMTP id 4fb4d7f45d1cf-5e6150296ddmr6286841a12.11.1741521134566; Sun, 09 Mar 2025 04:52:14 -0700 (PDT) Received: from amir-ThinkPad-T480.arnhem.chello.nl (92-109-99-123.cable.dynamic.v4.ziggo.nl. [92.109.99.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e5c74aaff1sm5270273a12.47.2025.03.09.04.52.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Mar 2025 04:52:13 -0700 (PDT) From: Amir Goldstein To: Jan Kara Cc: Josef Bacik , Christian Brauner , linux-fsdevel@vger.kernel.org Subject: [PATCH 1/2] fsnotify: remove check if file is actually being watched for pre-content events on open Date: Sun, 9 Mar 2025 12:52:06 +0100 Message-Id: <20250309115207.908112-2-amir73il@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250309115207.908112-1-amir73il@gmail.com> References: <20250309115207.908112-1-amir73il@gmail.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Commit 318652e07fa5b ("fsnotify: check if file is actually being watched for pre-content events on open") added an optimization that may be premature. Patially revert this change, leaving only the file type check, so that we can use the FMODE_FSNOTIFY_HSM() flag to check if there are any pre-content watches on the filesystem, which is needed in some cases. If we find that we need the extra optimization we can reconsider adding it later. Fixes: 318652e07fa5b ("fsnotify: check if file is actually being watched for pre-content events on open") Signed-off-by: Amir Goldstein --- fs/notify/fsnotify.c | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c index fae1b6d397ea0..dafcaa6f8075f 100644 --- a/fs/notify/fsnotify.c +++ b/fs/notify/fsnotify.c @@ -650,9 +650,8 @@ EXPORT_SYMBOL_GPL(fsnotify); */ void file_set_fsnotify_mode_from_watchers(struct file *file) { - struct dentry *dentry = file->f_path.dentry, *parent; + struct dentry *dentry = file->f_path.dentry; struct super_block *sb = dentry->d_sb; - __u32 mnt_mask, p_mask; /* Is it a file opened by fanotify? */ if (FMODE_FSNOTIFY_NONE(file->f_mode)) @@ -681,30 +680,10 @@ void file_set_fsnotify_mode_from_watchers(struct file *file) } /* - * OK, there are some pre-content watchers. Check if anybody is - * watching for pre-content events on *this* file. + * OK, there are some pre-content watchers on this fs, so + * Enable pre-content events. */ - mnt_mask = READ_ONCE(real_mount(file->f_path.mnt)->mnt_fsnotify_mask); - if (unlikely(fsnotify_object_watched(d_inode(dentry), mnt_mask, - FSNOTIFY_PRE_CONTENT_EVENTS))) { - /* Enable pre-content events */ - file_set_fsnotify_mode(file, 0); - return; - } - - /* Is parent watching for pre-content events on this file? */ - if (dentry->d_flags & DCACHE_FSNOTIFY_PARENT_WATCHED) { - parent = dget_parent(dentry); - p_mask = fsnotify_inode_watches_children(d_inode(parent)); - dput(parent); - if (p_mask & FSNOTIFY_PRE_CONTENT_EVENTS) { - /* Enable pre-content events */ - file_set_fsnotify_mode(file, 0); - return; - } - } - /* Nobody watching for pre-content events from this file */ - file_set_fsnotify_mode(file, FMODE_NONOTIFY | FMODE_NONOTIFY_PERM); + file_set_fsnotify_mode(file, 0); } #endif From patchwork Sun Mar 9 11:52:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amir Goldstein X-Patchwork-Id: 14008381 Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D5AA1C3029 for ; Sun, 9 Mar 2025 11:52:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741521139; cv=none; b=L6jJJ0V+kn6UyQ916d2rZpXKyVvJ4ndXuRWYak76CX+qbcQIJk6K1951dAMyeZeznxtT0TaLyocfge9nbw7SMvpMGTEFBVRqEjaS/FpZ8/x4RfdZybWC5yJWde5fzpUxuld+qU/73RUcgN7VZwbSBRMNBuMg1UfsGhB74yvQAyM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741521139; c=relaxed/simple; bh=R92AKFts6szn+vXvsKd8W7CPqSUgOH2MacpbJ5tvcEw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=aRT6E5gIw8bCcBOOQZluvDtyqCzCaN38FhBLJHClCiGJO6+TFwlkDGYR5gw1/E7POmgyQ4M8dVtPwD2VSaTZAxhh7jmrBt95/ohE1IzySxkvWQn4CHE2Su7gS91rdn4lQGmnwJ8lI5DDCM7p4hsXkujOeELg2wzQDCmocJIi/jw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TiKhsgEL; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TiKhsgEL" Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5e6c18e2c7dso396889a12.3 for ; Sun, 09 Mar 2025 04:52:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741521136; x=1742125936; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1Y4apfXe2FO+cHUICid5tNhF3Qk4mhumfNHttHRLz30=; b=TiKhsgELN1nQrEqKt47EpyyGjm4rnrC1Rfg06n9awcUoy9mvos6lm5FSPajKAlJeeY Z+SPCSLbaSNFdxwvduxUwjCjuvD+ph9z+8jFhlwYPKDp1Q69g27VZuRgUkGWw54y93/Z 3IGK9IsITJBnCWhttPNSx/2+slslkODLrTN7hyVGyAFAU5sA1FhsbWBvUUlQ9ma/HZlH OsvPP1wHshQFgt+C8WuuPrkfOMcCqZQjoPVGvKIKtHVhKbPmmqtU33wQ/M3R/HEwrt4+ 2CW350CJU93qS81haNXfMkJyHUJSVNo/SwcStq1pXCpEwNCs08pT+8noLQKmUR4Urwlq 16gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741521136; x=1742125936; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1Y4apfXe2FO+cHUICid5tNhF3Qk4mhumfNHttHRLz30=; b=YiPJtMYIjkhrtHlvN23kiTkjtrTnYP3vTxy9LKm+BZ11JM5tiA3NlodC6bn/+Gs/Qd lc0GZ6tRz6LgPNcnAdvKIOBI0m7Hd8giPDep9DQli8I/V/QyI484Wu7/CzgDDivuwv3/ cxgCoTONwQt051f3j1u0CkX0skSN7hmN/6egbJieJV0+/pfkb5Hj8AVMEm+IQD3RaTxB lRkRRm2txsA57wpJQLc5/K1EdCtFO8wFnQp9suNVHIq921sfkYvjpiVns5nZuT6pc7ol Xm4uEIltkzYZF+JUzujGnEp6o11MOMW90a5YbHq2+uArav+m+4PApPcT8d5Dvbm+lNX8 TJ3w== X-Forwarded-Encrypted: i=1; AJvYcCWu8E3/Fu8ChLRPWnUy2/Ryd7ModWWQy0jTCOl+1lzu0nhlTJWik6/ubd9c2rrjfT8jfD6eq1vmBN9ebpqz@vger.kernel.org X-Gm-Message-State: AOJu0Yzacp2jLACiPJeMlsGId/9V/FMb+6YLmZmsXLZn9WAiEZGD3HWp y5CHjMs28vAcPJPrPo7zvygP+EwtzXm/Rife3hz/lXom0f7y1fFn X-Gm-Gg: ASbGncs/Ajbs+WZjtSNHGw2yPR+9fy7mYlSaPaEH+GXhAn/UzkTTzmHIkmSzPk5pM1W wF0O6JPxLksNTwflQh1gkTPR6gPMfVTeorybtbb8vj7YNpTkXM15fM+1cDwizD39a5MTmWlRzcS D6QXCmE7Niax9hNPIOn3tuFjTg/hnCrbAirkP9c3l31r/Mmzk4X9JgDYVCjo8zZ693aa7FsYT1w 9z1PTZRUBIFo6/gInW8Ydf8378yV7ZM9UaRuhdo/6GDirvm6mVrJ1Rh4Irvc/nYQpyBRvAkZjRk ZrHwkJgR9ZAJNQ/3axoOrv0WwDAuNcx9K0jQlJYYl8JL2rUIYBCPyR27vZhlbrPkYtrMq5fF++f DTlwgbAY1fHeOq+A7Lsbs7GSK39JdCdtUFrn+J+9ofA== X-Google-Smtp-Source: AGHT+IHvKlp/DNsAGJ+LK6YqGdyYOQfHJDFI0qe8eUMmeaw/497xaFTLP6+ExFn9ioMViyPXNrAFPg== X-Received: by 2002:a05:6402:34c7:b0:5e5:bbd5:6766 with SMTP id 4fb4d7f45d1cf-5e5e22a871bmr13269356a12.6.1741521135339; Sun, 09 Mar 2025 04:52:15 -0700 (PDT) Received: from amir-ThinkPad-T480.arnhem.chello.nl (92-109-99-123.cable.dynamic.v4.ziggo.nl. [92.109.99.123]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e5c74aaff1sm5270273a12.47.2025.03.09.04.52.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Mar 2025 04:52:14 -0700 (PDT) From: Amir Goldstein To: Jan Kara Cc: Josef Bacik , Christian Brauner , linux-fsdevel@vger.kernel.org Subject: [PATCH 2/2] fsnotify: avoid pre-content events when faulting in user pages Date: Sun, 9 Mar 2025 12:52:07 +0100 Message-Id: <20250309115207.908112-3-amir73il@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250309115207.908112-1-amir73il@gmail.com> References: <20250309115207.908112-1-amir73il@gmail.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In the use case of buffered write whose input buffer is mmapped file on a filesystem with a pre-content mark, the prefaulting of the buffer can happen under the filesystem freeze protection (obtained in vfs_write()) which breaks assumptions of pre-content hook and introduces potential deadlock of HSM handler in userspace with filesystem freezing. Disable pagefaults in the context of filesystem freeze protection if the filesystem has any pre-content marks to avert this potential deadlock. Reported-by: syzbot+7229071b47908b19d5b7@syzkaller.appspotmail.com Tested-by: syzbot+7229071b47908b19d5b7@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-fsdevel/7ehxrhbvehlrjwvrduoxsao5k3x4aw275patsb3krkwuq573yv@o2hskrfawbnc/ Signed-off-by: Amir Goldstein --- include/linux/fs.h | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 2788df98080f8..a8822b44d4967 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3033,13 +3033,27 @@ static inline void file_start_write(struct file *file) if (!S_ISREG(file_inode(file)->i_mode)) return; sb_start_write(file_inode(file)->i_sb); + /* + * Prevent fault-in pages from user that may call HSM hooks with + * sb_writers held. + */ + if (unlikely(FMODE_FSNOTIFY_HSM(file->f_mode))) + pagefault_disable(); } static inline bool file_start_write_trylock(struct file *file) { if (!S_ISREG(file_inode(file)->i_mode)) return true; - return sb_start_write_trylock(file_inode(file)->i_sb); + if (!sb_start_write_trylock(file_inode(file)->i_sb)) + return false; + /* + * Prevent fault-in pages from user that may call HSM hooks with + * sb_writers held. + */ + if (unlikely(FMODE_FSNOTIFY_HSM(file->f_mode))) + pagefault_disable(); + return true; } /** @@ -3053,6 +3067,8 @@ static inline void file_end_write(struct file *file) if (!S_ISREG(file_inode(file)->i_mode)) return; sb_end_write(file_inode(file)->i_sb); + if (unlikely(FMODE_FSNOTIFY_HSM(file->f_mode))) + pagefault_enable(); } /**