From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C397C282D2 for ; Tue, 4 Mar 2025 15:09:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A992A6B0088; Tue, 4 Mar 2025 10:09:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A49AB6B0095; Tue, 4 Mar 2025 10:09:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8E9BA280002; Tue, 4 Mar 2025 10:09:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 6C9EB6B0088 for ; Tue, 4 Mar 2025 10:09:32 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 1BA11140216 for ; Tue, 4 Mar 2025 15:09:32 +0000 (UTC) X-FDA: 83184202584.07.1CA081C Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) by imf11.hostedemail.com (Postfix) with ESMTP id EF2FA4002B for ; Tue, 4 Mar 2025 15:09:29 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=SptWf44c; spf=pass (imf11.hostedemail.com: domain of amir73il@gmail.com designates 209.85.208.50 as permitted sender) smtp.mailfrom=amir73il@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741100970; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uScpjqVdvtyhYM2KhX5vJuMrPWoXeP89vsFp+SL+gX8=; b=ckNROdeTgzdQamkrA5reY6kBqYk02fY/wXzs+bokje8ny1kfiCgD/R3cm8gwMusHdNE5r2 qnZXByUi/lSZW4c5Aa879O1cR5oaQ5y5PAsD41iRYCXIyoOxida30HtwPYvsJ8FDxIyKHL RYzGavxNVbDPvIQO92dcT6PZWnZn2b0= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=SptWf44c; spf=pass (imf11.hostedemail.com: domain of amir73il@gmail.com designates 209.85.208.50 as permitted sender) smtp.mailfrom=amir73il@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741100970; a=rsa-sha256; cv=none; b=zbgF8LWSEgkfuXNwmalMNPwmXnjPWg75woAbDgKCW3jErXXmidzDYm4nHE2/06cWvsjOaz 5id2nLUUJ77DT7CXNj2DN8w3S5P3VMN+n0yex2iAFOBQEc4SuXmkfQUUQ6DVkFn2VsV7/J SnvoxPJ83oo0s5HC1pFFyNwZbDTY3Hs= Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5e5491eb37dso4102320a12.0 for ; Tue, 04 Mar 2025 07:09:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741100968; x=1741705768; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=uScpjqVdvtyhYM2KhX5vJuMrPWoXeP89vsFp+SL+gX8=; b=SptWf44cbdOKoX2k5TCPVfVk8SLMnKQaBU0u8H/Ve8EciCKnMJj+//o1xYUvHakhd6 ayq1T7r8fzB5p35glxYY4qnWYYw2sKgyf3IokKnZJGsO4kn9NZhiiPUIAybD2lSFqFNN 9/i5bT8duT22IRgwqLi8SR3qNR/cFjCXah3jowDwVFIBunYVC845lZ3Wg31RA3MFcBTm lHTfXWR6Y0eMlIC6xFa5pbnhwgKCxN13QOlX4bFy/8BKby6Q1D7OjC1EyTUyJeYnr5Ua qDqkpyu3AFdm5faeS9XD1LJnZ3ncek3HZK8j4oPIav2SzwUJHPNYRhggHnSVaklRZ5/0 zaPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741100968; x=1741705768; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uScpjqVdvtyhYM2KhX5vJuMrPWoXeP89vsFp+SL+gX8=; b=ds2Lfg+ILz6cccycPI/+0+FiqI/+6ZTaIHRuFaoHYb3mqFNgBtZOosmJEiLqDdrYHA xvBqw78WeWbxGbbstrowA0+wBVQe9noHRx6pZunhSCUtWCXft6dbeREfEQrgixS8SCM4 Co19Z5tWc/E71sX8RoJyLJCdXdhU0EzvXkJWWnWGYY2BuG4aHm03WYf/8zvjqtwLxOAO NVwUkg1Dn0o+pkzBVsatuYIB3Ifyg82vM6kuwhdYf1PKwZssN6lwV1ZzbFTnPnviw4X5 2CuoqIotvxiczss+VF/WRpPQpUp+mS55cyTDDT1w3F6qdxEy+YePPBEoG9zBlQX6KEJe 46ag== X-Forwarded-Encrypted: i=1; AJvYcCWtNLXyCrrDZlkLGSLNxDXDH5tCBk3O4sBSFgf4WfPQwVEJjZaU6/iYWx01fJ4l1CSKqCD7TzTFGA==@kvack.org X-Gm-Message-State: AOJu0YwZF5dNMzJEa+t+oA3MlrqLjZgLospj3/bX6x7X94vRU+dBdO1j AX5eV9JO7fKveB5AbpnvMN3MWUZblRYpl04QPC+vOdhiN7R/7LbwnaMDE6E3uchzNvPu8gjLEzN 3AXG5AtMREZ+Li2Zy4bkgrNI6MP0= X-Gm-Gg: ASbGnctBA3lLZzAwSoBAuQcvzr5ZqbV1vD+76GgUONJIUkSdkauEj3KNUyCHXsABjsc 2uhO5qc+oc4GCfenfAKUOiI5ruoO/mkJ3/jhm8MJ3ApZtS9X86+uN6y5OGei0cBVJWS4XUTVM+t zbntaEWYmlx1nDRe/kl3Sd+OuGfQ== X-Google-Smtp-Source: AGHT+IHxR0cwkhSFVSPMWkrlapNGHCWwGdTT7x02t4m21exntSehVi3S/37dxuVDHFNW8eKYB7iVNMBU1lK1vmK+pLQ= X-Received: by 2002:a17:907:8d8e:b0:abf:4f76:54fb with SMTP id a640c23a62f3a-abf4f76581bmr1625373466b.28.1741100967755; Tue, 04 Mar 2025 07:09:27 -0800 (PST) MIME-Version: 1.0 References: <67a487f7.050a0220.19061f.05fc.GAE@google.com> <67c4881e.050a0220.1dee4d.0054.GAE@google.com> <7ehxrhbvehlrjwvrduoxsao5k3x4aw275patsb3krkwuq573yv@o2hskrfawbnc> In-Reply-To: <7ehxrhbvehlrjwvrduoxsao5k3x4aw275patsb3krkwuq573yv@o2hskrfawbnc> From: Amir Goldstein Date: Tue, 4 Mar 2025 16:09:16 +0100 X-Gm-Features: AQ5f1JoLLbZNPxO-xd1f_LSLjlaGstdrdYj_T0YCerlA_4xnNwU6BEXWPH0Cvq4 Message-ID: Subject: Re: [syzbot] [xfs?] WARNING in fsnotify_file_area_perm To: Jan Kara Cc: syzbot , akpm@linux-foundation.org, axboe@kernel.dk, brauner@kernel.org, cem@kernel.org, chandan.babu@oracle.com, djwong@kernel.org, josef@toxicpanda.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: 3htchogs38de9ygkcdjrneee6pjeng5o X-Rspamd-Queue-Id: EF2FA4002B X-Rspamd-Server: rspam06 X-Rspam-User: X-HE-Tag: 1741100969-199711 X-HE-Meta: U2FsdGVkX18MVW+B+4BP9DUl6qEyyrNfoF5zkSHRfWQVY2p/cviVx+e8UacoSzwRt10XFqr5CTxlSX99ClptFdOojPAJMeKmkY1Ad/+WlXPisXNh9BlBcHjTrpxjx8jjHW2mT6y+CO7qEWPalAJcW7J84WvDM36ZjDVpeqvo0WR7RLh0U70uAckk9nkBRAXv7vXBpeypkOkrjD2oix5Ld+2IrTV3PVr0zuC2OWya46H+Rs6GchGW59W9rVfvpPoE6WfuDXGSn7c4ffrk8bud0U7HKpICXjsX/wZznljZ0LA8Awu/jOwUI5JK1qDhN9OJh3F7L+wAv/tukcjmMPzvhm7QsEnPcBKIX8ECFJ8iFAlEcEwXRy2j+H7ZY3Kkn/aScIpzwclbmytRcqMtz1a2sPN/jlG+mP3kRTtdYwOKL9OIiZ6BB14EDiZFbXCO/C6aSWoA6TG8DceN+f1SIllxsI3tpZ2LKOmOBPF6r4jq0Z2fMqa6vlCuK6h7pi5OvW9Iq3dnoSdZPWz2fxiKjp9LT4vHcL+36SfxlgKsJXNTp9EULA1KTwJAmsxRnWr8bT0djLx39jcTQzHfjovHlIWIelrh+Aki0APX7YZtBb3sk4ki05lRmiGGyvAd6CVnJb/o7yld/TyeZspmJnK/qzZlbSCQeBIuFo/eMV5K64UYxc/XdHDDG/h3ZL8wGEFPPqlbwrCg2apP6ORDv5zuiOSBpyE97FRsb3DV7xKwqxSkyQu+bp2DaNgNqgDQv4LZEFaHADYNsDmlT4WPlUkywkC1/ijAjE+Xc5GxVrRvtuxKTQ3d5DxWZGgLvWC1u+WCZcfW0HoqkP+uyiBMcQToZ+WcjiHLsNtGAMAy7zr+rDs7fUMeHBknap53lNWq4li4UNUNskeIez3t4O5kLZlLalqtFxCoR3NBJkJSj1Mt3XQ1aWI0TG7rO80u9ZLx3q8bPWEtd3KcmVo2fl2IdkFiR+n sVw54zF5 WlkSY4gv0J6dfOuzH54VW9jiaJWTrE4pbHUIxTbUHuwDv8bcygypFtKVvPnUUzWGjQxf5z2RFxhnGo7bIE7SXR2tIotgA/Ozrim7+SyhIcRGJ36qME6hPu+w186NwYzL/RenyZE3msqYJJEDuZlZ1n/z0ZTo+zL+2U4PKEScc0z2zkGtgUifQoSXBX7e4fTD8WjKyBfnjK2b5cRExP20cXqyeRqVFv9YgWmnDQ/zcYM38+cBwjKsqZ002fbKDLti8R4LKtq8w+rBPV7/iR2cPoBgjNs2rugZTrabj+YHcy9QWDV07rFQgWZdJEjYktsHCXLyDnGRzKJQFq36NkPAT7QhOuTBQrBGx3Bi+9o6bIvuggbwDcRJnq8As5CATHlUYzd6Hf3kf/mTwBKMocOw1QVMnaOn+GXEf46wchvoC/S9H1UUp7NbqTn1XHw4cn7+o7MIzgdokTpPsTdN7Q0vTsIBMjM1v2itUi5nqOH/K3CJXWwyDrPyaoI7c/5Z1nSzTcoEN X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Mar 4, 2025 at 12:06=E2=80=AFPM Jan Kara wrote: > > Josef, Amir, > > this is indeed an interesting case: > > On Sun 02-03-25 08:32:30, syzbot wrote: > > syzbot has found a reproducer for the following issue on: > ... > > ------------[ cut here ]------------ > > WARNING: CPU: 1 PID: 6440 at ./include/linux/fsnotify.h:145 fsnotify_fi= le_area_perm+0x20c/0x25c include/linux/fsnotify.h:145 > > Modules linked in: > > CPU: 1 UID: 0 PID: 6440 Comm: syz-executor370 Not tainted 6.14.0-rc4-sy= zkaller-ge056da87c780 #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS= Google 12/27/2024 > > pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) > > pc : fsnotify_file_area_perm+0x20c/0x25c include/linux/fsnotify.h:145 > > lr : fsnotify_file_area_perm+0x20c/0x25c include/linux/fsnotify.h:145 > > sp : ffff8000a42569d0 > > x29: ffff8000a42569d0 x28: ffff0000dcec1b48 x27: ffff0000d68a1708 > > x26: ffff0000d68a16c0 x25: dfff800000000000 x24: 0000000000008000 > > x23: 0000000000000001 x22: ffff8000a4256b00 x21: 0000000000001000 > > x20: 0000000000000010 x19: ffff0000d68a16c0 x18: ffff8000a42566e0 > > x17: 000000000000e388 x16: ffff800080466c24 x15: 0000000000000001 > > x14: 1fffe0001b31513c x13: 0000000000000000 x12: 0000000000000000 > > x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000 > > x8 : ffff0000c6d98000 x7 : 0000000000000000 x6 : 0000000000000000 > > x5 : 0000000000000020 x4 : 0000000000000000 x3 : 0000000000001000 > > x2 : ffff8000a4256b00 x1 : 0000000000000001 x0 : 0000000000000000 > > Call trace: > > fsnotify_file_area_perm+0x20c/0x25c include/linux/fsnotify.h:145 (P) > > filemap_fault+0x12b0/0x1518 mm/filemap.c:3509 > > xfs_filemap_fault+0xc4/0x194 fs/xfs/xfs_file.c:1543 > > __do_fault+0xf8/0x498 mm/memory.c:4988 > > do_read_fault mm/memory.c:5403 [inline] > > do_fault mm/memory.c:5537 [inline] > > do_pte_missing mm/memory.c:4058 [inline] > > handle_pte_fault+0x3504/0x57b0 mm/memory.c:5900 > > __handle_mm_fault mm/memory.c:6043 [inline] > > handle_mm_fault+0xfa8/0x188c mm/memory.c:6212 > > do_page_fault+0x570/0x10a8 arch/arm64/mm/fault.c:690 > > do_translation_fault+0xc4/0x114 arch/arm64/mm/fault.c:783 > > do_mem_abort+0x74/0x200 arch/arm64/mm/fault.c:919 > > el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:432 > > el1h_64_sync_handler+0x60/0xcc arch/arm64/kernel/entry-common.c:510 > > el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:595 > > __uaccess_mask_ptr arch/arm64/include/asm/uaccess.h:169 [inline] (P) > > fault_in_readable+0x168/0x310 mm/gup.c:2234 (P) > > fault_in_iov_iter_readable+0x1dc/0x22c lib/iov_iter.c:94 > > iomap_write_iter fs/iomap/buffered-io.c:950 [inline] > > iomap_file_buffered_write+0x490/0xd54 fs/iomap/buffered-io.c:1039 > > xfs_file_buffered_write+0x2dc/0xac8 fs/xfs/xfs_file.c:792 > > xfs_file_write_iter+0x2c4/0x6ac fs/xfs/xfs_file.c:881 > > new_sync_write fs/read_write.c:586 [inline] > > vfs_write+0x704/0xa9c fs/read_write.c:679 > > The backtrace actually explains it all. We had a buffered write whose > buffer was mmapped file on a filesystem with an HSM mark. Now the prefaul= ting > of the buffer happens already (quite deep) under the filesystem freeze > protection (obtained in vfs_write()) which breaks assumptions of HSM code > and introduces potential deadlock of HSM handler in userspace with filesy= stem > freezing. So we need to think how to deal with this case... Ouch. It's like the splice mess all over again. Except we do not really care to make this use case work with HSM in the sense that we do not care to have to fill in the mmaped file content in this corner case - we just need to let HSM fail the access if content is not available. If you remember, in one of my very early version of pre-content events, the pre-content event (or maybe it was FAN_ACCESS_PERM itself) carried a flag (I think it was called FAN_PRE_VFS) to communicate to HSM service if it was safe to write to fs in the context of event handling. At the moment, I cannot think of any elegant way out of this use case except annotating the event from fault_in_readable() as "unsafe-for-write". This will relax the debugging code assertion and notify the HSM service (via an event flag) that it can ALLOW/DENY, but it cannot fill the file. Maybe we can reuse the FAN_ACCESS_PERM event to communicate this case to HSM service. WDYT? Thanks, Amir.