From: Pavel Begunkov <[email protected]>
To: Jens Axboe <[email protected]>, [email protected]
Subject: [PATCH v2] io_uring: fix dead-hung for non-iter fixed rw
Date: Sun, 24 Nov 2019 11:58:24 +0300 [thread overview]
Message-ID: <620023b272fef0fd76d0f91ff1876fa64864caa6.1574585281.git.asml.silence@gmail.com> (raw)
In-Reply-To: <[email protected]>
Read/write requests to devices without implemented read/write_iter
using fixed buffers causes general protection fault, which totally
hangs a machine.
io_import_fixed() initialises iov_iter with bvec, but loop_rw_iter()
accesses it as iovec, so dereferencing random address.
kmap() page by page in this case
Signed-off-by: Pavel Begunkov <[email protected]>
---
v2: use kmap
P.S. this one passes all tests well
fs/io_uring.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8119cbae4fb6..1a9f34645586 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -1613,9 +1613,19 @@ static ssize_t loop_rw_iter(int rw, struct file *file, struct kiocb *kiocb,
return -EAGAIN;
while (iov_iter_count(iter)) {
- struct iovec iovec = iov_iter_iovec(iter);
+ struct iovec iovec;
ssize_t nr;
+ if (!iov_iter_is_bvec(iter)) {
+ iovec = iov_iter_iovec(iter);
+ } else {
+ /* fixed buffers import bvec */
+ iovec.iov_base = kmap(iter->bvec->bv_page)
+ + iter->iov_offset;
+ iovec.iov_len = min(iter->count,
+ iter->bvec->bv_len - iter->iov_offset);
+ }
+
if (rw == READ) {
nr = file->f_op->read(file, iovec.iov_base,
iovec.iov_len, &kiocb->ki_pos);
@@ -1624,6 +1634,9 @@ static ssize_t loop_rw_iter(int rw, struct file *file, struct kiocb *kiocb,
iovec.iov_len, &kiocb->ki_pos);
}
+ if (iov_iter_is_bvec(iter))
+ kunmap(iter->bvec->bv_page);
+
if (nr < 0) {
if (!ret)
ret = nr;
--
2.24.0
next parent reply other threads:[~2019-11-24 8:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <[email protected]>
2019-11-24 8:58 ` Pavel Begunkov [this message]
2019-11-24 17:10 ` [PATCH v2] io_uring: fix dead-hung for non-iter fixed rw Jens Axboe
2019-11-24 17:52 ` Pavel Begunkov
2019-11-25 0:43 ` Jackie Liu
2019-11-25 2:38 ` Jens Axboe
2019-11-25 3:33 ` Jackie Liu
2019-11-25 3:47 ` Jens Axboe
2019-11-25 10:12 ` Pavel Begunkov
2019-11-25 2:37 ` Jens Axboe
2019-11-25 10:46 ` Pavel Begunkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=620023b272fef0fd76d0f91ff1876fa64864caa6.1574585281.git.asml.silence@gmail.com \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox