Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp632509pxk; Fri, 11 Sep 2020 16:56:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw9Ei7wYlfQVSgdHVn1K0bzJcC6LSYlUDO9IhafLpQhAzVNrbjXmPeo4NVHuuf5u33jmIOJ X-Received: by 2002:a17:906:2b97:: with SMTP id m23mr4311978ejg.61.1599868600761; Fri, 11 Sep 2020 16:56:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599868600; cv=none; d=google.com; s=arc-20160816; b=tTepLVOmbSn7gDS5Gzg2b1L9FWnUisqJXMy+Vz7VBx5o2tNz/GHJSrg67uF51Ktehv IFMXdApOP+aMcyeLy5p2PHPSvBfmEOd7fCPyw+/tnlyM8b/ivHJwWF/4ko+9Z6mAtgqr tABFbKfnRwhBBmNdpA7mjQsk8Xr4cYhSebHlUvOniSPGXL13Sdc765e8sv0rXKg5yE7o eBaSki4nrKgHVyxl2uGHDlCGV2zIeIySCkiyORNhHUw5gbdl4GyFhCl532fOca23fvjP AneERCuTxw6fxew9purgwgWbgLgX9Vq/Ynm05WbpCjNO7Pwr6+Ag5xTZLzOhKpdqBA0E ZMxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=jeGa5KJIsDo+/JI3Y2m/xuj/2Bx2Z0eQVPpa+2dfoRc=; b=aEA3ROjcgyc0jQQrlXOVUX4i34oSOFbCLf+afxftb3cCPJc5M2U/9yMqKPUJjCaGu0 988v/409ORMTkpfJwavxgAs/qwXiIlHldn/uVismS05alzALU2K85CMydsu3xJkPm8mi jgxye+Sy9Jegh8UjOhBDRiXQgldDSvq9UHpxqTkO5u2uyfsGTEZcx1ewgpEN+RwTZmPY Q/h3fqSobk9BMfiUivqm2vfz2yedQk/bRnenXn9vibkBwjmiRuJIPbwfT6PoLCuTh2uz BUESEK5isZIoq+6/h7uKgsKrvmldTX8i1mCBUEUDGDzi85G29uDzZC2L++OmXj85Wmqb CW1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c20si2467764edx.70.2020.09.11.16.56.17; Fri, 11 Sep 2020 16:56:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725882AbgIKXzV (ORCPT + 99 others); Fri, 11 Sep 2020 19:55:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56402 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725822AbgIKXzR (ORCPT ); Fri, 11 Sep 2020 19:55:17 -0400 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AE45C061573; Fri, 11 Sep 2020 16:55:16 -0700 (PDT) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1kGssp-00EZrC-MZ; Fri, 11 Sep 2020 23:55:11 +0000 Date: Sat, 12 Sep 2020 00:55:11 +0100 From: Al Viro To: Qian Cai Cc: torvalds@linux-foundation.org, vgoyal@redhat.com, miklos@szeredi.hu, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: slab-out-of-bounds in iov_iter_revert() Message-ID: <20200911235511.GB3421308@ZenIV.linux.org.uk> References: <20200911215903.GA16973@lca.pw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200911215903.GA16973@lca.pw> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 11, 2020 at 05:59:04PM -0400, Qian Cai wrote: > Super easy to reproduce on today's mainline by just fuzzing for a few minutes > on virtiofs (if it ever matters). Any thoughts? Usually happens when ->direct_IO() fucks up and reports the wrong amount of data written/read. We had several bugs like that in the past - see e.g. 85128b2be673 (fix nfs O_DIRECT advancing iov_iter too much). Had there been any recent O_DIRECT-related patches on the filesystems involved?