Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3112925lqo;
        Tue, 21 May 2024 07:17:09 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCU892Hoppfj+wI87lOuWv3H6cRXvc2UnBgYkah+xAbqolTRwcJTP20RtBOUDTlLI6BJg89Cg0mIK9E+I1xcTKT0MsZVHC/1NEjQag7L0w==
X-Google-Smtp-Source: AGHT+IF/oyIUplBeL9P6q4L5+GEwVtoqHpqaGGgNNWrigPcXdk1dwR7QHGdPDlnrC473Bjjls+pX
X-Received: by 2002:a05:6214:398e:b0:6ab:3dce:318 with SMTP id 6a1803df08f44-6ab3dce0483mr40649666d6.4.1716301029461;
        Tue, 21 May 2024 07:17:09 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716301029; cv=pass;
        d=google.com; s=arc-20160816;
        b=BWc/PcvJWh0KmZf9N4WryGlWj3n/JunqNYqMmwC/PHIxKykJ8lfe19hAv3itJz0tcq
         iYU1EpovdbVkYcIkhSYb6uZ9111YC62C6w3f6GhSf30iqIQowJoOnbSdyNnhPZ5+UFCi
         szgpL2Z/GOeVA8nuaZWatfISc5y0JclTfpWvg//N7SEJ82llIF5eabybsOkH1aT731ln
         heI6fVRGzn9rzvtIq9LvUnGERvZTOaOWkVZrUejMgLFWphJEtJdx81NtUtYpWKn4OjbC
         Sx3RNRg4xgA6pVcUYEELCA+1ImOtVX2sFs99frXfuffeIiVGU6gpZ9fMxWG+0dgjjk4A
         Dgvg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=1U1zE133bDjgxEkkarzrdH5gLs0bOHojJ91Evpkd0LE=;
        fh=253xH1QMV06llaQpqgSryJo8UUYO1tiClPHIJeUEBAg=;
        b=wENjX3t4+6R7yCGZ0WfqXN8Wi/j4cC7GtRqody7XRROuw8wDQX0CUeBxDh08yyf973
         zyLbSwB+5j8q0s6tu0qZVXM1lgCDHtcWKrUXK2iDVOhljS6LoYQ3BVNciQLz0eGpJbU8
         pnQfRkS2GckDQNWV2//p5SvsaJsiExDHCHMxeIOn2kVJgCY0vvPxHNdICdaEqlRANrha
         UukrdK1tPIC1yLAJHoyhz1O1OR/ezzLwNe13eQYRvcyq4xHxbKxA6qHlEwfYnbkUMUyp
         P/iAn06ajvOwHWbeSiQgwMI9TluHDAT652+Gj8OJSmI1z7saECjm0rmAt2p/9FZq3Bly
         VBDQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Khodptqa;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-185075-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185075-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-185075-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id 6a1803df08f44-6a15f2d7788si15024516d6.419.2024.05.21.07.17.09
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 May 2024 07:17:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-185075-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Khodptqa;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-185075-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185075-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2ED871C21993
	for <linux.lists.archive@gmail.com>; Tue, 21 May 2024 14:17:09 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 46FD57FBCF;
	Tue, 21 May 2024 14:17:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Khodptqa"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 611217FBA3;
	Tue, 21 May 2024 14:16:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716301019; cv=none; b=gAvxK68xXzOnZ08IKcycQCqhyFI1iaHhee2lDSRHFKvlT5WIwU0JXmS4o81sqGWocH8CE713Bg7AQebSeRMThHo4oD6L4xWSbXDA8A8EEF0Ng/10LHdUwOSlwG4ZiLUlan7obbG75ewKXvwzwyjEXiRTTKBkYYR+fQAOGYpWISI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716301019; c=relaxed/simple;
	bh=k7c5PdzZkjCSd2BhGuu+0h3gB9EZl1yGGRc5tKw1BSg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=cftBAMYj35InjfjXf8W+j+yy5i3JEfVrTzc8+UnmwANNql2Npf7KmHBKYtBMJxdf79xjy3l1/iOdHHE9Ej4IWwEAcxZ8Qq9BNEG2dYNsPaROelhD++X/gM5gR8lvpsImbNyXtYmIxWumMS82IL1a43ssf3tONRRuVqGf7ovVKl0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Khodptqa; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73D29C32789;
	Tue, 21 May 2024 14:16:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1716301018;
	bh=k7c5PdzZkjCSd2BhGuu+0h3gB9EZl1yGGRc5tKw1BSg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Khodptqap/WzDPfedXz/DwKuzyeN4v7AV1fI2Aa//uMXtUEGFr5QUU8A88tzXyI2s
	 M0Sx00YkT70Tbmy7bIx8pIb+FBUplpjaz+VxhV3KZqzM4nB0slseiCL18aStpSd6/j
	 rtG4A+JCKwTkVpTyTpdHtN3g7DolldIq43KA9Ou6xAU0Wzv4dvHox1Gr5sGCqYpW1k
	 HYodR3O5QUuZDzJVlKv5hzrkLO8XFSgpmjdgKt7o8Va5pg1/Z5cFvbBp8eX1Riu8x5
	 elXbEaL83L7qy2fh20lkataIdnGrav+9oLV88T236sPo9RKDTPY3zWu35nAwhONlL8
	 9QPtiEIUjwnVQ==
From: Christian Brauner <brauner@kernel.org>
To: Steve French <stfrench@microsoft.com>,
	David Howells <dhowells@redhat.com>
Cc: Christian Brauner <brauner@kernel.org>,
	Jeff Layton <jlayton@kernel.org>,
	Enzo Matsumiya <ematsumiya@suse.de>,
	netfs@lists.linux.dev,
	v9fs@lists.linux.dev,
	linux-afs@lists.infradead.org,
	linux-cifs@vger.kernel.org,
	linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] netfs: Fix AIO error handling when doing write-through
Date: Tue, 21 May 2024 16:16:49 +0200
Message-ID: <20240521-handel-landbrot-e013a2c4560d@brauner>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <295052.1716298587@warthog.procyon.org.uk>
References: <295052.1716298587@warthog.procyon.org.uk>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
X-Developer-Signature: v=1; a=openpgp-sha256; l=1381; i=brauner@kernel.org; h=from:subject:message-id; bh=k7c5PdzZkjCSd2BhGuu+0h3gB9EZl1yGGRc5tKw1BSg=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaT5rLn0rVQ1jjF39fu9z16/XlIhx1Nl41OR9F1K63uRF Gf+prW1HaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABNJiWP4Z3ksVLKaj8H8k5ON xg3nD/cuH2xcLGA/8b7FqwmP2Zl6JzP8j/jVEfFwJpvGt9dTb6wUXyBvMZnxo33KYx4buQ3K289 EMgEA
X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624
Content-Transfer-Encoding: 8bit

On Tue, 21 May 2024 14:36:27 +0100, David Howells wrote:
> If an error occurs whilst we're doing an AIO write in write-through mode,
> we may end up calling ->ki_complete() *and* returning an error from
> ->write_iter().  This can result in either a UAF (the ->ki_complete() func
> pointer may get overwritten, for example) or a refcount underflow in
> io_submit() as ->ki_complete is called twice.
> 
> Fix this by making netfs_end_writethrough() - and thus
> netfs_perform_write() - unconditionally return -EIOCBQUEUED if we're doing
> an AIO write and wait for completion if we're not.
> 
> [...]

Applied to the vfs.fixes branch of the vfs/vfs.git tree.
Patches in the vfs.fixes branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs.fixes

[1/1] netfs: Fix AIO error handling when doing write-through
      https://git.kernel.org/vfs/vfs/c/eb5239732070