Re: [PATCH] aio: fix a user triggered use after free (and fix freeze... | stable

(off-list ancestor, not in this archive)
[PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Christoph Hellwig <hch@lst.de> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Al Viro <viro@ZenIV.linux.org.uk> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Christoph Hellwig <hch@lst.de> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Al Viro <viro@ZenIV.linux.org.uk> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Al Viro <viro@ZenIV.linux.org.uk> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Christoph Hellwig <hch@lst.de> · 2016-10-30
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Linus Torvalds <torvalds@linux-foundation.org> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Al Viro <viro@ZenIV.linux.org.uk> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Linus Torvalds <torvalds@linux-foundation.org> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Al Viro <viro@ZenIV.linux.org.uk> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Linus Torvalds <torvalds@linux-foundation.org> · 2016-10-29
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Jan Kara <jack@suse.cz> · 2016-10-30
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Jan Kara <jack@suse.cz> · 2016-10-30
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Christoph Hellwig <hch@lst.de> · 2016-10-30
Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes) · Christoph Hellwig <hch@lst.de> · 2016-10-30

Re: [PATCH] aio: fix a user triggered use after free (and fix freeze protection of aio writes)

From: Al Viro <viro@ZenIV.linux.org.uk>
Date: 2016-10-29 12:24:58
Also in: linux-fsdevel, lkml

On Sat, Oct 29, 2016 at 09:44:29AM +0200, Christoph Hellwig wrote:

-		if (rw == WRITE)
+		if (rw == WRITE) {
 			file_start_write(file);
+			req->ki_flags |= IOCB_WRITE;
+		}

+		if (rw == WRITE) {
+			/*
+			 * We release freeze protection in aio_complete(). Fool
+			 * lockdep by telling it the lock got released so that
+			 * it doesn't complain about held lock when we return
+			 * to userspace.
+			 */
+			__sb_writers_release(file_inode(file)->i_sb,
+					SB_FREEZE_WRITE);
+		}

How about taking this chunk (i.e. telling lockdep that we are not holding this
thing) past the iter_op() call, where file_end_write() used to be?

As it is, you risk hiding the lock dependencies the current mainline would've
caught.  Other than that I see no problems with the patch...

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help