diff options
| author | Miklos Szeredi <mszeredi@redhat.com> | 2021-07-28 10:38:43 +0200 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2021-08-10 10:21:30 +0200 |
| commit | 9b91b6b019fda817eb52f728eb9c79b3579760bc (patch) | |
| tree | ff9d912e8f6943cc084d9a8160def07e50225378 /init | |
| parent | 9011c2791e63fc05721b545c41ad025d8073566e (diff) | |
ovl: fix deadlock in splice write
There's possibility of an ABBA deadlock in case of a splice write to an
overlayfs file and a concurrent splice write to a corresponding real file.
The call chain for splice to an overlay file:
-> do_splice [takes sb_writers on overlay file]
-> do_splice_from
-> iter_file_splice_write [takes pipe->mutex]
-> vfs_iter_write
...
-> ovl_write_iter [takes sb_writers on real file]
And the call chain for splice to a real file:
-> do_splice [takes sb_writers on real file]
-> do_splice_from
-> iter_file_splice_write [takes pipe->mutex]
Syzbot successfully bisected this to commit 82a763e61e2b ("ovl: simplify
file splice").
Fix by reverting the write part of the above commit and by adding missing
bits from ovl_write_iter() into ovl_splice_write().
Fixes: 82a763e61e2b ("ovl: simplify file splice")
Reported-and-tested-by: syzbot+579885d1a9a833336209@syzkaller.appspotmail.com
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions