git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit

author	Miklos Szeredi <mszeredi@redhat.com>
	Wed, 28 Jul 2021 08:38:43 +0000 (10:38 +0200)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Thu, 13 Jan 2022 17:42:44 +0000 (18:42 +0100)
commit	d7d48fb58976f9347c45bc8aaf61c8f636a29c15
tree	164b4feaf36e28e8d7abadf8c431478f196a50a8	tree
parent	af497c494fc11621d864f24363fc826b9770c574	commit \| diff

ovl: fix deadlock in splice write

BugLink: https://bugs.launchpad.net/bugs/1953387
commit 9b91b6b019fda817eb52f728eb9c79b3579760bc upstream.

There's possibility of an ABBA deadlock in case of a splice write to an
overlayfs file and a concurrent splice write to a corresponding real file.

The call chain for splice to an overlay file:

-> do_splice                     [takes sb_writers on overlay file]
   -> do_splice_from
     -> iter_file_splice_write    [takes pipe->mutex]
       -> vfs_iter_write
         ...
         -> ovl_write_iter        [takes sb_writers on real file]

And the call chain for splice to a real file:

-> do_splice                     [takes sb_writers on real file]
   -> do_splice_from
     -> iter_file_splice_write    [takes pipe->mutex]

Syzbot successfully bisected this to commit 82a763e61e2b ("ovl: simplify
file splice").

Fix by reverting the write part of the above commit and by adding missing
bits from ovl_write_iter() into ovl_splice_write().

Fixes: 82a763e61e2b ("ovl: simplify file splice")
Reported-and-tested-by: syzbot+579885d1a9a833336209@syzkaller.appspotmail.com
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>