[Devel] [PATCH] fs/fuse kio: fix stack overrun in request_end()
Kirill Tkhai
ktkhai at virtuozzo.com
Fri May 31 12:30:48 MSK 2019
On 31.05.2019 12:28, Pavel Butsykin wrote:
>
>
> On 31.05.2019 12:16, Kirill Tkhai wrote:
>> On 31.05.2019 11:39, Pavel Butsykin wrote:
>>> Unexpectedly, request_end() function turned out to be recursive, which leads to
>>> stack overrun:
>>> [76293.902783] [<ffffffffc0faa4ff>] request_end+0x334/0x3cf [fuse]
>>> [76293.902789] [<ffffffffc0fdc9d3>] pcs_fuse_submit+0x49d/0x4f5 [fuse_kio_pcs]
>>> [76293.902795] [<ffffffffc0fbd775>] ? fuse_flush_writepages+0x8f/0x8f [fuse]
>>> [76293.902800] [<ffffffffc0fdd745>] kpcs_req_send+0x210/0x3bb [fuse_kio_pcs]
>>> [76293.902805] [<ffffffffc0faa17b>] flush_bg_queue+0x1ba/0x20a [fuse]
>>> [76293.902810] [<ffffffffc0faa4ff>] request_end+0x334/0x3cf [fuse]
>>> [76293.902816] [<ffffffffc0fdc9d3>] pcs_fuse_submit+0x49d/0x4f5 [fuse_kio_pcs]
>>> [76293.902818] [<ffffffff8c57cdd0>] ? debug_check_no_locks_freed+0x2a0/0x2a0
>>> [76293.902824] [<ffffffffc0fbd775>] ? fuse_flush_writepages+0x8f/0x8f [fuse]
>>> [76293.902829] [<ffffffffc0fdd745>] kpcs_req_send+0x210/0x3bb [fuse_kio_pcs]
>>> [76293.902834] [<ffffffffc0faa17b>] flush_bg_queue+0x1ba/0x20a [fuse]
>>> [76293.902839] [<ffffffffc0faa4ff>] request_end+0x334/0x3cf [fuse]
>>>
>>> To fix this, let's call request_end() inside kpcs_req_send() synchronously for
>>> background requests.
>>
>> Oh. I'm not sure this complexity is worth its payload.
>
> I just wanted to avoid modification of fuse code. But probably the price is too
> expensive.
The problem is this gives also synchronization complexity like we need to think
whether we should care about flushing pcs_dentry_info::work on inode destroy.
Kirill
More information about the Devel
mailing list