1. Patchew
  2. linux
  3. View series

[PATCH RESEND] fs/netfs/read_collect: add to next->prev_donated

Max Kellermann posted 1 patch 11 months, 3 weeks ago 
fs/netfs/read_collect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH RESEND] fs/netfs/read_collect: add to next->prev_donated
Posted by Max Kellermann 11 months, 3 weeks ago 
If multiple subrequests donate data to the same "next" request
(depending on the subrequest completion order), each of them would
overwrite the `prev_donated` field, causing data corruption and a
BUG() crash ("Can't donate prior to front").

Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
Closes: https://lore.kernel.org/netfs/CAKPOu+_4mUwYgQtRTbXCmi+-k3PGvLysnPadkmHOyB7Gz0iSMA@mail.gmail.com/
Cc: stable@vger.kernel.org
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
 fs/netfs/read_collect.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c
index 8878b46589ff..cafadfe8e858 100644
--- a/fs/netfs/read_collect.c
+++ b/fs/netfs/read_collect.c
@@ -284,7 +284,7 @@ static bool netfs_consume_read_data(struct netfs_io_subrequest *subreq, bool was
 				   netfs_trace_donate_to_deferred_next);
 	} else {
 		next = list_next_entry(subreq, rreq_link);
-		WRITE_ONCE(next->prev_donated, excess);
+		WRITE_ONCE(next->prev_donated, next->prev_donated + excess);
 		trace_netfs_donate(rreq, subreq, next, excess,
 				   netfs_trace_donate_to_next);
 	}
-- 
2.47.2
Re: [PATCH RESEND] fs/netfs/read_collect: add to next->prev_donated
Posted by David Howells 10 months, 3 weeks ago 
Hi Greg,

Could you pick this up for 6.12.y and 6.13.y?

https://lore.kernel.org/netfs/20250220152450.1075727-1-max.kellermann@ionos.com/

Thanks,
David
Re: [PATCH RESEND] fs/netfs/read_collect: add to next->prev_donated
Posted by Greg Kroah-Hartman 10 months, 3 weeks ago 
On Mon, Mar 17, 2025 at 10:03:12AM +0000, David Howells wrote:
> Hi Greg,
> 
> Could you pick this up for 6.12.y and 6.13.y?
> 
> https://lore.kernel.org/netfs/20250220152450.1075727-1-max.kellermann@ionos.com/

Oops, missed this, sorry, now queued up.

greg k-h
Re: [PATCH RESEND] fs/netfs/read_collect: add to next->prev_donated
Posted by Salvatore Bonaccorso 10 months, 4 weeks ago 
Hi,

On Thu, Feb 20, 2025 at 04:24:50PM +0100, Max Kellermann wrote:
> If multiple subrequests donate data to the same "next" request
> (depending on the subrequest completion order), each of them would
> overwrite the `prev_donated` field, causing data corruption and a
> BUG() crash ("Can't donate prior to front").
> 
> Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
> Closes: https://lore.kernel.org/netfs/CAKPOu+_4mUwYgQtRTbXCmi+-k3PGvLysnPadkmHOyB7Gz0iSMA@mail.gmail.com/
> Cc: stable@vger.kernel.org
> Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>  fs/netfs/read_collect.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c
> index 8878b46589ff..cafadfe8e858 100644
> --- a/fs/netfs/read_collect.c
> +++ b/fs/netfs/read_collect.c
> @@ -284,7 +284,7 @@ static bool netfs_consume_read_data(struct netfs_io_subrequest *subreq, bool was
>  				   netfs_trace_donate_to_deferred_next);
>  	} else {
>  		next = list_next_entry(subreq, rreq_link);
> -		WRITE_ONCE(next->prev_donated, excess);
> +		WRITE_ONCE(next->prev_donated, next->prev_donated + excess);
>  		trace_netfs_donate(rreq, subreq, next, excess,
>  				   netfs_trace_donate_to_next);
>  	}
> -- 
> 2.47.2

Unless I did some mistakes researching both the stable, netfs lists,
did this felt through the cracks and is still missing for to be picked
for the 6.12.y and 6.13.y series?

Regards,
Salvatore

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.