[Devel] [PATCH RHEL9 COMMIT] fs/fuse: illegal kmap_atomic in copy_out_krpczc()

Wed, 04 Feb 2026 13:30:41 -0800 

The commit is pushed to "branch-rh9-5.14.0-427.106.1.vz9.90.x-ovz" and will 
appear at [email protected]:openvz/vzkernel.git
after rh9-5.14.0-427.106.1.vz9.90.2
------>
commit 411988ae7b1112e4d0e93f2e9c74b67ec3e86a1b
Author: Alexey Kuznetsov <[email protected]>
Date:   Wed Feb 4 03:12:26 2026 +0800

    fs/fuse: illegal kmap_atomic in copy_out_krpczc()
    
    The bug is obvious and fatal. No comments. It should be delivered
    as kpatch.
    
    But the situation is quite interesting. There are two puzzles here.
    
    First, how the hell nobody have seen this? I was even sure
    it was introduced by me, because in my latest tests it kills vstorage
    instantly. Nope, it was always there, just neither our tests nor
    customer's load is enough to trigger it. vstorage uses for io
    only mlocked memory, so that no page faults are even possible.
    
    Here is the second puzzle. Why is it triggered at all?
    Here is the discovery: intel triggers lots of suprious
    useless page faults! No idea whether it is a hardware bug or it is a 
feature.
    But it looks like when one cpu accesses memory and internally sets
    accessed/dirty bits on pte, any access on other cpu triggers
    useless fault. Not exactly sure, but my investigation confirms
    this conjecture.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-124050
    Fixes: ffe8a89ef7d73 ("fs/fuse kio: implement zerocopy read with krpc")
    
    Signed-off-by: Alexey Kuznetsov <[email protected]>
    
    Feature: vStorage
---
 fs/fuse/dev.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 8112de4abadda..d39a78d4fa52b 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -2197,13 +2197,13 @@ static int copy_out_krpczc(struct fuse_copy_state *cs, 
struct fuse_args *args,
 
                        /* copy data from userspace buff, otherwise data had 
been zero-copied */
                        if (src) {
-                               dst = kmap_atomic(ap->pages[didx]);
+                               dst = kmap_local_page(ap->pages[didx]);
                                if (copy_from_user(dst + doff, src, copy)) {
-                                       kunmap_atomic(dst);
+                                       kunmap_local(dst);
                                        err = -EFAULT;
                                        goto out;
                                }
-                               kunmap_atomic(dst);
+                               kunmap_local(dst);
 
                                src += copy;
                        }
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to