Can you pick this one up?
On Mon, Apr 28, 2025 at 10:36:26PM +0800, Lizhi Xu wrote:
> Some file systems do not support read_iter/write_iter, such as selinuxfs
> in this issue.
> So before calling them, first confirm that the interface is supported and
> then call it.
>
> It is releavant in that vfs_iter_read/write have the check, and removal
> of their used caused szybot to be able to hit this issue.
>
> Fixes: f2fed441c69b ("loop: stop using vfs_iter__{read,write} for buffered I/O")
> Reported-by: syzbot+6af973a3b8dfd2faefdc@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=6af973a3b8dfd2faefdc
> Signed-off-by: Lizhi Xu <lizhi.xu@xxxxxxxxxxxxx>
> Reviewed-by: Christoph Hellwig <hch@xxxxxx>
> ---
> V1 -> V2: move check to loop_configure and loop_change_fd
> V2 -> V3: using helper for this check
> V3 -> V4: remove input parameters change and mode
> V4 -> V5: remove braces around !file->f_op->write_iter
>
> drivers/block/loop.c | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/drivers/block/loop.c b/drivers/block/loop.c
> index 46cba261075f..655d33e63cb9 100644
> --- a/drivers/block/loop.c
> +++ b/drivers/block/loop.c
> @@ -505,6 +505,17 @@ static void loop_assign_backing_file(struct loop_device *lo, struct file *file)
> lo->lo_min_dio_size = loop_query_min_dio_size(lo);
> }
>
> +static int loop_check_backing_file(struct file *file)
> +{
> + if (!file->f_op->read_iter)
> + return -EINVAL;
> +
> + if ((file->f_mode & FMODE_WRITE) && !file->f_op->write_iter)
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> /*
> * loop_change_fd switched the backing store of a loopback device to
> * a new file. This is useful for operating system installers to free up
> @@ -526,6 +537,10 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
> if (!file)
> return -EBADF;
>
> + error = loop_check_backing_file(file);
> + if (error)
> + return error;
> +
> /* suppress uevents while reconfiguring the device */
> dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 1);
>
> @@ -963,6 +978,14 @@ static int loop_configure(struct loop_device *lo, blk_mode_t mode,
>
> if (!file)
> return -EBADF;
> +
> + if ((mode & BLK_OPEN_WRITE) && !file->f_op->write_iter)
> + return -EINVAL;
> +
> + error = loop_check_backing_file(file);
> + if (error)
> + return error;
> +
> is_loop = is_loop_device(file);
>
> /* This is safe, since we have a reference from open(). */
> --
> 2.43.0
>
>
---end quoted text---
