On 1/2/22 11:03 PM, Jann Horn wrote: > io_uring has some dodgy code that seems to be reading and writing > file->f_pos without holding the file->f_pos_lock. And even if the file > doesn't have an f_op->read or f_op->read_iter handler, I think you > might be able to read ->f_pos of an ext4 directory and write the value > back later, unless I'm missing a check somewhere? I posted an RFC to hold f_pos_lock across those operations before the break: https://lore.kernel.org/io-uring/8a9e55bf-3195-5282-2907-41b2f2b23cc8@xxxxxxxxx/ picking it up this week and flushing it out, hopefully. -- Jens Axboe
