This is a note to let you know that I've just added the patch titled
io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter() failed
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
io_uring-kiocb_done-should-not-trust-ki_pos-if-read-.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 3deefa3702639c3bd717ca56fc79b93391e1ca77
Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Mon Aug 28 18:47:31 2023 -0400
io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter() failed
[ Upstream commit 1939316bf988f3e49a07d9c4dd6f660bf4daa53d ]
->ki_pos value is unreliable in such cases. For an obvious example,
consider O_DSYNC write - we feed the data to page cache and start IO,
then we make sure it's completed. Update of ->ki_pos is dealt with
by the first part; failure in the second ends up with negative value
returned _and_ ->ki_pos left advanced as if sync had been successful.
In the same situation write(2) does not advance the file position
at all.
Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
Reviewed-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/io_uring/rw.c b/io_uring/rw.c
index 1bce2208b65c4..d61620e080d10 100644
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -332,7 +332,7 @@ static int kiocb_done(struct io_kiocb *req, ssize_t ret,
struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw);
unsigned final_ret = io_fixup_rw_res(req, ret);
- if (req->flags & REQ_F_CUR_POS)
+ if (ret >= 0 && req->flags & REQ_F_CUR_POS)
req->file->f_pos = rw->kiocb.ki_pos;
if (ret >= 0 && (rw->kiocb.ki_complete == io_complete_rw)) {
if (!__io_complete_rw_common(req, ret)) {
