From: Al Viro <viro@zeniv.linux.org.uk> To: Christoph Hellwig <hch@lst.de> Cc: Christian Brauner <brauner@kernel.org>, Heiko Carstens <hca@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Alexander Gordeev <agordeev@linux.ibm.com>, Fenghua Yu <fenghua.yu@intel.com>, Reinette Chatre <reinette.chatre@intel.com>, Miquel Raynal <miquel.raynal@bootlin.com>, Richard Weinberger <richard@nod.at>, Vignesh Raghavendra <vigneshr@ti.com>, Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>, Tejun Heo <tj@kernel.org>, Trond Myklebust <trond.myklebust@hammerspace.com>, Anna Schumaker <anna@kernel.org>, Kees Cook <keescook@chromium.org>, Damien Le Moal <dlemoal@kernel.org>, Naohiro Aota <naohiro.aota@wdc.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-rdma@vger.kernel.org, linux-nfs@vger.kernel.org, linux-hardening@vger.kernel.org, cgroups@vger.kernel.org Subject: Re: [PATCH 05/19] fs: assign an anon dev_t in common code Date: Thu, 14 Sep 2023 01:34:24 +0100 [thread overview] Message-ID: <20230914003424.GD800259@ZenIV> (raw) In-Reply-To: <20230913111013.77623-6-hch@lst.de> On Wed, Sep 13, 2023 at 08:09:59AM -0300, Christoph Hellwig wrote: > diff --git a/fs/super.c b/fs/super.c > index bbe55f0651cca4..5c685b4944c2d6 100644 > --- a/fs/super.c > +++ b/fs/super.c > @@ -787,7 +787,7 @@ struct super_block *sget_fc(struct fs_context *fc, > struct super_block *s = NULL; > struct super_block *old; > struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns; > - int err; > + int err = 0; > > retry: > spin_lock(&sb_lock); > @@ -806,14 +806,26 @@ struct super_block *sget_fc(struct fs_context *fc, > } > > s->s_fs_info = fc->s_fs_info; > - err = set(s, fc); > - if (err) { > - s->s_fs_info = NULL; > - spin_unlock(&sb_lock); > - destroy_unused_super(s); > - return ERR_PTR(err); > + if (set) { > + err = set(s, fc); > + if (err) { > + s->s_fs_info = NULL; Pointless (as the original had been); destroy_unused_super() doesn't even look at ->s_fs_info. > + goto unlock_and_destroy; > + } > } > fc->s_fs_info = NULL; Here we are transferring the ownership from fc to superblock; it used to sit right next to insertion into lists and all failure exits past that point must go through deactivate_locked_super(), so ->kill_sb() would be called on those and it would take care of s->s_fs_info. However, your variant has that ownership transfer done at the point before get_anon_bdev(), and that got you a new failure exit where you are still calling destroy_unused_super(): > + if (!s->s_dev) { > + /* > + * If the file system didn't set a s_dev (which is usually only > + * done for block based file systems), set an anonymous dev_t > + * here now so that we always have a valid ->s_dev. > + */ > + err = get_anon_bdev(&s->s_dev); > + if (err) > + goto unlock_and_destroy; This. And that's a leak - fc has no reference left in it, and your unlock_and_destroy won't even look at what's in ->s_fs_info, let alone know what to do with it. IOW, clearing fc->s_fs_info should've been done after that chunk. And looking at the change in sget(), > + if (set) { > + err = set(s, data); > + if (err) > + goto unlock_and_destroy; > } > + > + if (!s->s_dev) { > + err = get_anon_bdev(&s->s_dev); > + if (err) > + goto unlock_and_destroy; > + } I'd rather expressed it (both there and in sget_fc() as well) as if (set) err = set(s, data); if (!err && !s->s_dev) err = get_anon_bdev(&s->s_dev); if (err) goto unlock_and_destroy; That's really what your transformation does - you are lifting the calls of get_anon_bdev() (in guise of set_anon_super()) from the tails of 'set' callbacks into the caller, making them conditional upon the lack of other errors from 'set' and upon the ->s_dev left zero and allow NULL for the case when that was all that had been there. The only place where you do something different is this: > @@ -1191,7 +1191,6 @@ static struct dentry *ceph_real_mount(struct ceph_fs_client *fsc, > static int ceph_set_super(struct super_block *s, struct fs_context *fc) > { > struct ceph_fs_client *fsc = s->s_fs_info; > - int ret; > > dout("set_super %p\n", s); > > @@ -1211,11 +1210,7 @@ static int ceph_set_super(struct super_block *s, struct fs_context *fc) > s->s_flags |= SB_NODIRATIME | SB_NOATIME; > > ceph_fscrypt_set_ops(s); > - > - ret = set_anon_super_fc(s, fc); > - if (ret != 0) > - fsc->sb = NULL; > - return ret; > + return 0; fsc->sb = NULL has disappeared here; it *is* OK (the caller won't look at fsc->sb after failed sget_fc()), but that's worth a mention somewhere. A separate commit removing that clearing fsc->sb in ceph_set_super(), perhaps?
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org> To: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org> Cc: Christian Brauner <brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Heiko Carstens <hca-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>, Vasily Gorbik <gor-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>, Alexander Gordeev <agordeev-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>, Fenghua Yu <fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Reinette Chatre <reinette.chatre-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Miquel Raynal <miquel.raynal-LDxbnhwyfcJBDgjK7y7TUQ@public.gmane.org>, Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>, Vignesh Raghavendra <vigneshr-l0cyMroinI0@public.gmane.org>, Dennis Dalessandro <dennis.dalessandro-ntyVByD3zXaTtA8H5PvdGFaTQe2KTcn/@public.gmane.org>, Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Trond Myklebust <trond.myklebust-F/q8l9xzQnoyLce1RVWEUA@public.gmane.org>, Anna Schumaker <anna-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>, Damien Le Moal <dlemoal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Naohiro Aota <naohiro.aota-Sjgp3cTcYWE@public.gmane.org>, Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>, linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-s39 Subject: Re: [PATCH 05/19] fs: assign an anon dev_t in common code Date: Thu, 14 Sep 2023 01:34:24 +0100 [thread overview] Message-ID: <20230914003424.GD800259@ZenIV> (raw) In-Reply-To: <20230913111013.77623-6-hch-jcswGhMUV9g@public.gmane.org> On Wed, Sep 13, 2023 at 08:09:59AM -0300, Christoph Hellwig wrote: > diff --git a/fs/super.c b/fs/super.c > index bbe55f0651cca4..5c685b4944c2d6 100644 > --- a/fs/super.c > +++ b/fs/super.c > @@ -787,7 +787,7 @@ struct super_block *sget_fc(struct fs_context *fc, > struct super_block *s = NULL; > struct super_block *old; > struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns; > - int err; > + int err = 0; > > retry: > spin_lock(&sb_lock); > @@ -806,14 +806,26 @@ struct super_block *sget_fc(struct fs_context *fc, > } > > s->s_fs_info = fc->s_fs_info; > - err = set(s, fc); > - if (err) { > - s->s_fs_info = NULL; > - spin_unlock(&sb_lock); > - destroy_unused_super(s); > - return ERR_PTR(err); > + if (set) { > + err = set(s, fc); > + if (err) { > + s->s_fs_info = NULL; Pointless (as the original had been); destroy_unused_super() doesn't even look at ->s_fs_info. > + goto unlock_and_destroy; > + } > } > fc->s_fs_info = NULL; Here we are transferring the ownership from fc to superblock; it used to sit right next to insertion into lists and all failure exits past that point must go through deactivate_locked_super(), so ->kill_sb() would be called on those and it would take care of s->s_fs_info. However, your variant has that ownership transfer done at the point before get_anon_bdev(), and that got you a new failure exit where you are still calling destroy_unused_super(): > + if (!s->s_dev) { > + /* > + * If the file system didn't set a s_dev (which is usually only > + * done for block based file systems), set an anonymous dev_t > + * here now so that we always have a valid ->s_dev. > + */ > + err = get_anon_bdev(&s->s_dev); > + if (err) > + goto unlock_and_destroy; This. And that's a leak - fc has no reference left in it, and your unlock_and_destroy won't even look at what's in ->s_fs_info, let alone know what to do with it. IOW, clearing fc->s_fs_info should've been done after that chunk. And looking at the change in sget(), > + if (set) { > + err = set(s, data); > + if (err) > + goto unlock_and_destroy; > } > + > + if (!s->s_dev) { > + err = get_anon_bdev(&s->s_dev); > + if (err) > + goto unlock_and_destroy; > + } I'd rather expressed it (both there and in sget_fc() as well) as if (set) err = set(s, data); if (!err && !s->s_dev) err = get_anon_bdev(&s->s_dev); if (err) goto unlock_and_destroy; That's really what your transformation does - you are lifting the calls of get_anon_bdev() (in guise of set_anon_super()) from the tails of 'set' callbacks into the caller, making them conditional upon the lack of other errors from 'set' and upon the ->s_dev left zero and allow NULL for the case when that was all that had been there. The only place where you do something different is this: > @@ -1191,7 +1191,6 @@ static struct dentry *ceph_real_mount(struct ceph_fs_client *fsc, > static int ceph_set_super(struct super_block *s, struct fs_context *fc) > { > struct ceph_fs_client *fsc = s->s_fs_info; > - int ret; > > dout("set_super %p\n", s); > > @@ -1211,11 +1210,7 @@ static int ceph_set_super(struct super_block *s, struct fs_context *fc) > s->s_flags |= SB_NODIRATIME | SB_NOATIME; > > ceph_fscrypt_set_ops(s); > - > - ret = set_anon_super_fc(s, fc); > - if (ret != 0) > - fsc->sb = NULL; > - return ret; > + return 0; fsc->sb = NULL has disappeared here; it *is* OK (the caller won't look at fsc->sb after failed sget_fc()), but that's worth a mention somewhere. A separate commit removing that clearing fsc->sb in ceph_set_super(), perhaps?
next prev parent reply other threads:[~2023-09-14 0:34 UTC|newest] Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-09-13 11:09 split up ->kill_sb Christoph Hellwig 2023-09-13 11:09 ` Christoph Hellwig 2023-09-13 11:09 ` [PATCH 01/19] fs: reflow deactivate_locked_super Christoph Hellwig 2023-09-13 11:09 ` Christoph Hellwig 2023-09-13 16:35 ` Christian Brauner 2023-09-13 16:35 ` Christian Brauner 2023-09-26 9:24 ` Christoph Hellwig 2023-09-26 9:24 ` Christoph Hellwig 2023-09-13 11:09 ` [PATCH 02/19] fs: make ->kill_sb optional Christoph Hellwig 2023-09-13 11:09 ` Christoph Hellwig 2023-09-13 11:09 ` [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super Christoph Hellwig 2023-09-13 11:09 ` Christoph Hellwig 2023-09-13 23:27 ` Al Viro 2023-09-13 23:27 ` Al Viro 2023-09-14 2:37 ` Al Viro 2023-09-14 2:37 ` Al Viro 2023-09-14 5:38 ` Al Viro 2023-09-14 5:38 ` Al Viro 2023-09-14 7:56 ` Christian Brauner 2023-09-14 7:56 ` Christian Brauner 2023-09-26 9:31 ` Christoph Hellwig 2023-09-26 9:31 ` Christoph Hellwig 2023-09-14 14:02 ` Christian Brauner 2023-09-14 14:02 ` Christian Brauner 2023-09-14 16:58 ` Al Viro 2023-09-14 16:58 ` Al Viro 2023-09-14 19:23 ` Al Viro 2023-09-14 19:23 ` Al Viro 2023-09-15 7:40 ` Christian Brauner 2023-09-15 7:40 ` Christian Brauner 2023-09-15 9:44 ` Christian Brauner 2023-09-15 9:44 ` Christian Brauner 2023-09-15 14:12 ` Christian Brauner 2023-09-15 14:12 ` Christian Brauner 2023-09-15 14:28 ` Al Viro 2023-09-15 14:28 ` Al Viro 2023-09-15 14:33 ` Al Viro 2023-09-15 14:33 ` Al Viro 2023-09-15 14:40 ` Christian Brauner 2023-09-15 14:40 ` Christian Brauner 2023-09-26 9:41 ` Christoph Hellwig 2023-09-26 9:41 ` Christoph Hellwig 2023-09-26 9:38 ` Christoph Hellwig 2023-09-26 9:38 ` Christoph Hellwig 2023-09-26 21:25 ` Al Viro 2023-09-27 22:29 ` Al Viro 2023-10-02 6:46 ` Christoph Hellwig 2023-10-09 21:57 ` Al Viro 2023-10-10 8:44 ` Christian Brauner 2023-10-17 19:50 ` Al Viro 2023-09-13 11:09 ` [PATCH 04/19] NFS: remove the s_dev field from struct nfs_server Christoph Hellwig 2023-09-13 11:09 ` Christoph Hellwig 2023-09-13 11:09 ` [PATCH 05/19] fs: assign an anon dev_t in common code Christoph Hellwig 2023-09-13 11:09 ` Christoph Hellwig 2023-09-14 0:34 ` Al Viro [this message] 2023-09-14 0:34 ` Al Viro 2023-09-13 11:10 ` [PATCH 06/19] qibfs: use simple_release_fs Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-18 11:41 ` Leon Romanovsky 2023-09-18 11:41 ` Leon Romanovsky 2023-09-13 11:10 ` [PATCH 07/19] hypfs: use d_genocide to kill fs entries Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 11:10 ` [PATCH 08/19] pstore: shrink the pstore_sb_lock critical section in pstore_kill_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 22:07 ` Kees Cook 2023-09-13 22:07 ` Kees Cook 2023-09-13 11:10 ` [PATCH 09/19] zonefs: remove duplicate cleanup in zonefs_fill_super Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-14 0:33 ` Damien Le Moal 2023-09-14 0:33 ` Damien Le Moal 2023-09-14 0:49 ` Al Viro 2023-09-14 0:49 ` Al Viro 2023-09-13 11:10 ` [PATCH 10/19] USB: gadget/legacy: remove sb_mutex Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 16:10 ` Alan Stern 2023-09-13 16:10 ` Alan Stern 2023-09-26 9:24 ` Christoph Hellwig 2023-09-26 9:24 ` Christoph Hellwig 2023-09-14 10:22 ` Sergey Shtylyov 2023-09-14 10:22 ` Sergey Shtylyov 2023-09-13 11:10 ` [PATCH 11/19] fs: add new shutdown_sb and free_sb methods Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-14 2:07 ` Al Viro 2023-09-14 2:07 ` Al Viro 2023-09-13 11:10 ` [PATCH 12/19] fs: convert kill_litter_super to litter_shutdown_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 22:07 ` Kees Cook 2023-09-13 22:07 ` Kees Cook 2023-09-13 11:10 ` [PATCH 13/19] fs: convert kill_block_super to block_free_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-14 2:29 ` Al Viro 2023-09-14 2:29 ` Al Viro 2023-09-13 11:10 ` [PATCH 14/19] jffs2: convert to ->shutdown_sb and ->free_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 11:10 ` [PATCH 15/19] kernfs: split ->kill_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-18 15:24 ` Michal Koutný 2023-09-18 15:24 ` Michal Koutný 2023-09-13 11:10 ` [PATCH 16/19] x86/resctrl: release rdtgroup_mutex and the CPU hotplug lock in rdt_shutdown_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 11:10 ` [PATCH 17/19] NFS: move nfs_kill_super to fs_context.c Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 11:10 ` [PATCH 18/19] fs: simple ->shutdown_sb and ->free_sb conversions Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig 2023-09-13 11:10 ` [PATCH 19/19] fs: remove ->kill_sb Christoph Hellwig 2023-09-13 11:10 ` Christoph Hellwig
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230914003424.GD800259@ZenIV \ --to=viro@zeniv.linux.org.uk \ --cc=agordeev@linux.ibm.com \ --cc=anna@kernel.org \ --cc=brauner@kernel.org \ --cc=cgroups@vger.kernel.org \ --cc=dennis.dalessandro@cornelisnetworks.com \ --cc=dlemoal@kernel.org \ --cc=fenghua.yu@intel.com \ --cc=gor@linux.ibm.com \ --cc=gregkh@linuxfoundation.org \ --cc=hca@linux.ibm.com \ --cc=hch@lst.de \ --cc=keescook@chromium.org \ --cc=linux-hardening@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nfs@vger.kernel.org \ --cc=linux-rdma@vger.kernel.org \ --cc=linux-s390@vger.kernel.org \ --cc=linux-usb@vger.kernel.org \ --cc=miquel.raynal@bootlin.com \ --cc=naohiro.aota@wdc.com \ --cc=reinette.chatre@intel.com \ --cc=richard@nod.at \ --cc=tj@kernel.org \ --cc=trond.myklebust@hammerspace.com \ --cc=vigneshr@ti.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.