From: Al Viro <viro@zeniv.linux.org.uk>
To: Christoph Hellwig <hch@lst.de>
Cc: Christian Brauner <brauner@kernel.org>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Fenghua Yu <fenghua.yu@intel.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>,
Tejun Heo <tj@kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna@kernel.org>,
Kees Cook <keescook@chromium.org>,
Damien Le Moal <dlemoal@kernel.org>,
Naohiro Aota <naohiro.aota@wdc.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-s390@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-hardening@vger.kernel.org,
cgroups@vger.kernel.org
Subject: Re: [PATCH 05/19] fs: assign an anon dev_t in common code
Date: Thu, 14 Sep 2023 01:34:24 +0100 [thread overview]
Message-ID: <20230914003424.GD800259@ZenIV> (raw)
In-Reply-To: <20230913111013.77623-6-hch@lst.de>
On Wed, Sep 13, 2023 at 08:09:59AM -0300, Christoph Hellwig wrote:
> diff --git a/fs/super.c b/fs/super.c
> index bbe55f0651cca4..5c685b4944c2d6 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -787,7 +787,7 @@ struct super_block *sget_fc(struct fs_context *fc,
> struct super_block *s = NULL;
> struct super_block *old;
> struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns;
> - int err;
> + int err = 0;
>
> retry:
> spin_lock(&sb_lock);
> @@ -806,14 +806,26 @@ struct super_block *sget_fc(struct fs_context *fc,
> }
>
> s->s_fs_info = fc->s_fs_info;
> - err = set(s, fc);
> - if (err) {
> - s->s_fs_info = NULL;
> - spin_unlock(&sb_lock);
> - destroy_unused_super(s);
> - return ERR_PTR(err);
> + if (set) {
> + err = set(s, fc);
> + if (err) {
> + s->s_fs_info = NULL;
Pointless (as the original had been); destroy_unused_super() doesn't
even look at ->s_fs_info.
> + goto unlock_and_destroy;
> + }
> }
> fc->s_fs_info = NULL;
Here we are transferring the ownership from fc to superblock; it used to sit
right next to insertion into lists and all failure exits past that point must
go through deactivate_locked_super(), so ->kill_sb() would be called on those
and it would take care of s->s_fs_info. However, your variant has that
ownership transfer done at the point before get_anon_bdev(), and that got
you a new failure exit where you are still calling destroy_unused_super():
> + if (!s->s_dev) {
> + /*
> + * If the file system didn't set a s_dev (which is usually only
> + * done for block based file systems), set an anonymous dev_t
> + * here now so that we always have a valid ->s_dev.
> + */
> + err = get_anon_bdev(&s->s_dev);
> + if (err)
> + goto unlock_and_destroy;
This. And that's a leak - fc has no reference left in it, and your
unlock_and_destroy won't even look at what's in ->s_fs_info, let alone know
what to do with it.
IOW, clearing fc->s_fs_info should've been done after that chunk.
And looking at the change in sget(),
> + if (set) {
> + err = set(s, data);
> + if (err)
> + goto unlock_and_destroy;
> }
> +
> + if (!s->s_dev) {
> + err = get_anon_bdev(&s->s_dev);
> + if (err)
> + goto unlock_and_destroy;
> + }
I'd rather expressed it (both there and in sget_fc() as well) as
if (set)
err = set(s, data);
if (!err && !s->s_dev)
err = get_anon_bdev(&s->s_dev);
if (err)
goto unlock_and_destroy;
That's really what your transformation does - you are lifting the
calls of get_anon_bdev() (in guise of set_anon_super()) from the
tails of 'set' callbacks into the caller, making them conditional
upon the lack of other errors from 'set' and upon the ->s_dev left
zero and allow NULL for the case when that was all that had been
there.
The only place where you do something different is this:
> @@ -1191,7 +1191,6 @@ static struct dentry *ceph_real_mount(struct ceph_fs_client *fsc,
> static int ceph_set_super(struct super_block *s, struct fs_context *fc)
> {
> struct ceph_fs_client *fsc = s->s_fs_info;
> - int ret;
>
> dout("set_super %p\n", s);
>
> @@ -1211,11 +1210,7 @@ static int ceph_set_super(struct super_block *s, struct fs_context *fc)
> s->s_flags |= SB_NODIRATIME | SB_NOATIME;
>
> ceph_fscrypt_set_ops(s);
> -
> - ret = set_anon_super_fc(s, fc);
> - if (ret != 0)
> - fsc->sb = NULL;
> - return ret;
> + return 0;
fsc->sb = NULL has disappeared here; it *is* OK (the caller won't look at
fsc->sb after failed sget_fc()), but that's worth a mention somewhere.
A separate commit removing that clearing fsc->sb in ceph_set_super(),
perhaps?
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
Cc: Christian Brauner
<brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Heiko Carstens <hca-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Vasily Gorbik <gor-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Alexander Gordeev
<agordeev-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Fenghua Yu <fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Reinette Chatre
<reinette.chatre-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Miquel Raynal
<miquel.raynal-LDxbnhwyfcJBDgjK7y7TUQ@public.gmane.org>,
Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
Vignesh Raghavendra <vigneshr-l0cyMroinI0@public.gmane.org>,
Dennis Dalessandro
<dennis.dalessandro-ntyVByD3zXaTtA8H5PvdGFaTQe2KTcn/@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Trond Myklebust
<trond.myklebust-F/q8l9xzQnoyLce1RVWEUA@public.gmane.org>,
Anna Schumaker <anna-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Damien Le Moal <dlemoal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Naohiro Aota <naohiro.aota-Sjgp3cTcYWE@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-s39
Subject: Re: [PATCH 05/19] fs: assign an anon dev_t in common code
Date: Thu, 14 Sep 2023 01:34:24 +0100 [thread overview]
Message-ID: <20230914003424.GD800259@ZenIV> (raw)
In-Reply-To: <20230913111013.77623-6-hch-jcswGhMUV9g@public.gmane.org>
On Wed, Sep 13, 2023 at 08:09:59AM -0300, Christoph Hellwig wrote:
> diff --git a/fs/super.c b/fs/super.c
> index bbe55f0651cca4..5c685b4944c2d6 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -787,7 +787,7 @@ struct super_block *sget_fc(struct fs_context *fc,
> struct super_block *s = NULL;
> struct super_block *old;
> struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns;
> - int err;
> + int err = 0;
>
> retry:
> spin_lock(&sb_lock);
> @@ -806,14 +806,26 @@ struct super_block *sget_fc(struct fs_context *fc,
> }
>
> s->s_fs_info = fc->s_fs_info;
> - err = set(s, fc);
> - if (err) {
> - s->s_fs_info = NULL;
> - spin_unlock(&sb_lock);
> - destroy_unused_super(s);
> - return ERR_PTR(err);
> + if (set) {
> + err = set(s, fc);
> + if (err) {
> + s->s_fs_info = NULL;
Pointless (as the original had been); destroy_unused_super() doesn't
even look at ->s_fs_info.
> + goto unlock_and_destroy;
> + }
> }
> fc->s_fs_info = NULL;
Here we are transferring the ownership from fc to superblock; it used to sit
right next to insertion into lists and all failure exits past that point must
go through deactivate_locked_super(), so ->kill_sb() would be called on those
and it would take care of s->s_fs_info. However, your variant has that
ownership transfer done at the point before get_anon_bdev(), and that got
you a new failure exit where you are still calling destroy_unused_super():
> + if (!s->s_dev) {
> + /*
> + * If the file system didn't set a s_dev (which is usually only
> + * done for block based file systems), set an anonymous dev_t
> + * here now so that we always have a valid ->s_dev.
> + */
> + err = get_anon_bdev(&s->s_dev);
> + if (err)
> + goto unlock_and_destroy;
This. And that's a leak - fc has no reference left in it, and your
unlock_and_destroy won't even look at what's in ->s_fs_info, let alone know
what to do with it.
IOW, clearing fc->s_fs_info should've been done after that chunk.
And looking at the change in sget(),
> + if (set) {
> + err = set(s, data);
> + if (err)
> + goto unlock_and_destroy;
> }
> +
> + if (!s->s_dev) {
> + err = get_anon_bdev(&s->s_dev);
> + if (err)
> + goto unlock_and_destroy;
> + }
I'd rather expressed it (both there and in sget_fc() as well) as
if (set)
err = set(s, data);
if (!err && !s->s_dev)
err = get_anon_bdev(&s->s_dev);
if (err)
goto unlock_and_destroy;
That's really what your transformation does - you are lifting the
calls of get_anon_bdev() (in guise of set_anon_super()) from the
tails of 'set' callbacks into the caller, making them conditional
upon the lack of other errors from 'set' and upon the ->s_dev left
zero and allow NULL for the case when that was all that had been
there.
The only place where you do something different is this:
> @@ -1191,7 +1191,6 @@ static struct dentry *ceph_real_mount(struct ceph_fs_client *fsc,
> static int ceph_set_super(struct super_block *s, struct fs_context *fc)
> {
> struct ceph_fs_client *fsc = s->s_fs_info;
> - int ret;
>
> dout("set_super %p\n", s);
>
> @@ -1211,11 +1210,7 @@ static int ceph_set_super(struct super_block *s, struct fs_context *fc)
> s->s_flags |= SB_NODIRATIME | SB_NOATIME;
>
> ceph_fscrypt_set_ops(s);
> -
> - ret = set_anon_super_fc(s, fc);
> - if (ret != 0)
> - fsc->sb = NULL;
> - return ret;
> + return 0;
fsc->sb = NULL has disappeared here; it *is* OK (the caller won't look at
fsc->sb after failed sget_fc()), but that's worth a mention somewhere.
A separate commit removing that clearing fsc->sb in ceph_set_super(),
perhaps?
next prev parent reply other threads:[~2023-09-14 0:34 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 11:09 split up ->kill_sb Christoph Hellwig
2023-09-13 11:09 ` Christoph Hellwig
2023-09-13 11:09 ` [PATCH 01/19] fs: reflow deactivate_locked_super Christoph Hellwig
2023-09-13 11:09 ` Christoph Hellwig
2023-09-13 16:35 ` Christian Brauner
2023-09-13 16:35 ` Christian Brauner
2023-09-26 9:24 ` Christoph Hellwig
2023-09-26 9:24 ` Christoph Hellwig
2023-09-13 11:09 ` [PATCH 02/19] fs: make ->kill_sb optional Christoph Hellwig
2023-09-13 11:09 ` Christoph Hellwig
2023-09-13 11:09 ` [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super Christoph Hellwig
2023-09-13 11:09 ` Christoph Hellwig
2023-09-13 23:27 ` Al Viro
2023-09-13 23:27 ` Al Viro
2023-09-14 2:37 ` Al Viro
2023-09-14 2:37 ` Al Viro
2023-09-14 5:38 ` Al Viro
2023-09-14 5:38 ` Al Viro
2023-09-14 7:56 ` Christian Brauner
2023-09-14 7:56 ` Christian Brauner
2023-09-26 9:31 ` Christoph Hellwig
2023-09-26 9:31 ` Christoph Hellwig
2023-09-14 14:02 ` Christian Brauner
2023-09-14 14:02 ` Christian Brauner
2023-09-14 16:58 ` Al Viro
2023-09-14 16:58 ` Al Viro
2023-09-14 19:23 ` Al Viro
2023-09-14 19:23 ` Al Viro
2023-09-15 7:40 ` Christian Brauner
2023-09-15 7:40 ` Christian Brauner
2023-09-15 9:44 ` Christian Brauner
2023-09-15 9:44 ` Christian Brauner
2023-09-15 14:12 ` Christian Brauner
2023-09-15 14:12 ` Christian Brauner
2023-09-15 14:28 ` Al Viro
2023-09-15 14:28 ` Al Viro
2023-09-15 14:33 ` Al Viro
2023-09-15 14:33 ` Al Viro
2023-09-15 14:40 ` Christian Brauner
2023-09-15 14:40 ` Christian Brauner
2023-09-26 9:41 ` Christoph Hellwig
2023-09-26 9:41 ` Christoph Hellwig
2023-09-26 9:38 ` Christoph Hellwig
2023-09-26 9:38 ` Christoph Hellwig
2023-09-26 21:25 ` Al Viro
2023-09-27 22:29 ` Al Viro
2023-10-02 6:46 ` Christoph Hellwig
2023-10-09 21:57 ` Al Viro
2023-10-10 8:44 ` Christian Brauner
2023-10-17 19:50 ` Al Viro
2023-09-13 11:09 ` [PATCH 04/19] NFS: remove the s_dev field from struct nfs_server Christoph Hellwig
2023-09-13 11:09 ` Christoph Hellwig
2023-09-13 11:09 ` [PATCH 05/19] fs: assign an anon dev_t in common code Christoph Hellwig
2023-09-13 11:09 ` Christoph Hellwig
2023-09-14 0:34 ` Al Viro [this message]
2023-09-14 0:34 ` Al Viro
2023-09-13 11:10 ` [PATCH 06/19] qibfs: use simple_release_fs Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-18 11:41 ` Leon Romanovsky
2023-09-18 11:41 ` Leon Romanovsky
2023-09-13 11:10 ` [PATCH 07/19] hypfs: use d_genocide to kill fs entries Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 11:10 ` [PATCH 08/19] pstore: shrink the pstore_sb_lock critical section in pstore_kill_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 22:07 ` Kees Cook
2023-09-13 22:07 ` Kees Cook
2023-09-13 11:10 ` [PATCH 09/19] zonefs: remove duplicate cleanup in zonefs_fill_super Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-14 0:33 ` Damien Le Moal
2023-09-14 0:33 ` Damien Le Moal
2023-09-14 0:49 ` Al Viro
2023-09-14 0:49 ` Al Viro
2023-09-13 11:10 ` [PATCH 10/19] USB: gadget/legacy: remove sb_mutex Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 16:10 ` Alan Stern
2023-09-13 16:10 ` Alan Stern
2023-09-26 9:24 ` Christoph Hellwig
2023-09-26 9:24 ` Christoph Hellwig
2023-09-14 10:22 ` Sergey Shtylyov
2023-09-14 10:22 ` Sergey Shtylyov
2023-09-13 11:10 ` [PATCH 11/19] fs: add new shutdown_sb and free_sb methods Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-14 2:07 ` Al Viro
2023-09-14 2:07 ` Al Viro
2023-09-13 11:10 ` [PATCH 12/19] fs: convert kill_litter_super to litter_shutdown_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 22:07 ` Kees Cook
2023-09-13 22:07 ` Kees Cook
2023-09-13 11:10 ` [PATCH 13/19] fs: convert kill_block_super to block_free_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-14 2:29 ` Al Viro
2023-09-14 2:29 ` Al Viro
2023-09-13 11:10 ` [PATCH 14/19] jffs2: convert to ->shutdown_sb and ->free_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 11:10 ` [PATCH 15/19] kernfs: split ->kill_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-18 15:24 ` Michal Koutný
2023-09-18 15:24 ` Michal Koutný
2023-09-13 11:10 ` [PATCH 16/19] x86/resctrl: release rdtgroup_mutex and the CPU hotplug lock in rdt_shutdown_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 11:10 ` [PATCH 17/19] NFS: move nfs_kill_super to fs_context.c Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 11:10 ` [PATCH 18/19] fs: simple ->shutdown_sb and ->free_sb conversions Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
2023-09-13 11:10 ` [PATCH 19/19] fs: remove ->kill_sb Christoph Hellwig
2023-09-13 11:10 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230914003424.GD800259@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=agordeev@linux.ibm.com \
--cc=anna@kernel.org \
--cc=brauner@kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=dennis.dalessandro@cornelisnetworks.com \
--cc=dlemoal@kernel.org \
--cc=fenghua.yu@intel.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hca@linux.ibm.com \
--cc=hch@lst.de \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=miquel.raynal@bootlin.com \
--cc=naohiro.aota@wdc.com \
--cc=reinette.chatre@intel.com \
--cc=richard@nod.at \
--cc=tj@kernel.org \
--cc=trond.myklebust@hammerspace.com \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.