From: Al Viro <viro@zeniv.linux.org.uk>
To: Bob Peterson <rpeterso@redhat.com>
Cc: linux-fsdevel@vger.kernel.org,
Christian Brauner <brauner@kernel.org>,
Christoph Hellwig <hch@lst.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Namjae Jeon <linkinjeon@kernel.org>,
David Sterba <dsterba@suse.com>,
David Howells <dhowells@redhat.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Steve French <sfrench@samba.org>,
Luis Chamberlain <mcgrof@kernel.org>
Subject: Re: [PATCH 08/15] gfs2: fix an oops in gfs2_permission()
Date: Mon, 2 Oct 2023 15:16:10 +0100 [thread overview]
Message-ID: <20231002141610.GX800259@ZenIV> (raw)
In-Reply-To: <20231002125946.GW800259@ZenIV>
On Mon, Oct 02, 2023 at 01:59:46PM +0100, Al Viro wrote:
> On Mon, Oct 02, 2023 at 06:46:03AM -0500, Bob Peterson wrote:
> > > diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
> > > index 0eac04507904..e2432c327599 100644
> > > --- a/fs/gfs2/inode.c
> > > +++ b/fs/gfs2/inode.c
> > > @@ -1868,14 +1868,16 @@ int gfs2_permission(struct mnt_idmap *idmap, struct inode *inode,
> > > {
> > > struct gfs2_inode *ip;
> > > struct gfs2_holder i_gh;
> > > + struct gfs2_glock *gl;
> > > int error;
> > > gfs2_holder_mark_uninitialized(&i_gh);
> > > ip = GFS2_I(inode);
> > > - if (gfs2_glock_is_locked_by_me(ip->i_gl) == NULL) {
> > > + gl = rcu_dereference(ip->i_gl);
> > > + if (!gl || gfs2_glock_is_locked_by_me(gl) == NULL) {
> >
> > This looks wrong. It should be if (gl && ... otherwise the
> > gfs2_glock_nq_init will dereference the null pointer.
>
> We shouldn't observe NULL ->i_gl unless we are in RCU mode,
> which means we'll bail out without reaching gfs2_glock_nq_init()...
Something like
if (unlikely(!gl)) {
/* inode is getting torn down, must be RCU mode */
WARN_ON_ONCE(!(mask & MAY_NOT_BLOCK));
return -ECHILD;
}
might be less confusing way to express that...
next prev parent reply other threads:[~2023-10-02 14:16 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 2:28 [RFC][PATCHES] fixes in methods exposed to rcu pathwalk Al Viro
2023-10-02 2:28 ` Al Viro
2023-10-02 2:29 ` [PATCH 01/15] rcu pathwalk: prevent bogus hard errors from may_lookup() Al Viro
2023-10-02 2:30 ` [PATCH 02/15] exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper Al Viro
2023-10-02 16:10 ` Linus Torvalds
2023-10-02 18:04 ` Al Viro
2023-10-02 2:30 ` [PATCH 03/15] affs: free affs_sb_info with kfree_rcu() Al Viro
2023-10-02 2:31 ` [PATCH 04/15] hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info Al Viro
2023-10-02 6:49 ` Christoph Hellwig
2023-10-02 7:14 ` Al Viro
2023-10-02 7:21 ` Al Viro
2023-10-02 18:09 ` Al Viro
2023-10-04 19:04 ` Linus Torvalds
2023-10-04 19:06 ` Linus Torvalds
2023-10-02 2:31 ` [PATCH 05/15] cifs_get_link(): bail out in unsafe case Al Viro
2023-10-02 2:32 ` [PATCH 06/15] procfs: move dropping pde and pid from ->evict_inode() to ->free_inode() Al Viro
2023-10-02 2:33 ` [PATCH 07/15] procfs: make freeing proc_fs_info rcu-delayed Al Viro
2023-10-02 2:33 ` [PATCH 08/15] gfs2: fix an oops in gfs2_permission() Al Viro
2023-10-02 11:46 ` Bob Peterson
2023-10-02 12:59 ` Al Viro
2023-10-02 14:16 ` Al Viro [this message]
2023-10-03 14:46 ` Andreas Grünbacher
2023-10-02 2:34 ` [PATCH 09/15] nfs: make nfs_set_verifier() safe for use in RCU pathwalk Al Viro
2023-10-02 2:34 ` [PATCH 10/15] nfs: fix UAF on pathwalk running into umount Al Viro
2023-10-02 2:35 ` [PATCH 11/15] fuse: fix UAF in rcu pathwalks Al Viro
2023-10-02 2:35 ` [PATCH 12/15] afs: fix __afs_break_callback() / afs_drop_open_mmap() race Al Viro
2023-10-02 2:36 ` [PATCH 13/15] overlayfs: move freeing ovl_entry past rcu delay Al Viro
2023-10-02 2:36 ` [PATCH 14/15] ovl_dentry_revalidate_common(): fetch inode once Al Viro
2023-10-02 2:37 ` [PATCH 15/15] overlayfs: make use of ->layers safe in rcu pathwalk Al Viro
2023-10-02 6:40 ` Amir Goldstein
2023-10-02 7:23 ` Al Viro
2023-10-02 8:53 ` Amir Goldstein
2023-10-03 20:47 ` Al Viro
2023-10-02 5:47 ` [PATCH 14/15] ovl_dentry_revalidate_common(): fetch inode once Amir Goldstein
2023-10-02 5:56 ` Amir Goldstein
2023-10-02 14:47 ` Amir Goldstein
2023-10-02 5:51 ` [PATCH 13/15] overlayfs: move freeing ovl_entry past rcu delay Amir Goldstein
2023-10-02 2:52 ` [RFC][PATCHES] fixes in methods exposed to rcu pathwalk Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231002141610.GX800259@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=dsterba@suse.com \
--cc=hch@lst.de \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=miklos@szeredi.hu \
--cc=rpeterso@redhat.com \
--cc=sfrench@samba.org \
--cc=torvalds@linux-foundation.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.