From: Christoph Hellwig <hch@lst.de>
To: Satya Tangirala <satyat@google.com>
Cc: Bob Peterson <rpeterso@redhat.com>,
Christoph Hellwig <hch@lst.de>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Jens Axboe <axboe@kernel.dk>
Subject: Re: [PATCH] fs: Fix freeze_bdev()/thaw_bdev() accounting of bd_fsfreeze_sb
Date: Fri, 8 Jan 2021 10:36:21 +0100 [thread overview]
Message-ID: <20210108093621.GA3788@lst.de> (raw)
In-Reply-To: <X/eUd4iLxnl2nYRF@google.com>
On Thu, Jan 07, 2021 at 11:08:39PM +0000, Satya Tangirala wrote:
> > error = sb->s_op->freeze_super(sb);
> > else
> > @@ -600,6 +602,7 @@ int thaw_bdev(struct block_device *bdev)
> > if (!sb)
> > goto out;
> >
> > + bdev->bd_fsfreeze_sb = NULL;
> This causes bdev->bd_fsfreeze_sb to be set to NULL even if the call to
> thaw_super right after this line fail. So if a caller tries to call
> thaw_bdev() again after receiving such an error, that next call won't even
> try to call thaw_super(). Is that what we want here? (I don't know much
> about this code, but from a cursory glance I think this difference is
> visible to emergency_thaw_bdev() in fs/buffer.c)
Yes, that definitively is an issue.
>
> I think the second difference (decrementing bd_fsfreeze_count when
> get_active_super() returns NULL) doesn't change anything w.r.t the
> use-after-free. It does however, change the behaviour of the function
> slightly, and it might be caller visible (because from a cursory glance, it
> looks like we're reading the bd_fsfreeze_count from some other places like
> fs/super.c). Even before 040f04bd2e82, the code wouldn't decrement
> bd_fsfreeze_count when get_active_super() returned NULL - so is this change
> in behaviour intentional? And if so, maybe it should go in a separate
> patch?
Yes, that would be a change in behavior. And I'm not sure why we would
want to change it. But if so we should do it in a separate patch that
documents the why, on top of the patch that already is in the block tree.
next prev parent reply other threads:[~2021-01-08 9:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-24 4:49 [PATCH] fs: Fix freeze_bdev()/thaw_bdev() accounting of bd_fsfreeze_sb Satya Tangirala
2021-01-04 21:58 ` Darrick J. Wong
2021-01-05 7:50 ` Christoph Hellwig
2021-01-07 16:20 ` Christoph Hellwig
2021-01-07 16:26 ` Bob Peterson
2021-01-07 16:26 ` Jens Axboe
2021-01-07 16:27 ` Bob Peterson
2021-01-07 18:20 ` [fs PATCH] fs: fix freeze count problem in freeze_bdev Bob Peterson
2021-01-07 23:08 ` [PATCH] fs: Fix freeze_bdev()/thaw_bdev() accounting of bd_fsfreeze_sb Satya Tangirala
2021-01-08 9:36 ` Christoph Hellwig [this message]
2021-01-08 13:17 ` Bob Peterson
2021-01-08 14:58 ` Bob Peterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210108093621.GA3788@lst.de \
--to=hch@lst.de \
--cc=axboe@kernel.dk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rpeterso@redhat.com \
--cc=satyat@google.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.