From: Lukas Czerner <lczerner@redhat.com>
To: Theodore Ts'o <tytso@mit.edu>
Cc: linux-ext4@vger.kernel.org, kernel test robot <lkp@intel.com>
Subject: Re: [tytso-ext4:dev] BUILD REGRESSION cc5fef71a1c741473eebb1aa6f7056ceb49bc33d
Date: Mon, 3 Jan 2022 12:49:31 +0100 [thread overview]
Message-ID: <20220103114931.uup7lw3d4pj7yrrx@work> (raw)
In-Reply-To: <YckTD4NcqD8rdZDV@mit.edu>
On Sun, Dec 26, 2021 at 08:12:47PM -0500, Theodore Ts'o wrote:
> On Sat, Dec 25, 2021 at 11:27:04PM +0800, kernel test robot wrote:
> > tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
> > branch HEAD: cc5fef71a1c741473eebb1aa6f7056ceb49bc33d ext4: replace snprintf in show functions with sysfs_emit
> >
> > Error/Warning reports:
> >
> > https://lore.kernel.org/linux-ext4/202112101722.3Kpomg0h-lkp@intel.com
> >
> > possible Error/Warning in current branch (please contact us if interested):
> >
> > fs/ext4/super.c:2640:22-40: ERROR: reference preceded by free on line 2639
>
> The Intel test robot mis-identified the commit which introduced this
> problem (it looks like the first commit with the problem is commit
> e6e268cb6822 ("ext4: move quota configuration out of
> handle_mount_opt()"), but it caused me to take a closer look, and this
> looks... wrong.
>
> From ext4_apply_quota_options() in fs/extr4/super.c:
>
> qname = ctx->s_qf_names[i]; /* May be NULL */
> ctx->s_qf_names[i] = NULL;
> kfree(sbi->s_qf_names[i]);
> rcu_assign_pointer(sbi->s_qf_names[i], qname);
> set_opt(sb, QUOTA);
>
> sbi->s_qf_names[i] is an RCU protected pointer, which is used via
> rcu_derference(). So how can it be safe to kfree() the pointer;
> should that be kfree_rcu() at the very least?
>
> Lukas, can you take a look and let me know? Thanks!
>
> - Ted
Hi Ted,
yes indeed this is a bug. Something like this untested patch should fix
it I believe.
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index b72d989b77fb..6f52609a334c 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2633,8 +2633,10 @@ static void ext4_apply_quota_options(struct fs_context *fc,
qname = ctx->s_qf_names[i]; /* May be NULL */
ctx->s_qf_names[i] = NULL;
- kfree(sbi->s_qf_names[i]);
- rcu_assign_pointer(sbi->s_qf_names[i], qname);
+ qname = rcu_replace_pointer(sbi->s_qf_names[i], qname,
+ lockdep_is_held(&sb->s_umount));
+ if (qname)
+ kfree_rcu(qname);
set_opt(sb, QUOTA);
}
}
There is also a question of the other warning where we pass the pointer
to strcmp which we should silence as well. I'll send a proper patch.
Thanks!
-Lukas
prev parent reply other threads:[~2022-01-03 11:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-25 15:27 [tytso-ext4:dev] BUILD REGRESSION cc5fef71a1c741473eebb1aa6f7056ceb49bc33d kernel test robot
2021-12-27 1:12 ` Theodore Ts'o
2022-01-03 11:49 ` Lukas Czerner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220103114931.uup7lw3d4pj7yrrx@work \
--to=lczerner@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=lkp@intel.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.