From: Al Viro <viro@zeniv.linux.org.uk>
To: Christian Brauner <brauner@kernel.org>
Cc: "open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
linux-fsdevel@vger.kernel.org, lkft-triage@lists.linaro.org,
Linux Regressions <regressions@lists.linux.dev>,
Jan Kara <jack@suse.cz>, Arnd Bergmann <arnd@arndb.de>,
Dan Carpenter <dan.carpenter@linaro.org>,
Anders Roxell <anders.roxell@linaro.org>,
Ben Copeland <benjamin.copeland@linaro.org>,
Naresh Kamboju <naresh.kamboju@linaro.org>
Subject: Re: next-20250924: Internal error: Oops: mnt_ns_release (fs/namespace.c:148) __arm64_sys_listmount (fs/namespace.c:5936)
Date: Fri, 26 Sep 2025 07:48:01 +0100 [thread overview]
Message-ID: <20250926064801.GE39973@ZenIV> (raw)
In-Reply-To: <CA+G9fYueO8kP8mXVNmbHkyrFPKpt-onPfeyNXLuLGGjiO1WFfQ@mail.gmail.com>
On Fri, Sep 26, 2025 at 12:00:08AM +0530, Naresh Kamboju wrote:
[snip]
With 59bfb6681680 "listmount: don't call path_put() under namespace semaphore"
we get this:
static void __free_klistmount_free(const struct klistmount *kls)
{
path_put(&kls->root);
kvfree(kls->kmnt_ids);
mnt_ns_release(kls->ns);
}
...
SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req,
u64 __user *, mnt_ids, size_t, nr_mnt_ids, unsigned int, flags)
{
struct klistmount kls __free(klistmount_free) = {};
const size_t maxcount = 1000000;
struct mnt_id_req kreq;
ssize_t ret;
if (flags & ~LISTMOUNT_REVERSE)
return -EINVAL;
which will oops if it takes that failure exit - if you are initializing
something with any kind of cleanup on it, you'd better make sure
the cleanup will survive being called for the initial value...
Christian, that's your branch and I don't want to play with rebasing
it - had it been mine, the fix would be folded into commit in question,
with the rest of the branch cherry-picked on top of fixed commit,
but everyone got their own preferences in how to do such stuff.
Minimal fix would be to make mnt_ns_release(NULL) a no-op.
BTW, I suspect that one of the sources of confusion had been the fact that
__free(mnt_ns_release) *does* treat NULL as no-op; in statmount(2) you
are using that and get away with NULL as initializer. In listmount(2)),
OTOH, you are dealing with the function call - same identifier, different
behaviour...
next prev parent reply other threads:[~2025-09-26 6:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 18:30 next-20250924: Internal error: Oops: mnt_ns_release (fs/namespace.c:148) __arm64_sys_listmount (fs/namespace.c:5936) Naresh Kamboju
2025-09-26 6:48 ` Al Viro [this message]
2025-09-29 9:42 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250926064801.GE39973@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=anders.roxell@linaro.org \
--cc=arnd@arndb.de \
--cc=benjamin.copeland@linaro.org \
--cc=brauner@kernel.org \
--cc=dan.carpenter@linaro.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=lkft-triage@lists.linaro.org \
--cc=naresh.kamboju@linaro.org \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.