From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc252.phx1.oracleemaildelivery.com (aib29ajc252.phx1.oracleemaildelivery.com [192.29.103.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7305DC7EE23 for ; Mon, 22 May 2023 16:27:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=3X30DxsuxCtpzpeD4mh99YVgVJpPCLlCdeMFpkKSRaM=; b=xpPB+vg35gBPzd1CXxYeDDvz57qWNL1zqIES9Wyz6Hf7b9W9gep0jpL2MPaR4R0ECtr3X+KTEKYI J1qr4/jTEYi+X3Y4JQfZdXpk128jeYqTVUDL9VBkF8el+Di3ANNsfEYTA/w+aFSwxad4p2UAz/hC qswZeeR+IN6rviAW6pm8HBVYqr0e9xvnbhRgGLL8ha8BcYSXGwQEnf6d4GP5foiENeGGaa819Igw dy2NMpEEzuYkx8JbCfEJykItyPYfUnlqi5K/gQm7Sbsxus+enHUuKzrd6s4KQrkGXNoRzZewnF51 oX8QLkSOMkR0mceaSWXZX1KWld/4j/Yb6IMgUw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=3X30DxsuxCtpzpeD4mh99YVgVJpPCLlCdeMFpkKSRaM=; b=gTXVOMl8EfBhOpw/5ouIMVuBHS/r5w+fHyHfaIizW4aWYNucXl+rscNksKZGFdxc3hj8oVCMZ4i+ qt0lvpuRU8zF7d1AykkIEx5eXAxhbMwXsxB2oDkRdNsbeh+LB8jovu80tml06H4sceJveW9vLpLF ZIPbpS7FEtR5iKZMYnY5P1wehfkJ9o/wTEIMnBBcSrvMs5gEvhZGFtm+L68OYjDRdOjunc31on9J RuvsYdzQU/HRASWopzafbTr3oGdy3ZbqNIWdIpBwrPtXqLwD4Jb7PW5/kvM4cMBSzrxezavwFiVs Cm857azT26Oxw291aPlMViuIY8JPP0pPGKRrAw== Received: by omta-ad3-fd1-301-us-phoenix-1.omtaad3.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230420 64bit (built Apr 20 2023)) with ESMTPS id <0RV200G2LJ25AY00@omta-ad3-fd1-301-us-phoenix-1.omtaad3.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Mon, 22 May 2023 16:27:41 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1684761763; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GCuK3LPZF5iDHF6eAIMdoiAoNyzIubdp5oaBuFWw3Hg=; b=y0buT+Ce4L02Be6wKZkwOpa/RfvnLye+GPy36fZD27pzS8fsZZ5IGVspUcj6i6MdSiCxxl dj4mgbcgVpODvdt0Gk7FGiYsCVPLo5hUJjn5N27BA1K4h8pLXclDMitoDbELT73dq2/kx5 hH7NyqDRjjJL4FVdvYoCK7ESXyo5WGs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1684761763; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GCuK3LPZF5iDHF6eAIMdoiAoNyzIubdp5oaBuFWw3Hg=; b=RB/kNeMWqcXftJlo79BIV81Malm0prE/Ab5eZ3ZZfKljo9R5gxvRHx6dgWgwgU/1RVF7y9 20It/fzu0BDdaUCg== To: Heming Zhao References: <20230522102506.9205-1-lhenriques@suse.de> <87h6s47dxw.fsf@brahms.olymp> <20230522123623.eozzedrogy4oaj3w@p15> Date: Mon, 22 May 2023 14:22:41 +0100 In-reply-to: <20230522123623.eozzedrogy4oaj3w@p15> (Heming Zhao's message of "Mon, 22 May 2023 20:36:23 +0800") Message-id: <87cz2s7b6m.fsf@brahms.olymp> MIME-version: 1.0 X-Source-IP: 195.135.220.28 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10718 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 priorityscore=162 clxscore=23 mlxscore=0 spamscore=0 mlxlogscore=937 bulkscore=0 adultscore=0 suspectscore=0 malwarescore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305220111 Cc: linux-kernel@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: Re: [Ocfs2-devel] [PATCH] ocfs2: fix use-after-free when unmounting read-only filesystem X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: =?utf-8?Q?Lu=C3=ADs_Henriques?= via Ocfs2-devel Reply-to: =?utf-8?Q?Lu=C3=ADs_Henriques?= Content-type: text/plain; charset="utf-8" Content-transfer-encoding: base64 Errors-to: ocfs2-devel-bounces@oss.oracle.com X-ServerName: smtp-out1.suse.de X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 mx ip4:195.135.220.0/27 ip6:2001:67c:2178:6::/120 ~all X-Spam: Clean X-Proofpoint-GUID: PdgIAt6hJkOKNwwjl3oQgWWnzlaCQ7rR X-Proofpoint-ORIG-GUID: PdgIAt6hJkOKNwwjl3oQgWWnzlaCQ7rR X-Mailman-Approved-At: Mon, 22 May 2023 16:27:39 +0000 Reporting-Meta: AAFLUvcPaXQ31/2+2R/9D4eHLxDT19thiipwElIiUC/5Dd6U9z+7WIz7tVOkMK0Y 4/Ch8sZWjjJHCC068EXGq+zTkAJ97og9GSf1r2RX0AIm7uBEcH4cam78xmLOvRFn NSVNrifQOihjCV2qIoMww8CCCJbjBHc6TpbOYTCf1kzHZT0ukmwKnN6TrrjqAwaj K5GKaOyl0ld5EMoX008iIJIPb6gVflosR1alxW70JCS7VgdiXnqcvStWbss1i3Bp YFTy6kCHVQ+kk01X4KFtqWD2jUJKrE9lF7nU9VARe426WjSVS3kF44Me0ajNL0Gb NaWWAQgBuZIybYAN9O414vkX9orwcX2A+QRmLo0O8jN1cyptEApExkcCc9QOu++k 4wA9xlrNlyoneVzPAVNYeGu48BYEh3raWDWgfEMkS+OKBrfp0JiQzdJ3rlaEWMwA LNCXFttCwBTJvqf8I/OPUVUiUblGaEwJp3kydkoOtvrk6Bb1UBjEwEOhQMHnRmTB ZjtqQuWn3MURcnQGjLb2GGZ3Asubk6GQEJkPsnZFM7NF SGVtaW5nIFpoYW8gPGhlbWluZy56aGFvQHN1c2UuY29tPiB3cml0ZXM6Cgo+IE9uIE1vbiwgTWF5 IDIyLCAyMDIzIGF0IDAxOjIzOjA3UE0gKzAxMDAsIEx1w61zIEhlbnJpcXVlcyB3cm90ZToKPj4g Sm9zZXBoIFFpIDxqb3NlcGgucWlAbGludXguYWxpYmFiYS5jb20+IHdyaXRlczoKPj4gCj4+ID4g T24gNS8yMi8yMyA2OjI1IFBNLCBMdcOtcyBIZW5yaXF1ZXMgd3JvdGU6Cj4+ID4+IEl0J3MgdHJp dmlhbCB0byB0cmlnZ2VyIGEgdXNlLWFmdGVyLWZyZWUgYnVnIGluIHRoZSBvY2ZzMiBxdW90YXMg Y29kZSB1c2luZwo+PiA+PiBmc3Rlc3QgZ2VuZXJpYy80NTIuICBBZnRlciBtb3VudGluZyBhIGZp bGVzeXN0ZW0gYXMgcmVhZC1vbmx5LCBxdW90YXMgYXJlCj4+ID4KPj4gPiBnZW5lcmljLzQ1MiBp cyBmb3IgdGVzdGluZyBleHQ0IG1vdW50ZWQgd2l0aCBkYXggYW5kIHJvLgo+PiA+IEJ1dCBvY2Zz MiBkb2Vzbid0IHN1cHBvcnQgZGF4IHlldC4KPj4gCj4+IFJpZ2h0LCBidXQgSSB0aGluayBpdCdz IHN0aWxsIHVzZWZ1bCB0byBydW4gdGhlICdnZW5lcmljJyB0ZXN0LXN1aXRlIGluIGEKPj4gZmls ZXN5c3RlbS4gIFdlIGNhbiBhbHdheXMgZmluZCBpc3N1ZXMgaW4gdGhlIHRlc3QgaXRzZWxmIG9y LCBpbiB0aGlzCj4+IGNhc2UsIGEgYnVnIGluIHRoZSBmaWxlc3lzdGVtLgo+Cj4gSXQgbG9va3Mg eW91IGRpZCBzb21lIHNwZWNpYWwgc3RlcHMgZm9yIDQ1Mi4gSW4gbXkgZW52LCB3aXRob3V0IGNo YW5naW5nCj4gYW55dGhpbmcsIEkgY291bGQgcGFzcyB0aGlzIGNhc2Ugc3VjY2Vzc2Z1bGx5LiAK Ck5vLCBJIGhhdmVuJ3QgY2hhbmdlZCBhbnl0aGluZyB0byB0aGUgdGVzdC4gIEkganVzdCBtYWtl IHN1cmUgdGhlcmUncyBhCnNjcmF0Y2ggZGV2aWNlIHRvIGJlIHVzZWQuCgpNYXliZSB5b3UgY2Fu IHRyeSB0byBlbmFibGUgS0FTQU4gdG8gY2F0Y2ggdGhlIFVBRi4gIEkndmUgZm91bmQgdGhlIGJ1 Zwp3aXRob3V0IEtBU0FOIChpLmUuIEkgc2F3IGEgTlVMTCBwb2ludGVyIHBhbmljKSwgYnV0IGVu YWJsaW5nIGl0IGFsc28KZGV0ZWN0cyB0aGUgaXNzdWUgLS0gc2VlIGJlbG93LgoKQ2hlZXJzLAot LSAKTHXDrXMKClsgICA5MS45MjgxMDldID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpbICAgOTEuOTI5NTE5XSBCVUc6IEtB U0FOOiBzbGFiLXVzZS1hZnRlci1mcmVlIGluIHRpbWVyX2RlbGV0ZSsweDU0LzB4YzAKWyAgIDkx LjkzMDg2OV0gUmVhZCBvZiBzaXplIDggYXQgYWRkciBmZmZmODg4MDM4OWE4MjA4IGJ5IHRhc2sg dW1vdW50LzY2OQpbICAgOTEuOTMyNTMzXSBDUFU6IDEgUElEOiA2NjkgQ29tbTogdW1vdW50IE5v dCB0YWludGVkIDYuNC4wLXJjMyAjMjM2ClsgICA5MS45MzM4MDddIEhhcmR3YXJlIG5hbWU6IFFF TVUgU3RhbmRhcmQgUEMgKGk0NDBGWCArIFBJSVgsIDE5OTYpLCBCSU9TIHJlbC0xLjE2LjAtMC1n ZDIzOTU1MmMtcmVidWlsdC5vcGVuc3VzZS5vcmcgMDQvMDEvMjAxNApbICAgOTEuOTM2MTU4XSBD YWxsIFRyYWNlOgpbICAgOTEuOTM2Njc4XSAgPFRBU0s+ClsgICA5MS45MzcxMjNdICBkdW1wX3N0 YWNrX2x2bCsweDMyLzB4NTAKWyAgIDkxLjkzNzkwOV0gIHByaW50X3JlcG9ydCsweGM1LzB4NWYw ClsgICA5MS45Mzg2ODVdICA/IF9yYXdfc3Bpbl9sb2NrX2lycXNhdmUrMHg3Mi8weGMwClsgICA5 MS45Mzk2NDJdICA/IF9fdmlydF9hZGRyX3ZhbGlkKzB4YWMvMHgxMzAKWyAgIDkxLjk0MDUzNF0g ID8gX19wZnhfX3Jhd19zcGluX2xvY2tfaXJxc2F2ZSsweDEwLzB4MTAKWyAgIDkxLjk0MTU3NF0g ID8gdGltZXJfZGVsZXRlKzB4NTQvMHhjMApbICAgOTEuOTQyMzU3XSAga2FzYW5fcmVwb3J0KzB4 OWUvMHhkMApbICAgOTEuOTQzMTEwXSAgPyB0aW1lcl9kZWxldGUrMHg1NC8weGMwClsgICA5MS45 NDM5MDJdICB0aW1lcl9kZWxldGUrMHg1NC8weGMwClsgICA5MS45NDQ2NDNdICA/IF9fcGZ4X3Rp bWVyX2RlbGV0ZSsweDEwLzB4MTAKWyAgIDkxLjk0NTQ5Ml0gID8gZGV0YWNoX2lmX3BlbmRpbmcr MHgxMTIvMHgxNDAKWyAgIDkxLjk0NjQwNV0gIHRyeV90b19ncmFiX3BlbmRpbmcrMHgzMS8weDIz MApbICAgOTEuOTQ3MjUyXSAgX19jYW5jZWxfd29ya190aW1lcisweDZjLzB4MjcwClsgICA5MS45 NDgxMDJdICA/IF9fcGZ4X19fY2FuY2VsX3dvcmtfdGltZXIrMHgxMC8weDEwClsgICA5MS45NDkw NzNdICA/IHRyeV90b19ncmFiX3BlbmRpbmcrMHgzMS8weDIzMApbICAgOTEuOTQ5OTU2XSAgPyBf X2NhbmNlbF93b3JrKzB4ZTMvMHgxMzAKWyAgIDkxLjk1MDc0Nl0gID8gbXV0ZXhfdW5sb2NrKzB4 NmIvMHhiMApbICAgOTEuOTUxNDg1XSAgb2NmczJfZGlzYWJsZV9xdW90YXMuaXNyYS4wKzB4M2Uv MHhmMCBbb2NmczJdClsgICA5MS45NTI2MzVdICBvY2ZzMl9kaXNtb3VudF92b2x1bWUrMHhkZC8w eDQ1MCBbb2NmczJdClsgICA5MS45NTM2NzZdICA/IF9fcGZ4X19fZmlsZW1hcF9mZGF0YXdyaXRl X3JhbmdlKzB4MTAvMHgxMApbICAgOTEuOTU0NzU3XSAgPyBfX3BmeF9vY2ZzMl9kaXNtb3VudF92 b2x1bWUrMHgxMC8weDEwIFtvY2ZzMl0KWyAgIDkxLjk1NTg5OF0gID8gZmlsZW1hcF9jaGVja19l cnJvcnMrMHg0Ni8weGIwClsgICA5MS45NTY3MzddICBnZW5lcmljX3NodXRkb3duX3N1cGVyKzB4 YWEvMHgyODAKWyAgIDkxLjk1NzYwNF0gIGtpbGxfYmxvY2tfc3VwZXIrMHg0Ni8weDcwClsgICA5 MS45NTg0MTVdICBkZWFjdGl2YXRlX2xvY2tlZF9zdXBlcisweDRkLzB4YjAKWyAgIDkxLjk1OTg2 MV0gIGNsZWFudXBfbW50KzB4MTM1LzB4MWYwClsgICA5MS45NjA4NjJdICB0YXNrX3dvcmtfcnVu KzB4ZTMvMHgxNDAKWyAgIDkxLjk2MTg4N10gID8gX19wZnhfdGFza193b3JrX3J1bisweDEwLzB4 MTAKWyAgIDkxLjk2Mjg4N10gID8gX194NjRfc3lzX3Vtb3VudCsweGJiLzB4ZDAKWyAgIDkxLjk2 MzM0M10gIGV4aXRfdG9fdXNlcl9tb2RlX3ByZXBhcmUrMHhkYS8weGUwClsgICA5MS45NjM4Njdd ICBzeXNjYWxsX2V4aXRfdG9fdXNlcl9tb2RlKzB4MWQvMHg1MApbICAgOTEuOTY0MzkyXSAgZG9f c3lzY2FsbF82NCsweDRmLzB4OTAKWyAgIDkxLjk2NDgwMF0gIGVudHJ5X1NZU0NBTExfNjRfYWZ0 ZXJfaHdmcmFtZSsweDcyLzB4ZGMKWyAgIDkxLjk2NTM4N10gUklQOiAwMDMzOjB4N2ZhNzY2NGJh YWNiClsgICA5MS45NjU3OTZdIENvZGU6IGZhIDkwIDkwIDMxIGY2IGU5IDEzIDAwIDAwIDAwIDBm IDFmIDQ0IDAwIDAwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIDkwIGYz IDBmIDFlIGZhIDkwIDkwIGI4IGE2IDAwIDAwIDAwIDBmIDA1IDw0OD4gM2QgMDAgZjAgZmYgZmYg NzcgMDU4ClsgICA5MS45Njc4NTFdIFJTUDogMDAyYjowMDAwN2ZmYzhkMzBkYTI4IEVGTEFHUzog MDAwMDAyNDYgT1JJR19SQVg6IDAwMDAwMDAwMDAwMDAwYTYKWyAgIDkxLjk2ODY3MV0gUkFYOiAw MDAwMDAwMDAwMDAwMDAwIFJCWDogMDAwMDU2MjhlZjE3YTljMCBSQ1g6IDAwMDA3ZmE3NjY0YmFh Y2IKWyAgIDkxLjk2OTQ2NF0gUkRYOiAwMDAwMDAwMDAwMDAwMDAwIFJTSTogMDAwMDAwMDAwMDAw MDAwMCBSREk6IDAwMDA1NjI4ZWYxN2NkZDAKWyAgIDkxLjk3MDI1M10gUkJQOiAwMDAwNTYyOGVm MTdhYWQ4IFIwODogMDAwMDAwMDAwMDAwMDA3MyBSMDk6IDAwMDAwMDAwMDAwMDAwMDEKWyAgIDkx Ljk3MTAzMV0gUjEwOiAwMDAwMDAwMDAwMDAwMDAwIFIxMTogMDAwMDAwMDAwMDAwMDI0NiBSMTI6 IDAwMDAwMDAwMDAwMDAwMDAKWyAgIDkxLjk3MTc5MF0gUjEzOiAwMDAwNTYyOGVmMTdjZGQwIFIx NDogMDAwMDU2MjhlZjE3YWJmMCBSMTU6IDAwMDA3ZmZjOGQzMTAwODgKWyAgIDkxLjk3MjU0Nl0g IDwvVEFTSz4KClsgICA5MS45NzI5NjFdIEFsbG9jYXRlZCBieSB0YXNrIDYzMjoKWyAgIDkxLjk3 MzM0Ml0gIGthc2FuX3NhdmVfc3RhY2srMHgxYy8weDQwClsgICA5MS45NzM3NjBdICBrYXNhbl9z ZXRfdHJhY2srMHgyMS8weDMwClsgICA5MS45NzQxNjBdICBfX2thc2FuX2ttYWxsb2MrMHg4Yi8w eDkwClsgICA5MS45NzQ1ODRdICBvY2ZzMl9sb2NhbF9yZWFkX2luZm8rMHhlMy8weDlhMCBbb2Nm czJdClsgICA5MS45NzUxNjhdICBkcXVvdF9sb2FkX3F1b3RhX3NiKzB4MzRiLzB4NjgwClsgICA5 MS45NzU2MjRdICBkcXVvdF9sb2FkX3F1b3RhX2lub2RlKzB4ZmUvMHgxYTAKWyAgIDkxLjk3NjA5 Ml0gIG9jZnMyX2VuYWJsZV9xdW90YXMrMHgxOTAvMHgyZjAgW29jZnMyXQpbICAgOTEuOTc2Njc5 XSAgb2NmczJfZmlsbF9zdXBlcisweDE0ZWYvMHgyMTIwIFtvY2ZzMl0KWyAgIDkxLjk3NzI0OV0g IG1vdW50X2JkZXYrMHgxYmUvMHgyMDAKWyAgIDkxLjk3NzYyMl0gIGxlZ2FjeV9nZXRfdHJlZSsw eDZjLzB4YjAKWyAgIDkxLjk3ODAxNF0gIHZmc19nZXRfdHJlZSsweDNlLzB4MTEwClsgICA5MS45 Nzg0MTVdICBwYXRoX21vdW50KzB4YTkwLzB4ZTEwClsgICA5MS45Nzg3NzRdICBfX3g2NF9zeXNf bW91bnQrMHgxNmYvMHgxYTAKWyAgIDkxLjk3OTE3MV0gIGRvX3N5c2NhbGxfNjQrMHg0My8weDkw ClsgICA5MS45Nzk1MzddICBlbnRyeV9TWVNDQUxMXzY0X2FmdGVyX2h3ZnJhbWUrMHg3Mi8weGRj CgpbICAgOTEuOTgwMjEzXSBGcmVlZCBieSB0YXNrIDY1MDoKWyAgIDkxLjk4MDUzNV0gIGthc2Fu X3NhdmVfc3RhY2srMHgxYy8weDQwClsgICA5MS45ODA5MjVdICBrYXNhbl9zZXRfdHJhY2srMHgy MS8weDMwClsgICA5MS45ODEzMTddICBrYXNhbl9zYXZlX2ZyZWVfaW5mbysweDJhLzB4NTAKWyAg IDkxLjk4MTc0NF0gIF9fa2FzYW5fc2xhYl9mcmVlKzB4ZjkvMHgxNTAKWyAgIDkxLjk4MjE1MV0g IF9fa21lbV9jYWNoZV9mcmVlKzB4ODkvMHgxODAKWyAgIDkxLjk4MjU2OF0gIG9jZnMyX2xvY2Fs X2ZyZWVfaW5mbysweDJiYS8weDNmMCBbb2NmczJdClsgICA5MS45ODMxNDBdICBkcXVvdF9kaXNh YmxlKzB4MzVmLzB4YTcwClsgICA5MS45ODM1MDldICBvY2ZzMl9zdXNwX3F1b3Rhcy5pc3JhLjAr MHgxNTkvMHgxYTAgW29jZnMyXQpbICAgOTEuOTg0MDk2XSAgb2NmczJfcmVtb3VudCsweDE1MC8w eDU4MCBbb2NmczJdClsgICA5MS45ODQ1ODRdICByZWNvbmZpZ3VyZV9zdXBlcisweDFhNS8weDNh MApbICAgOTEuOTg0OTkzXSAgcGF0aF9tb3VudCsweGM4YS8weGUxMApbICAgOTEuOTg1MzU3XSAg X194NjRfc3lzX21vdW50KzB4MTZmLzB4MWEwClsgICA5MS45ODU3NTBdICBkb19zeXNjYWxsXzY0 KzB4NDMvMHg5MApbICAgOTEuOTg2MTI1XSAgZW50cnlfU1lTQ0FMTF82NF9hZnRlcl9od2ZyYW1l KzB4NzIvMHhkYwoKWyAgIDkxLjk4Njc5OV0gVGhlIGJ1Z2d5IGFkZHJlc3MgYmVsb25ncyB0byB0 aGUgb2JqZWN0IGF0IGZmZmY4ODgwMzg5YTgwMDAKICAgICAgICAgICAgICAgIHdoaWNoIGJlbG9u Z3MgdG8gdGhlIGNhY2hlIGttYWxsb2MtMWsgb2Ygc2l6ZSAxMDI0ClsgICA5MS45ODc5NjVdIFRo ZSBidWdneSBhZGRyZXNzIGlzIGxvY2F0ZWQgNTIwIGJ5dGVzIGluc2lkZSBvZgogICAgICAgICAg ICAgICAgZnJlZWQgMTAyNC1ieXRlIHJlZ2lvbiBbZmZmZjg4ODAzODlhODAwMCwgZmZmZjg4ODAz ODlhODQwMCkKClsgICA5MS45ODkyODddIFRoZSBidWdneSBhZGRyZXNzIGJlbG9uZ3MgdG8gdGhl IHBoeXNpY2FsIHBhZ2U6ClsgICA5MS45ODk4MTJdIHBhZ2U6MDAwMDAwMDBiYzkzZjRlNCByZWZj b3VudDoxIG1hcGNvdW50OjAgbWFwcGluZzowMDAwMDAwMDAwMDAwMDAwIGluZGV4OjB4MCBwZm46 MHgzODlhOApbICAgOTEuOTkwNzE5XSBoZWFkOjAwMDAwMDAwYmM5M2Y0ZTQgb3JkZXI6MyBlbnRp cmVfbWFwY291bnQ6MCBucl9wYWdlc19tYXBwZWQ6MCBwaW5jb3VudDowClsgICA5MS45OTE0ODNd IGZsYWdzOiAweDQwMDAwMDAwMDAwMTAyMDAoc2xhYnxoZWFkfHpvbmU9MSkKWyAgIDkxLjk5MTk4 MV0gcGFnZV90eXBlOiAweGZmZmZmZmZmKCkKWyAgIDkxLjk5MjMyMV0gcmF3OiA0MDAwMDAwMDAw MDEwMjAwIGZmZmY4ODgwMDMwNDFkYzAgZGVhZDAwMDAwMDAwMDEwMCBkZWFkMDAwMDAwMDAwMTIy ClsgICA5MS45OTMwNjRdIHJhdzogMDAwMDAwMDAwMDAwMDAwMCAwMDAwMDAwMDAwMTAwMDEwIDAw MDAwMDAxZmZmZmZmZmYgMDAwMDAwMDAwMDAwMDAwMApbICAgOTEuOTkzODEyXSBwYWdlIGR1bXBl ZCBiZWNhdXNlOiBrYXNhbjogYmFkIGFjY2VzcyBkZXRlY3RlZAoKWyAgIDkxLjk5NDUwNV0gTWVt b3J5IHN0YXRlIGFyb3VuZCB0aGUgYnVnZ3kgYWRkcmVzczoKWyAgIDkxLjk5NDk3M10gIGZmZmY4 ODgwMzg5YTgxMDA6IGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZi IGZiClsgICA5MS45OTU2NTZdICBmZmZmODg4MDM4OWE4MTgwOiBmYiBmYiBmYiBmYiBmYiBmYiBm YiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYgpbICAgOTEuOTk2MzY2XSA+ZmZmZjg4ODAzODlh ODIwMDogZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIKWyAg IDkxLjk5NzA1MF0gICAgICAgICAgICAgICAgICAgICAgIF4KWyAgIDkxLjk5NzM5OV0gIGZmZmY4 ODgwMzg5YTgyODA6IGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZi IGZiClsgICA5MS45OTgwODddICBmZmZmODg4MDM4OWE4MzAwOiBmYiBmYiBmYiBmYiBmYiBmYiBm YiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYgpbICAgOTEuOTk4Nzc0XSA9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCk9jZnMyLWRldmVs IG1haWxpbmcgbGlzdApPY2ZzMi1kZXZlbEBvc3Mub3JhY2xlLmNvbQpodHRwczovL29zcy5vcmFj bGUuY29tL21haWxtYW4vbGlzdGluZm8vb2NmczItZGV2ZWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49859C7EE26 for ; Mon, 22 May 2023 13:22:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233817AbjEVNWr (ORCPT ); Mon, 22 May 2023 09:22:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232704AbjEVNWp (ORCPT ); Mon, 22 May 2023 09:22:45 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7AF9FB3 for ; Mon, 22 May 2023 06:22:44 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 33CD221C93; Mon, 22 May 2023 13:22:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1684761763; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GCuK3LPZF5iDHF6eAIMdoiAoNyzIubdp5oaBuFWw3Hg=; b=y0buT+Ce4L02Be6wKZkwOpa/RfvnLye+GPy36fZD27pzS8fsZZ5IGVspUcj6i6MdSiCxxl dj4mgbcgVpODvdt0Gk7FGiYsCVPLo5hUJjn5N27BA1K4h8pLXclDMitoDbELT73dq2/kx5 hH7NyqDRjjJL4FVdvYoCK7ESXyo5WGs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1684761763; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GCuK3LPZF5iDHF6eAIMdoiAoNyzIubdp5oaBuFWw3Hg=; b=RB/kNeMWqcXftJlo79BIV81Malm0prE/Ab5eZ3ZZfKljo9R5gxvRHx6dgWgwgU/1RVF7y9 20It/fzu0BDdaUCg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id C37D513336; Mon, 22 May 2023 13:22:42 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id KUlwLKJsa2QkeAAAMHmgww (envelope-from ); Mon, 22 May 2023 13:22:42 +0000 Received: from localhost (brahms.olymp [local]) by brahms.olymp (OpenSMTPD) with ESMTPA id 074c87ad; Mon, 22 May 2023 13:22:41 +0000 (UTC) From: =?utf-8?Q?Lu=C3=ADs_Henriques?= To: Heming Zhao Cc: Joseph Qi , ocfs2-devel@oss.oracle.com, linux-kernel@vger.kernel.org, Mark Fasheh , Joel Becker Subject: Re: [PATCH] ocfs2: fix use-after-free when unmounting read-only filesystem References: <20230522102506.9205-1-lhenriques@suse.de> <87h6s47dxw.fsf@brahms.olymp> <20230522123623.eozzedrogy4oaj3w@p15> Date: Mon, 22 May 2023 14:22:41 +0100 In-Reply-To: <20230522123623.eozzedrogy4oaj3w@p15> (Heming Zhao's message of "Mon, 22 May 2023 20:36:23 +0800") Message-ID: <87cz2s7b6m.fsf@brahms.olymp> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Heming Zhao writes: > On Mon, May 22, 2023 at 01:23:07PM +0100, Lu=C3=ADs Henriques wrote: >> Joseph Qi writes: >>=20 >> > On 5/22/23 6:25 PM, Lu=C3=ADs Henriques wrote: >> >> It's trivial to trigger a use-after-free bug in the ocfs2 quotas code= using >> >> fstest generic/452. After mounting a filesystem as read-only, quotas= are >> > >> > generic/452 is for testing ext4 mounted with dax and ro. >> > But ocfs2 doesn't support dax yet. >>=20 >> Right, but I think it's still useful to run the 'generic' test-suite in a >> filesystem. We can always find issues in the test itself or, in this >> case, a bug in the filesystem. > > It looks you did some special steps for 452. In my env, without changing > anything, I could pass this case successfully.=20 No, I haven't changed anything to the test. I just make sure there's a scratch device to be used. Maybe you can try to enable KASAN to catch the UAF. I've found the bug without KASAN (i.e. I saw a NULL pointer panic), but enabling it also detects the issue -- see below. Cheers, --=20 Lu=C3=ADs [ 91.928109] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 91.929519] BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0 [ 91.930869] Read of size 8 at addr ffff8880389a8208 by task umount/669 [ 91.932533] CPU: 1 PID: 669 Comm: umount Not tainted 6.4.0-rc3 #236 [ 91.933807] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS = rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014 [ 91.936158] Call Trace: [ 91.936678] [ 91.937123] dump_stack_lvl+0x32/0x50 [ 91.937909] print_report+0xc5/0x5f0 [ 91.938685] ? _raw_spin_lock_irqsave+0x72/0xc0 [ 91.939642] ? __virt_addr_valid+0xac/0x130 [ 91.940534] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 91.941574] ? timer_delete+0x54/0xc0 [ 91.942357] kasan_report+0x9e/0xd0 [ 91.943110] ? timer_delete+0x54/0xc0 [ 91.943902] timer_delete+0x54/0xc0 [ 91.944643] ? __pfx_timer_delete+0x10/0x10 [ 91.945492] ? detach_if_pending+0x112/0x140 [ 91.946405] try_to_grab_pending+0x31/0x230 [ 91.947252] __cancel_work_timer+0x6c/0x270 [ 91.948102] ? __pfx___cancel_work_timer+0x10/0x10 [ 91.949073] ? try_to_grab_pending+0x31/0x230 [ 91.949956] ? __cancel_work+0xe3/0x130 [ 91.950746] ? mutex_unlock+0x6b/0xb0 [ 91.951485] ocfs2_disable_quotas.isra.0+0x3e/0xf0 [ocfs2] [ 91.952635] ocfs2_dismount_volume+0xdd/0x450 [ocfs2] [ 91.953676] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 91.954757] ? __pfx_ocfs2_dismount_volume+0x10/0x10 [ocfs2] [ 91.955898] ? filemap_check_errors+0x46/0xb0 [ 91.956737] generic_shutdown_super+0xaa/0x280 [ 91.957604] kill_block_super+0x46/0x70 [ 91.958415] deactivate_locked_super+0x4d/0xb0 [ 91.959861] cleanup_mnt+0x135/0x1f0 [ 91.960862] task_work_run+0xe3/0x140 [ 91.961887] ? __pfx_task_work_run+0x10/0x10 [ 91.962887] ? __x64_sys_umount+0xbb/0xd0 [ 91.963343] exit_to_user_mode_prepare+0xda/0xe0 [ 91.963867] syscall_exit_to_user_mode+0x1d/0x50 [ 91.964392] do_syscall_64+0x4f/0x90 [ 91.964800] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 91.965387] RIP: 0033:0x7fa7664baacb [ 91.965796] Code: fa 90 90 31 f6 e9 13 00 00 00 0f 1f 44 00 00 90 90 90 = 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 b8 a6 00 00 00 0f 05 <48= > 3d 00 f0 ff ff 77 058 [ 91.967851] RSP: 002b:00007ffc8d30da28 EFLAGS: 00000246 ORIG_RAX: 000000= 00000000a6 [ 91.968671] RAX: 0000000000000000 RBX: 00005628ef17a9c0 RCX: 00007fa7664= baacb [ 91.969464] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005628ef1= 7cdd0 [ 91.970253] RBP: 00005628ef17aad8 R08: 0000000000000073 R09: 00000000000= 00001 [ 91.971031] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000= 00000 [ 91.971790] R13: 00005628ef17cdd0 R14: 00005628ef17abf0 R15: 00007ffc8d3= 10088 [ 91.972546] [ 91.972961] Allocated by task 632: [ 91.973342] kasan_save_stack+0x1c/0x40 [ 91.973760] kasan_set_track+0x21/0x30 [ 91.974160] __kasan_kmalloc+0x8b/0x90 [ 91.974584] ocfs2_local_read_info+0xe3/0x9a0 [ocfs2] [ 91.975168] dquot_load_quota_sb+0x34b/0x680 [ 91.975624] dquot_load_quota_inode+0xfe/0x1a0 [ 91.976092] ocfs2_enable_quotas+0x190/0x2f0 [ocfs2] [ 91.976679] ocfs2_fill_super+0x14ef/0x2120 [ocfs2] [ 91.977249] mount_bdev+0x1be/0x200 [ 91.977622] legacy_get_tree+0x6c/0xb0 [ 91.978014] vfs_get_tree+0x3e/0x110 [ 91.978415] path_mount+0xa90/0xe10 [ 91.978774] __x64_sys_mount+0x16f/0x1a0 [ 91.979171] do_syscall_64+0x43/0x90 [ 91.979537] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 91.980213] Freed by task 650: [ 91.980535] kasan_save_stack+0x1c/0x40 [ 91.980925] kasan_set_track+0x21/0x30 [ 91.981317] kasan_save_free_info+0x2a/0x50 [ 91.981744] __kasan_slab_free+0xf9/0x150 [ 91.982151] __kmem_cache_free+0x89/0x180 [ 91.982568] ocfs2_local_free_info+0x2ba/0x3f0 [ocfs2] [ 91.983140] dquot_disable+0x35f/0xa70 [ 91.983509] ocfs2_susp_quotas.isra.0+0x159/0x1a0 [ocfs2] [ 91.984096] ocfs2_remount+0x150/0x580 [ocfs2] [ 91.984584] reconfigure_super+0x1a5/0x3a0 [ 91.984993] path_mount+0xc8a/0xe10 [ 91.985357] __x64_sys_mount+0x16f/0x1a0 [ 91.985750] do_syscall_64+0x43/0x90 [ 91.986125] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 91.986799] The buggy address belongs to the object at ffff8880389a8000 which belongs to the cache kmalloc-1k of size 1024 [ 91.987965] The buggy address is located 520 bytes inside of freed 1024-byte region [ffff8880389a8000, ffff8880389a8400) [ 91.989287] The buggy address belongs to the physical page: [ 91.989812] page:00000000bc93f4e4 refcount:1 mapcount:0 mapping:00000000= 00000000 index:0x0 pfn:0x389a8 [ 91.990719] head:00000000bc93f4e4 order:3 entire_mapcount:0 nr_pages_map= ped:0 pincount:0 [ 91.991483] flags: 0x4000000000010200(slab|head|zone=3D1) [ 91.991981] page_type: 0xffffffff() [ 91.992321] raw: 4000000000010200 ffff888003041dc0 dead000000000100 dead= 000000000122 [ 91.993064] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000= 000000000000 [ 91.993812] page dumped because: kasan: bad access detected [ 91.994505] Memory state around the buggy address: [ 91.994973] ffff8880389a8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb= fb fb [ 91.995656] ffff8880389a8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb= fb fb [ 91.996366] >ffff8880389a8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb= fb fb [ 91.997050] ^ [ 91.997399] ffff8880389a8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb= fb fb [ 91.998087] ffff8880389a8300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb= fb fb [ 91.998774] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D