From: Sasha Levin <sashal@kernel.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [git pull] d_revalidate pile
Date: Mon, 27 Jan 2025 12:19:54 -0500 [thread overview]
Message-ID: <Z5fAOpnFoXMgpCWb@lappy> (raw)
In-Reply-To: <20250127044721.GD1977892@ZenIV>
On Mon, Jan 27, 2025 at 04:47:21AM +0000, Al Viro wrote:
>->d_revalidate() series, along with ->d_iname preliminary work.
>One trivial conflict in fs/afs/dir.c - afs_do_lookup_one() has lost
>one argument in mainline and switched another from dentry to qstr
>in this series.
>
>The following changes since commit 40384c840ea1944d7c5a392e8975ed088ecf0b37:
>
> Linux 6.13-rc1 (2024-12-01 14:28:56 -0800)
>
>are available in the Git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git tags/pull-revalidate
>
>for you to fetch changes up to a8ea90bfec66b239dad9a478fc444aa32d3961bc:
>
> 9p: fix ->rename_sem exclusion (2025-01-25 11:51:57 -0500)
>
>----------------------------------------------------------------
>Provide stable parent and name to ->d_revalidate() instances
>
>Most of the filesystem methods where we care about dentry name
>and parent have their stability guaranteed by the callers;
>->d_revalidate() is the major exception.
>
>It's easy enough for callers to supply stable values for
>expected name and expected parent of the dentry being
>validated. That kills quite a bit of boilerplate in
>->d_revalidate() instances, along with a bunch of races
>where they used to access ->d_name without sufficient
>precautions.
>
>Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Hey Al,
With this pulled on top of Linus's tree, LKFT is managing to trigger
kfence warnings:
<3>[ 62.180289] BUG: KFENCE: out-of-bounds read in d_same_name+0x4c/0xd0
<3>[ 62.180289]
<3>[ 62.182647] Out-of-bounds read at 0x00000000eedd4b55 (64B right of kfence-#174):
<4>[ 62.184178] d_same_name+0x4c/0xd0
<4>[ 62.184717] d_lookup+0x40/0x78
<4>[ 62.185378] lookup_dcache+0x34/0xb0
<4>[ 62.185980] lookup_one_qstr_excl+0x2c/0xe0
<4>[ 62.186523] do_renameat2+0x324/0x568
<4>[ 62.186948] __arm64_sys_renameat+0x58/0x78
<4>[ 62.187484] invoke_syscall+0x50/0x120
<4>[ 62.188220] el0_svc_common.constprop.0+0x48/0xf0
<4>[ 62.189031] do_el0_svc_compat+0x24/0x48
<4>[ 62.189635] el0_svc_compat+0x34/0xd0
<4>[ 62.190018] el0t_32_sync_handler+0xb0/0x138
<4>[ 62.190537] el0t_32_sync+0x19c/0x1a0
<3>[ 62.190946]
<4>[ 62.191399] kfence-#174: 0x0000000012d508d5-0x0000000023355f7e, size=64, cache=kmalloc-rcl-64
<4>[ 62.191399]
<4>[ 62.192260] allocated by task 1 on cpu 0 at 62.177313s (0.014839s ago):
<4>[ 62.193504] __d_alloc+0x15c/0x1d0
<4>[ 62.193925] d_alloc+0x24/0x90
<4>[ 62.194204] lookup_one_qstr_excl+0x68/0xe0
<4>[ 62.194741] filename_create+0xc0/0x1b0
<4>[ 62.195129] do_symlinkat+0x68/0x150
<4>[ 62.195657] __arm64_sys_symlinkat+0x50/0x70
<4>[ 62.195954] invoke_syscall+0x50/0x120
<4>[ 62.196461] el0_svc_common.constprop.0+0x48/0xf0
<4>[ 62.197053] do_el0_svc_compat+0x24/0x48
<4>[ 62.197411] el0_svc_compat+0x34/0xd0
<4>[ 62.197849] el0t_32_sync_handler+0xb0/0x138
<4>[ 62.198422] el0t_32_sync+0x19c/0x1a0
<3>[ 62.198857]
<3>[ 62.199577] CPU: 0 UID: 0 PID: 1 Comm: systemd Not tainted 6.13.0 #1
<3>[ 62.200435] Hardware name: linux,dummy-virt (DT)
The full log is at: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-8584-gd4639f3659ae/testrun/27028572/suite/log-parser-test/test/kfence-bug-kfence-out-of-bounds-read-in-d_same_name/log
LMK if I should attempt a bisection.
--
Thanks,
Sasha
next prev parent reply other threads:[~2025-01-27 17:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-27 4:47 [git pull] d_revalidate pile Al Viro
2025-01-27 17:19 ` Sasha Levin [this message]
2025-01-27 17:36 ` Al Viro
2025-01-27 20:52 ` Sasha Levin
2025-01-27 21:34 ` Al Viro
2025-01-27 22:40 ` Al Viro
2025-01-27 23:08 ` Linus Torvalds
2025-01-27 23:26 ` Sasha Levin
2025-01-28 0:26 ` Al Viro
2025-01-28 0:31 ` Al Viro
2025-01-30 4:37 ` [git pull] d_revalidate pile (v2) Al Viro
2025-01-30 17:24 ` Linus Torvalds
2025-01-30 19:31 ` Miklos Szeredi
2025-01-31 5:56 ` Al Viro
2025-01-30 17:46 ` pr-tracker-bot
2025-01-28 0:43 ` [git pull] d_revalidate pile Linus Torvalds
2025-01-28 1:21 ` Al Viro
2025-01-28 1:27 ` Linus Torvalds
2025-01-28 2:56 ` Al Viro
2025-01-27 19:12 ` Linus Torvalds
2025-01-27 20:38 ` Mark Brown
2025-01-27 22:32 ` Sasha Levin
2025-01-28 12:14 ` Mark Brown
2025-01-28 12:43 ` Dan Carpenter
2025-01-28 12:33 ` Dan Carpenter
2025-01-28 19:24 ` Sasha Levin
2025-01-28 9:19 ` Guillaume Tucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5fAOpnFoXMgpCWb@lappy \
--to=sashal@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.