Re: [PATCH 2/2] liveupdate: Reference count incoming FLB data

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Samiullah Khawaja <skhawaja@google.com>
To: David Matlack <dmatlack@google.com>
Cc: linux-kernel@vger.kernel.org,
	 Andrew Morton <akpm@linux-foundation.org>,
	Mike Rapoport <rppt@kernel.org>,
	 Pasha Tatashin <pasha.tatashin@soleen.com>,
	Pratyush Yadav <pratyush@kernel.org>
Subject: Re: [PATCH 2/2] liveupdate: Reference count incoming FLB data
Date: Thu, 23 Apr 2026 19:46:48 +0000	[thread overview]
Message-ID: <aep3D1qfjtda7PlV@google.com> (raw)
In-Reply-To: <20260423174032.3140399-3-dmatlack@google.com>

On Thu, Apr 23, 2026 at 05:40:29PM +0000, David Matlack wrote:
>Increment the incoming FLB refcount in liveupdate_flb_get_incoming() so
>that the FLB structure cannot be freed while the caller is actively using
>it. Add an additional liveupdate_flb_put_incoming() function so the
>caller can explicitly indicate when it is done using the FLB data.
>
>During a Live Update, a subsystem might need to hold onto the incoming
>File-Lifecycle-Bound (FLB) data for an extended period, such as during
>device enumeration. Incrementing the reference count guarantees that the
>data remains valid and accessible until the subsystem releases it,
>preventing future use-after-free bugs.
>
>Fixes: cab056f2aae7 ("liveupdate: luo_flb: introduce File-Lifecycle-Bound global state")
>Signed-off-by: David Matlack <dmatlack@google.com>
>---
> include/linux/liveupdate.h  |  6 ++++++
> kernel/liveupdate/luo_flb.c | 32 +++++++++++++++++---------------
> lib/tests/liveupdate.c      |  3 +++
> 3 files changed, 26 insertions(+), 15 deletions(-)
>
>diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h
>index 8d3bbc35c828..88722e5caf02 100644
>--- a/include/linux/liveupdate.h
>+++ b/include/linux/liveupdate.h
>@@ -240,6 +240,8 @@ void liveupdate_unregister_flb(struct liveupdate_file_handler *fh,
> 			       struct liveupdate_flb *flb);
>
> int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp);
>+void liveupdate_flb_put_incoming(struct liveupdate_flb *flb);
>+
> int liveupdate_flb_get_outgoing(struct liveupdate_flb *flb, void **objp);
>
> #else /* CONFIG_LIVEUPDATE */
>@@ -280,6 +282,10 @@ static inline int liveupdate_flb_get_incoming(struct liveupdate_flb *flb,
> 	return -EOPNOTSUPP;
> }
>
>+static inline void liveupdate_flb_put_incoming(struct liveupdate_flb *flb)
>+{
>+}
>+
> static inline int liveupdate_flb_get_outgoing(struct liveupdate_flb *flb,
> 					      void **objp)
> {
>diff --git a/kernel/liveupdate/luo_flb.c b/kernel/liveupdate/luo_flb.c
>index 59c5f31ab767..8f5c5dd01cd0 100644
>--- a/kernel/liveupdate/luo_flb.c
>+++ b/kernel/liveupdate/luo_flb.c
>@@ -165,7 +165,7 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *flb)
> 	bool found = false;
> 	int err;
>
>-	guard(mutex)(&private->incoming.lock);
>+	lockdep_assert_held(&private->incoming.lock);
>
> 	if (private->incoming.finished)
> 		return -ENODATA;
>@@ -206,12 +206,14 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *flb)
> 	return 0;
> }
>
>-static void luo_flb_file_finish_one(struct liveupdate_flb *flb)
>+void liveupdate_flb_put_incoming(struct liveupdate_flb *flb)
> {
> 	struct luo_flb_private *private = luo_flb_get_private(flb);
>+	struct liveupdate_flb_op_args args = {0};
>
>-	if (refcount_dec_and_test(&private->incoming.count)) {
>-		struct liveupdate_flb_op_args args = {0};
>+	scoped_guard(mutex, &private->incoming.lock) {
>+		if (!refcount_dec_and_test(&private->incoming.count))
>+			return;
>
> 		if (!private->incoming.retrieved) {
> 			int err = luo_flb_retrieve_one(flb);
>@@ -220,16 +222,14 @@ static void luo_flb_file_finish_one(struct liveupdate_flb *flb)
> 				return;
> 		}
>
>-		scoped_guard(mutex, &private->incoming.lock) {
>-			args.flb = flb;
>-			args.obj = private->incoming.obj;
>-			flb->ops->finish(&args);
>+		args.flb = flb;
>+		args.obj = private->incoming.obj;
>+		flb->ops->finish(&args);
>
>-			private->incoming.data = 0;
>-			private->incoming.obj = NULL;
>-			private->incoming.finished = true;
>-			module_put(flb->ops->owner);
>-		}
>+		private->incoming.data = 0;
>+		private->incoming.obj = NULL;
>+		private->incoming.finished = true;
>+		module_put(flb->ops->owner);
> 	}
> }
>
>@@ -312,7 +312,7 @@ void luo_flb_file_finish(struct liveupdate_file_handler *fh)
>
> 	guard(rwsem_read)(&luo_register_rwlock);
> 	list_for_each_entry_reverse(iter, flb_list, list)
>-		luo_flb_file_finish_one(iter->flb);
>+		liveupdate_flb_put_incoming(iter->flb);
> }
>
> static void luo_flb_unregister_one(struct liveupdate_file_handler *fh,
>@@ -509,6 +509,8 @@ int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp)
> 	if (!liveupdate_enabled())
> 		return -EOPNOTSUPP;
>
>+	guard(mutex)(&private->incoming.lock);
>+
> 	if (!private->incoming.obj) {
> 		int err = luo_flb_retrieve_one(flb);
>
>@@ -516,7 +518,7 @@ int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp)
> 			return err;
> 	}
>
>-	guard(mutex)(&private->incoming.lock);
>+	refcount_inc(&private->incoming.count);
> 	*objp = private->incoming.obj;
>
> 	return 0;
>diff --git a/lib/tests/liveupdate.c b/lib/tests/liveupdate.c
>index e4b0ecbee32f..4c08a7c6fb78 100644
>--- a/lib/tests/liveupdate.c
>+++ b/lib/tests/liveupdate.c
>@@ -105,6 +105,9 @@ static void liveupdate_test_init(void)
> 			pr_err("liveupdate_flb_get_incoming for %s failed: %pe\n",
> 			       flb->compatible, ERR_PTR(err));
> 		}
>+
>+		if (!err)
>+			liveupdate_flb_put_incoming(flb);
> 	}
> 	initialized = true;
> }
>-- 
>2.54.0.rc2.544.gc7ae2d5bb8-goog
>

Reviewed-by: Samiullah Khawaja <skhawaja@google.com>

next prev parent reply	other threads:[~2026-04-23 19:46 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-23 17:40 [PATCH 0/2] liveupdate: FLB refcounting improvements David Matlack
2026-04-23 17:40 ` [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts David Matlack
2026-04-23 18:11   ` Pasha Tatashin
2026-04-23 18:49     ` David Matlack
2026-04-23 19:40       ` Pasha Tatashin
2026-04-23 19:58   ` Samiullah Khawaja
2026-04-23 17:40 ` [PATCH 2/2] liveupdate: Reference count incoming FLB data David Matlack
2026-04-23 18:21   ` Pasha Tatashin
2026-04-23 19:46   ` Samiullah Khawaja [this message]
2026-04-23 18:13 ` [PATCH 0/2] liveupdate: FLB refcounting improvements Pasha Tatashin
2026-04-23 18:40   ` David Matlack
2026-05-01 18:33 ` Pasha Tatashin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aep3D1qfjtda7PlV@google.com \
    --to=skhawaja@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=dmatlack@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pasha.tatashin@soleen.com \
    --cc=pratyush@kernel.org \
    --cc=rppt@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.