From: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: Christian Brauner <brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Jan Kara <jack-AlSwsSmVLrQ@public.gmane.org>,
Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>,
Heiko Carstens <hca-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Vasily Gorbik <gor-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Alexander Gordeev
<agordeev-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Fenghua Yu <fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Reinette Chatre
<reinette.chatre-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Miquel Raynal
<miquel.raynal-LDxbnhwyfcJBDgjK7y7TUQ@public.gmane.org>,
Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
Vignesh Raghavendra <vigneshr-l0cyMroinI0@public.gmane.org>,
Dennis Dalessandro
<dennis.dalessandro-ntyVByD3zXaTtA8H5PvdGFaTQe2KTcn/@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Trond Myklebust
<trond.myklebust-F/q8l9xzQnoyLce1RVWEUA@public.gmane.org>,
Anna Schumaker <anna-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Damien Le Moal <dlemoal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Naohiro Aota <naohiro.aota-Sjgp3cTcYWE@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super
Date: Fri, 15 Sep 2023 15:33:43 +0100 [thread overview]
Message-ID: <20230915143343.GM800259@ZenIV> (raw)
In-Reply-To: <20230915142814.GL800259@ZenIV>
On Fri, Sep 15, 2023 at 03:28:14PM +0100, Al Viro wrote:
> On Fri, Sep 15, 2023 at 04:12:07PM +0200, Christian Brauner wrote:
> > + static void some_fs_kill_sb(struct super_block *sb)
> > + {
> > + struct some_fs_info *info = sb->s_fs_info;
> > +
> > + kill_*_super(sb);
> > + kfree(info);
> > + }
> > +
> > +It's best practice to never deviate from this pattern.
>
> The last part is flat-out incorrect. If e.g. fatfs or cifs ever switches
> to that pattern, you'll get UAF - they need freeing of ->s_fs_info
> of anything that ever had been mounted done with RCU delay; moreover,
> unload_nls() in fatfs needs to be behind the same.
>
> Lifetime rules for fs-private parts of superblock are really private to
> filesystem; their use by sget/sget_fc callbacks might impose restrictions
> on those, but that again is none of the VFS business.
PS: and no, we don't want to impose such RCU delay on every filesystem
out there; what's more, there's nothing to prohibit e.g. having ->s_fs_info
pointing to a refcounted fs-private object (possibly shared by various
superblocks), so freeing might very well be "drop the reference and destroy
if refcount has reached 0".
next prev parent reply other threads:[~2023-09-15 14:33 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 11:09 split up ->kill_sb Christoph Hellwig
2023-09-13 11:09 ` [PATCH 03/19] fs: release anon dev_t in deactivate_locked_super Christoph Hellwig
[not found] ` <20230913111013.77623-4-hch-jcswGhMUV9g@public.gmane.org>
2023-09-13 23:27 ` Al Viro
2023-09-14 2:37 ` Al Viro
2023-09-14 5:38 ` Al Viro
2023-09-14 7:56 ` Christian Brauner
2023-09-26 9:31 ` Christoph Hellwig
2023-09-26 9:31 ` Christoph Hellwig
2023-09-14 14:02 ` Christian Brauner
2023-09-14 16:58 ` Al Viro
2023-09-14 19:23 ` Al Viro
2023-09-15 7:40 ` Christian Brauner
2023-09-15 9:44 ` Christian Brauner
2023-09-15 14:12 ` Christian Brauner
2023-09-15 14:28 ` Al Viro
2023-09-15 14:33 ` Al Viro [this message]
2023-09-15 14:40 ` Christian Brauner
2023-09-26 9:41 ` Christoph Hellwig
2023-09-26 9:41 ` Christoph Hellwig
2023-09-26 9:38 ` Christoph Hellwig
2023-09-26 9:38 ` Christoph Hellwig
2023-09-26 21:25 ` Al Viro
2023-09-27 22:29 ` Al Viro
2023-10-02 6:46 ` Christoph Hellwig
2023-10-09 21:57 ` Al Viro
2023-10-10 8:44 ` Christian Brauner
2023-10-17 19:50 ` Al Viro
[not found] ` <20230913111013.77623-1-hch-jcswGhMUV9g@public.gmane.org>
2023-09-13 11:09 ` [PATCH 01/19] fs: reflow deactivate_locked_super Christoph Hellwig
[not found] ` <20230913111013.77623-2-hch-jcswGhMUV9g@public.gmane.org>
2023-09-13 16:35 ` Christian Brauner
2023-09-26 9:24 ` Christoph Hellwig
2023-09-26 9:24 ` Christoph Hellwig
2023-09-13 11:09 ` [PATCH 02/19] fs: make ->kill_sb optional Christoph Hellwig
2023-09-13 11:09 ` [PATCH 04/19] NFS: remove the s_dev field from struct nfs_server Christoph Hellwig
2023-09-13 11:09 ` [PATCH 05/19] fs: assign an anon dev_t in common code Christoph Hellwig
[not found] ` <20230913111013.77623-6-hch-jcswGhMUV9g@public.gmane.org>
2023-09-14 0:34 ` Al Viro
2023-09-13 11:10 ` [PATCH 06/19] qibfs: use simple_release_fs Christoph Hellwig
[not found] ` <20230913111013.77623-7-hch-jcswGhMUV9g@public.gmane.org>
2023-09-18 11:41 ` Leon Romanovsky
2023-09-13 11:10 ` [PATCH 07/19] hypfs: use d_genocide to kill fs entries Christoph Hellwig
2023-09-13 11:10 ` [PATCH 08/19] pstore: shrink the pstore_sb_lock critical section in pstore_kill_sb Christoph Hellwig
[not found] ` <20230913111013.77623-9-hch-jcswGhMUV9g@public.gmane.org>
2023-09-13 22:07 ` Kees Cook
2023-09-13 11:10 ` [PATCH 09/19] zonefs: remove duplicate cleanup in zonefs_fill_super Christoph Hellwig
[not found] ` <20230913111013.77623-10-hch-jcswGhMUV9g@public.gmane.org>
2023-09-14 0:33 ` Damien Le Moal
2023-09-14 0:49 ` Al Viro
2023-09-13 11:10 ` [PATCH 10/19] USB: gadget/legacy: remove sb_mutex Christoph Hellwig
[not found] ` <20230913111013.77623-11-hch-jcswGhMUV9g@public.gmane.org>
2023-09-13 16:10 ` Alan Stern
[not found] ` <7f839be1-4898-41ad-8eda-10d5a0350bdf-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org>
2023-09-26 9:24 ` Christoph Hellwig
2023-09-26 9:24 ` Christoph Hellwig
2023-09-14 10:22 ` Sergey Shtylyov
2023-09-13 11:10 ` [PATCH 11/19] fs: add new shutdown_sb and free_sb methods Christoph Hellwig
[not found] ` <20230913111013.77623-12-hch-jcswGhMUV9g@public.gmane.org>
2023-09-14 2:07 ` Al Viro
2023-09-13 11:10 ` [PATCH 12/19] fs: convert kill_litter_super to litter_shutdown_sb Christoph Hellwig
[not found] ` <20230913111013.77623-13-hch-jcswGhMUV9g@public.gmane.org>
2023-09-13 22:07 ` Kees Cook
2023-09-13 11:10 ` [PATCH 13/19] fs: convert kill_block_super to block_free_sb Christoph Hellwig
[not found] ` <20230913111013.77623-14-hch-jcswGhMUV9g@public.gmane.org>
2023-09-14 2:29 ` Al Viro
2023-09-13 11:10 ` [PATCH 14/19] jffs2: convert to ->shutdown_sb and ->free_sb Christoph Hellwig
2023-09-13 11:10 ` [PATCH 15/19] kernfs: split ->kill_sb Christoph Hellwig
[not found] ` <20230913111013.77623-16-hch-jcswGhMUV9g@public.gmane.org>
2023-09-18 15:24 ` Michal Koutný
2023-09-13 11:10 ` [PATCH 16/19] x86/resctrl: release rdtgroup_mutex and the CPU hotplug lock in rdt_shutdown_sb Christoph Hellwig
2023-09-13 11:10 ` [PATCH 17/19] NFS: move nfs_kill_super to fs_context.c Christoph Hellwig
2023-09-13 11:10 ` [PATCH 18/19] fs: simple ->shutdown_sb and ->free_sb conversions Christoph Hellwig
2023-09-13 11:10 ` [PATCH 19/19] fs: remove ->kill_sb Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230915143343.GM800259@ZenIV \
--to=viro-rmsdqhl/ynmifsdqtta3olvcufugdwfn@public.gmane.org \
--cc=agordeev-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org \
--cc=anna-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=brauner-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=dennis.dalessandro-ntyVByD3zXaTtA8H5PvdGFaTQe2KTcn/@public.gmane.org \
--cc=dlemoal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=gor-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=hca-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org \
--cc=hch-jcswGhMUV9g@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=miquel.raynal-LDxbnhwyfcJBDgjK7y7TUQ@public.gmane.org \
--cc=naohiro.aota-Sjgp3cTcYWE@public.gmane.org \
--cc=reinette.chatre-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=richard-/L3Ra7n9ekc@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=trond.myklebust-F/q8l9xzQnoyLce1RVWEUA@public.gmane.org \
--cc=vigneshr-l0cyMroinI0@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).