[PATCH 1/2] fs: add iput_not_last()

[PATCH 1/2] fs: add iput_not_last()

[Mateusz Guzik]

Signed-off-by: Mateusz Guzik <mjguzik@gmail.com>
---
 fs/inode.c         | 12 ++++++++++++
 include/linux/fs.h |  1 +
 2 files changed, 13 insertions(+)

diff --git a/fs/inode.c b/fs/inode.c
index ec9339024ac3..cff1d3af0d57 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1967,6 +1967,18 @@ void iput(struct inode *inode)
 }
 EXPORT_SYMBOL(iput);
 
+/**
+ *	iput_not_last	- put an inode assuming this is not the last reference
+ *	@inode: inode to put
+ */
+void iput_not_last(struct inode *inode)
+{
+	VFS_BUG_ON_INODE(atomic_read(&inode->i_count) < 2, inode);
+
+	WARN_ON(atomic_sub_return(1, &inode->i_count) == 0);
+}
+EXPORT_SYMBOL(iput_not_last);
+
 #ifdef CONFIG_BLOCK
 /**
  *	bmap	- find a block number in a file
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c895146c1444..98fc088a461f 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2823,6 +2823,7 @@ extern int current_umask(void);
 
 extern void ihold(struct inode * inode);
 extern void iput(struct inode *);
+void iput_not_last(struct inode *);
 int inode_update_timestamps(struct inode *inode, int flags);
 int generic_update_time(struct inode *, int);
 
-- 
2.48.1

[PATCH 2/2] landlock: fix splats from iput() after it started calling might_sleep()

[Mateusz Guzik]

At this point it is guaranteed this is not the last reference.

However, a recent addition of might_sleep() at top of iput() started
generating false-positives as it was executing for all values.

Remedy the problem by using the newly introduced iput_not_last().

Reported-by: syzbot+12479ae15958fc3f54ec@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/68d32659.a70a0220.4f78.0012.GAE@google.com/
Fixes: 2ef435a872ab ("fs: add might_sleep() annotation to iput() and more")
Signed-off-by: Mateusz Guzik <mjguzik@gmail.com>
---
 security/landlock/fs.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index 0bade2c5aa1d..d9c12b993fa7 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -1335,11 +1335,10 @@ static void hook_sb_delete(struct super_block *const sb)
 			 * At this point, we own the ihold() reference that was
 			 * originally set up by get_inode_object() and the
 			 * __iget() reference that we just set in this loop
-			 * walk.  Therefore the following call to iput() will
-			 * not sleep nor drop the inode because there is now at
-			 * least two references to it.
+			 * walk.  Therefore there are at least two references
+			 * on the inode.
 			 */
-			iput(inode);
+			iput_not_last(inode);
 		} else {
 			spin_unlock(&object->lock);
 			rcu_read_unlock();
-- 
2.48.1

Re: [PATCH 2/2] landlock: fix splats from iput() after it started calling might_sleep()

[Mickaël Salaün]

On Wed, Nov 05, 2025 at 10:20:25PM +0100, Mateusz Guzik wrote:
> At this point it is guaranteed this is not the last reference.
> 
> However, a recent addition of might_sleep() at top of iput() started
> generating false-positives as it was executing for all values.
> 
> Remedy the problem by using the newly introduced iput_not_last().
> 
> Reported-by: syzbot+12479ae15958fc3f54ec@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/all/68d32659.a70a0220.4f78.0012.GAE@google.com/
> Fixes: 2ef435a872ab ("fs: add might_sleep() annotation to iput() and more")
> Signed-off-by: Mateusz Guzik <mjguzik@gmail.com>

Reviewed-by: Mickaël Salaün <mic@digikod.net>

Thanks!

> ---
>  security/landlock/fs.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/security/landlock/fs.c b/security/landlock/fs.c
> index 0bade2c5aa1d..d9c12b993fa7 100644
> --- a/security/landlock/fs.c
> +++ b/security/landlock/fs.c
> @@ -1335,11 +1335,10 @@ static void hook_sb_delete(struct super_block *const sb)
>  			 * At this point, we own the ihold() reference that was
>  			 * originally set up by get_inode_object() and the
>  			 * __iget() reference that we just set in this loop
> -			 * walk.  Therefore the following call to iput() will
> -			 * not sleep nor drop the inode because there is now at
> -			 * least two references to it.
> +			 * walk.  Therefore there are at least two references
> +			 * on the inode.
>  			 */
> -			iput(inode);
> +			iput_not_last(inode);
>  		} else {
>  			spin_unlock(&object->lock);
>  			rcu_read_unlock();
> -- 
> 2.48.1
> 
> 

Re: [PATCH 1/2] fs: add iput_not_last()

[Jan Kara]

On Wed 05-11-25 22:20:24, Mateusz Guzik wrote:
> Signed-off-by: Mateusz Guzik <mjguzik@gmail.com>

I guess better than giving up the common might_sleep() annotation. Feel
free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

One nit below:

> +/**
> + *	iput_not_last	- put an inode assuming this is not the last reference
> + *	@inode: inode to put
> + */
> +void iput_not_last(struct inode *inode)
> +{

Standard iput() silently does nothing for NULL inode. I'm undecided whether
it belongs here or not. It might be convenient for some error handling
paths but OTOH if you are confident you hold a reference then inode should
better not be NULL...

								Honza

> +	VFS_BUG_ON_INODE(atomic_read(&inode->i_count) < 2, inode);
> +
> +	WARN_ON(atomic_sub_return(1, &inode->i_count) == 0);
> +}
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 1/2] fs: add iput_not_last()

[Christian Brauner]

On Wed, 05 Nov 2025 22:20:24 +0100, Mateusz Guzik wrote:
> 


Applied to the vfs-6.19.inode branch of the vfs/vfs.git tree.
Patches in the vfs-6.19.inode branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.19.inode

[1/2] fs: add iput_not_last()
      https://git.kernel.org/vfs/vfs/c/a1cece5d8881
[2/2] landlock: fix splats from iput() after it started calling might_sleep()
      https://git.kernel.org/vfs/vfs/c/9638e5c3b673

Re: [PATCH 1/2] fs: add iput_not_last()

[Mateusz Guzik]

On Tue, Nov 11, 2025 at 12:46 PM Christian Brauner <brauner@kernel.org> wrote:
>
> On Wed, 05 Nov 2025 22:20:24 +0100, Mateusz Guzik wrote:
> >
>
>
> Applied to the vfs-6.19.inode branch of the vfs/vfs.git tree.
> Patches in the vfs-6.19.inode branch should appear in linux-next soon.
>

That might_sleep in iput is already in master slated for 6.18, so this
should land in vfs.fixes instead.