From: Samiullah Khawaja <skhawaja@google.com>
To: David Matlack <dmatlack@google.com>
Cc: linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Mike Rapoport <rppt@kernel.org>,
Pasha Tatashin <pasha.tatashin@soleen.com>,
Pratyush Yadav <pratyush@kernel.org>
Subject: Re: [PATCH 2/2] liveupdate: Reference count incoming FLB data
Date: Thu, 23 Apr 2026 19:46:48 +0000 [thread overview]
Message-ID: <aep3D1qfjtda7PlV@google.com> (raw)
In-Reply-To: <20260423174032.3140399-3-dmatlack@google.com>
On Thu, Apr 23, 2026 at 05:40:29PM +0000, David Matlack wrote:
>Increment the incoming FLB refcount in liveupdate_flb_get_incoming() so
>that the FLB structure cannot be freed while the caller is actively using
>it. Add an additional liveupdate_flb_put_incoming() function so the
>caller can explicitly indicate when it is done using the FLB data.
>
>During a Live Update, a subsystem might need to hold onto the incoming
>File-Lifecycle-Bound (FLB) data for an extended period, such as during
>device enumeration. Incrementing the reference count guarantees that the
>data remains valid and accessible until the subsystem releases it,
>preventing future use-after-free bugs.
>
>Fixes: cab056f2aae7 ("liveupdate: luo_flb: introduce File-Lifecycle-Bound global state")
>Signed-off-by: David Matlack <dmatlack@google.com>
>---
> include/linux/liveupdate.h | 6 ++++++
> kernel/liveupdate/luo_flb.c | 32 +++++++++++++++++---------------
> lib/tests/liveupdate.c | 3 +++
> 3 files changed, 26 insertions(+), 15 deletions(-)
>
>diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h
>index 8d3bbc35c828..88722e5caf02 100644
>--- a/include/linux/liveupdate.h
>+++ b/include/linux/liveupdate.h
>@@ -240,6 +240,8 @@ void liveupdate_unregister_flb(struct liveupdate_file_handler *fh,
> struct liveupdate_flb *flb);
>
> int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp);
>+void liveupdate_flb_put_incoming(struct liveupdate_flb *flb);
>+
> int liveupdate_flb_get_outgoing(struct liveupdate_flb *flb, void **objp);
>
> #else /* CONFIG_LIVEUPDATE */
>@@ -280,6 +282,10 @@ static inline int liveupdate_flb_get_incoming(struct liveupdate_flb *flb,
> return -EOPNOTSUPP;
> }
>
>+static inline void liveupdate_flb_put_incoming(struct liveupdate_flb *flb)
>+{
>+}
>+
> static inline int liveupdate_flb_get_outgoing(struct liveupdate_flb *flb,
> void **objp)
> {
>diff --git a/kernel/liveupdate/luo_flb.c b/kernel/liveupdate/luo_flb.c
>index 59c5f31ab767..8f5c5dd01cd0 100644
>--- a/kernel/liveupdate/luo_flb.c
>+++ b/kernel/liveupdate/luo_flb.c
>@@ -165,7 +165,7 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *flb)
> bool found = false;
> int err;
>
>- guard(mutex)(&private->incoming.lock);
>+ lockdep_assert_held(&private->incoming.lock);
>
> if (private->incoming.finished)
> return -ENODATA;
>@@ -206,12 +206,14 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *flb)
> return 0;
> }
>
>-static void luo_flb_file_finish_one(struct liveupdate_flb *flb)
>+void liveupdate_flb_put_incoming(struct liveupdate_flb *flb)
> {
> struct luo_flb_private *private = luo_flb_get_private(flb);
>+ struct liveupdate_flb_op_args args = {0};
>
>- if (refcount_dec_and_test(&private->incoming.count)) {
>- struct liveupdate_flb_op_args args = {0};
>+ scoped_guard(mutex, &private->incoming.lock) {
>+ if (!refcount_dec_and_test(&private->incoming.count))
>+ return;
>
> if (!private->incoming.retrieved) {
> int err = luo_flb_retrieve_one(flb);
>@@ -220,16 +222,14 @@ static void luo_flb_file_finish_one(struct liveupdate_flb *flb)
> return;
> }
>
>- scoped_guard(mutex, &private->incoming.lock) {
>- args.flb = flb;
>- args.obj = private->incoming.obj;
>- flb->ops->finish(&args);
>+ args.flb = flb;
>+ args.obj = private->incoming.obj;
>+ flb->ops->finish(&args);
>
>- private->incoming.data = 0;
>- private->incoming.obj = NULL;
>- private->incoming.finished = true;
>- module_put(flb->ops->owner);
>- }
>+ private->incoming.data = 0;
>+ private->incoming.obj = NULL;
>+ private->incoming.finished = true;
>+ module_put(flb->ops->owner);
> }
> }
>
>@@ -312,7 +312,7 @@ void luo_flb_file_finish(struct liveupdate_file_handler *fh)
>
> guard(rwsem_read)(&luo_register_rwlock);
> list_for_each_entry_reverse(iter, flb_list, list)
>- luo_flb_file_finish_one(iter->flb);
>+ liveupdate_flb_put_incoming(iter->flb);
> }
>
> static void luo_flb_unregister_one(struct liveupdate_file_handler *fh,
>@@ -509,6 +509,8 @@ int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp)
> if (!liveupdate_enabled())
> return -EOPNOTSUPP;
>
>+ guard(mutex)(&private->incoming.lock);
>+
> if (!private->incoming.obj) {
> int err = luo_flb_retrieve_one(flb);
>
>@@ -516,7 +518,7 @@ int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp)
> return err;
> }
>
>- guard(mutex)(&private->incoming.lock);
>+ refcount_inc(&private->incoming.count);
> *objp = private->incoming.obj;
>
> return 0;
>diff --git a/lib/tests/liveupdate.c b/lib/tests/liveupdate.c
>index e4b0ecbee32f..4c08a7c6fb78 100644
>--- a/lib/tests/liveupdate.c
>+++ b/lib/tests/liveupdate.c
>@@ -105,6 +105,9 @@ static void liveupdate_test_init(void)
> pr_err("liveupdate_flb_get_incoming for %s failed: %pe\n",
> flb->compatible, ERR_PTR(err));
> }
>+
>+ if (!err)
>+ liveupdate_flb_put_incoming(flb);
> }
> initialized = true;
> }
>--
>2.54.0.rc2.544.gc7ae2d5bb8-goog
>
Reviewed-by: Samiullah Khawaja <skhawaja@google.com>
next prev parent reply other threads:[~2026-04-23 19:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-23 17:40 [PATCH 0/2] liveupdate: FLB refcounting improvements David Matlack
2026-04-23 17:40 ` [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts David Matlack
2026-04-23 18:11 ` Pasha Tatashin
2026-04-23 18:49 ` David Matlack
2026-04-23 19:40 ` Pasha Tatashin
2026-04-23 19:58 ` Samiullah Khawaja
2026-04-23 17:40 ` [PATCH 2/2] liveupdate: Reference count incoming FLB data David Matlack
2026-04-23 18:21 ` Pasha Tatashin
2026-04-23 19:46 ` Samiullah Khawaja [this message]
2026-04-23 18:13 ` [PATCH 0/2] liveupdate: FLB refcounting improvements Pasha Tatashin
2026-04-23 18:40 ` David Matlack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aep3D1qfjtda7PlV@google.com \
--to=skhawaja@google.com \
--cc=akpm@linux-foundation.org \
--cc=dmatlack@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pasha.tatashin@soleen.com \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox