From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F0BD2EC081 for ; Thu, 23 Apr 2026 19:46:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776973614; cv=none; b=uTt6ILUUP0D+nBfHorhGoX8QNAfyqoXqNTHd5fnguIhQxXHZXfmdAodgdc8s0d1zp7zOFmRkKSzHm+UVMZ+Lec9TP2WGPpNPG5rC6r3gdGfpT3Xuf2I0V2fR4iFlrfd4uG47dzLxskP/oflOoKZw3gyl3e6ByO1hv4kxJKjtkwA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776973614; c=relaxed/simple; bh=ef+J1bxtPDfguQXjhsmpU7ZdSVv2RypZmf/Nzi3Zm4k=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=KDe9U4Sh4EfuyPPkiVdlP2EMLjq2KTlH5B6OowBDln69uLKjUxzRB8SN+f2nyvoB6ty1WIGqQbGrZ3wMoRIF86WBBx/4vfYk/8RNUoJ2O8fCK5MYaMmUXiS87mSdnHLfDpWkVaWfs65pstS5YeB9xKUzE8F+SUXlO6NhNCi7zqM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=BbvrHQg4; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BbvrHQg4" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2b2591757fbso158685ad.0 for ; Thu, 23 Apr 2026 12:46:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1776973613; x=1777578413; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=79ykp8cOIFpsSubLAsEoGB7wfwibJfuAN5isGZ8ctTA=; b=BbvrHQg4lDp7qXu15tp/P+Fjg0yO1czHiRLqswGDK266Kr2yHhBSRs9KRZe9ymfsvq 8QEupatv8YjXk9THvHRN255nBofm9xhkadbsz0SZvBqh13aapuYNpVrfPXFRTWafzDig TdFteSfnUFrU2cJYaNBTCGpM8kDb3/nOShDkKZ574osUGBBSdrNr5eR2uinXpn/D73U2 gyE7bIBmcY5euD3LGdtBX2QAXnPEolph3BtFf9ouVuJiQS6NxO+JTPm82EdVkDpGMp/u /pGEgj6UNZzX/spie+ozDZ5Dgocf31ol1twjk+fnk/tWuFN4vvoAw8ltLdZzhrrS2ZrW RUdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776973613; x=1777578413; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=79ykp8cOIFpsSubLAsEoGB7wfwibJfuAN5isGZ8ctTA=; b=rjgsV33EOnqM69GkH+lu/BUTBmBLmcdN2jfTaJmg9QLSBvQ7n83Xj21tRaTurSLq3M MuWVXMvXDPaKXmIJLY68cGZtP/qHXetKnslKxB5lLFRq9Adtlw3lntrcE6vkUataAPZs 3xizJ/T0gABu+BoxpeZDx6yJ3ML9+9uoLuhqLS+rFitU/iACqTB8O70KQEL122/LEe1s Yqfo2xeo3EPT6HBwE9cH5Yic8Pw4BnAXGRhArIpaWmcohc5j/QUq+6yQabOz4akSjUjP uKb9zVCUNjsOWoKOH9pKdZxrCAiqayK+pnMUr/TK4uFf2Q8lG56AgLOtJizsBSrjbtva cZ9Q== X-Gm-Message-State: AOJu0YzH+z/yTps2lN+s22/WR7RnNDnfxKzLoXZUQeNnKT+OSYSXM6D1 x8r3Tue01XCvAXjoDMN2HrGjtAirjwyKUgDNW1dyMo0mZ5OBds60QEe/5hwg7iy+MA== X-Gm-Gg: AeBDiessmkB5ZDrrfrYSL34T+2Kl2a4J5iSxdXGVktmIGvoNjOSZ5xTJKI8QDUUubDL r+k3B/MxVOjIejRydylwzMOOUMOdOGE8wiLMYIG/zlUzpZq8ZO8uzS/FWB/f05GAj/s9yGyZXeO SOsNrrnaxzbFcb83+sn0FQ86HSSgjyUkRuUN3ry8k2oUhfac8HM9wMRIiDlYG7AkHQQwLfMB7Df KvScbKw5IWnIvvf26wbgArYEL2K/KyDnuzyVdXsrvpRBlCJRobvKWl74zH/SXTkZ+h/CLDcV9ZA dwTOBv1NkFSx41EoUAS4mLJ2jyGl2CtmGsXQn1vWtpRFZYRL/ajyw7vJLcG5txqdUfyP9cifRlq qXbaeDq7Mh/XCHu8fxlbQkFW4BlPZB+W/1l4EWjiG6/7AhxcL/H1+BHfcb8rBNN9/Gp2wasvxUu WE+jnCe990g4Ni5kR1WzPNkRurtBlrQYZmo1+1WZZIa3jYOs3MI3EY6XfLYTIflTjUPlSinH5dm kYcuLreGag= X-Received: by 2002:a17:902:c405:b0:2b0:9a61:9d9 with SMTP id d9443c01a7336-2b603f3de42mr17099255ad.9.1776973612137; Thu, 23 Apr 2026 12:46:52 -0700 (PDT) Received: from google.com (195.236.83.34.bc.googleusercontent.com. [34.83.236.195]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c7976fa40b2sm15111869a12.13.2026.04.23.12.46.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Apr 2026 12:46:51 -0700 (PDT) Date: Thu, 23 Apr 2026 19:46:48 +0000 From: Samiullah Khawaja To: David Matlack Cc: linux-kernel@vger.kernel.org, Andrew Morton , Mike Rapoport , Pasha Tatashin , Pratyush Yadav Subject: Re: [PATCH 2/2] liveupdate: Reference count incoming FLB data Message-ID: References: <20260423174032.3140399-1-dmatlack@google.com> <20260423174032.3140399-3-dmatlack@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20260423174032.3140399-3-dmatlack@google.com> On Thu, Apr 23, 2026 at 05:40:29PM +0000, David Matlack wrote: >Increment the incoming FLB refcount in liveupdate_flb_get_incoming() so >that the FLB structure cannot be freed while the caller is actively using >it. Add an additional liveupdate_flb_put_incoming() function so the >caller can explicitly indicate when it is done using the FLB data. > >During a Live Update, a subsystem might need to hold onto the incoming >File-Lifecycle-Bound (FLB) data for an extended period, such as during >device enumeration. Incrementing the reference count guarantees that the >data remains valid and accessible until the subsystem releases it, >preventing future use-after-free bugs. > >Fixes: cab056f2aae7 ("liveupdate: luo_flb: introduce File-Lifecycle-Bound global state") >Signed-off-by: David Matlack >--- > include/linux/liveupdate.h | 6 ++++++ > kernel/liveupdate/luo_flb.c | 32 +++++++++++++++++--------------- > lib/tests/liveupdate.c | 3 +++ > 3 files changed, 26 insertions(+), 15 deletions(-) > >diff --git a/include/linux/liveupdate.h b/include/linux/liveupdate.h >index 8d3bbc35c828..88722e5caf02 100644 >--- a/include/linux/liveupdate.h >+++ b/include/linux/liveupdate.h >@@ -240,6 +240,8 @@ void liveupdate_unregister_flb(struct liveupdate_file_handler *fh, > struct liveupdate_flb *flb); > > int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp); >+void liveupdate_flb_put_incoming(struct liveupdate_flb *flb); >+ > int liveupdate_flb_get_outgoing(struct liveupdate_flb *flb, void **objp); > > #else /* CONFIG_LIVEUPDATE */ >@@ -280,6 +282,10 @@ static inline int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, > return -EOPNOTSUPP; > } > >+static inline void liveupdate_flb_put_incoming(struct liveupdate_flb *flb) >+{ >+} >+ > static inline int liveupdate_flb_get_outgoing(struct liveupdate_flb *flb, > void **objp) > { >diff --git a/kernel/liveupdate/luo_flb.c b/kernel/liveupdate/luo_flb.c >index 59c5f31ab767..8f5c5dd01cd0 100644 >--- a/kernel/liveupdate/luo_flb.c >+++ b/kernel/liveupdate/luo_flb.c >@@ -165,7 +165,7 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *flb) > bool found = false; > int err; > >- guard(mutex)(&private->incoming.lock); >+ lockdep_assert_held(&private->incoming.lock); > > if (private->incoming.finished) > return -ENODATA; >@@ -206,12 +206,14 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *flb) > return 0; > } > >-static void luo_flb_file_finish_one(struct liveupdate_flb *flb) >+void liveupdate_flb_put_incoming(struct liveupdate_flb *flb) > { > struct luo_flb_private *private = luo_flb_get_private(flb); >+ struct liveupdate_flb_op_args args = {0}; > >- if (refcount_dec_and_test(&private->incoming.count)) { >- struct liveupdate_flb_op_args args = {0}; >+ scoped_guard(mutex, &private->incoming.lock) { >+ if (!refcount_dec_and_test(&private->incoming.count)) >+ return; > > if (!private->incoming.retrieved) { > int err = luo_flb_retrieve_one(flb); >@@ -220,16 +222,14 @@ static void luo_flb_file_finish_one(struct liveupdate_flb *flb) > return; > } > >- scoped_guard(mutex, &private->incoming.lock) { >- args.flb = flb; >- args.obj = private->incoming.obj; >- flb->ops->finish(&args); >+ args.flb = flb; >+ args.obj = private->incoming.obj; >+ flb->ops->finish(&args); > >- private->incoming.data = 0; >- private->incoming.obj = NULL; >- private->incoming.finished = true; >- module_put(flb->ops->owner); >- } >+ private->incoming.data = 0; >+ private->incoming.obj = NULL; >+ private->incoming.finished = true; >+ module_put(flb->ops->owner); > } > } > >@@ -312,7 +312,7 @@ void luo_flb_file_finish(struct liveupdate_file_handler *fh) > > guard(rwsem_read)(&luo_register_rwlock); > list_for_each_entry_reverse(iter, flb_list, list) >- luo_flb_file_finish_one(iter->flb); >+ liveupdate_flb_put_incoming(iter->flb); > } > > static void luo_flb_unregister_one(struct liveupdate_file_handler *fh, >@@ -509,6 +509,8 @@ int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp) > if (!liveupdate_enabled()) > return -EOPNOTSUPP; > >+ guard(mutex)(&private->incoming.lock); >+ > if (!private->incoming.obj) { > int err = luo_flb_retrieve_one(flb); > >@@ -516,7 +518,7 @@ int liveupdate_flb_get_incoming(struct liveupdate_flb *flb, void **objp) > return err; > } > >- guard(mutex)(&private->incoming.lock); >+ refcount_inc(&private->incoming.count); > *objp = private->incoming.obj; > > return 0; >diff --git a/lib/tests/liveupdate.c b/lib/tests/liveupdate.c >index e4b0ecbee32f..4c08a7c6fb78 100644 >--- a/lib/tests/liveupdate.c >+++ b/lib/tests/liveupdate.c >@@ -105,6 +105,9 @@ static void liveupdate_test_init(void) > pr_err("liveupdate_flb_get_incoming for %s failed: %pe\n", > flb->compatible, ERR_PTR(err)); > } >+ >+ if (!err) >+ liveupdate_flb_put_incoming(flb); > } > initialized = true; > } >-- >2.54.0.rc2.544.gc7ae2d5bb8-goog > Reviewed-by: Samiullah Khawaja