Received: by 10.192.165.148 with SMTP id m20csp2391770imm; Sun, 6 May 2018 13:47:11 -0700 (PDT) X-Google-Smtp-Source: AB8JxZo6CJLIqBAXVSh3P+RX2bcUGg1VCBVOtjheeHCr4rkgsCTNlyRLcnPPsAEfOhMbeAUPzM8V X-Received: by 2002:a65:635a:: with SMTP id p26-v6mr28144551pgv.163.1525639631397; Sun, 06 May 2018 13:47:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525639631; cv=none; d=google.com; s=arc-20160816; b=KF/o0YY5qCYTRysqTXDQTVD1Zy3GK1NfOpfECDy5a1WsqHgmW/d108ZoV+XbXEDN98 C+bdbY6BtJG0yW28upnZbL2DJjwECoPYEVYUNvdLUzWp5jeFr+R6X82w65joRqmNTkqT K2Uh9kG1EugC0pm33nHWZZJ6tGIpunT+fMN4vnJtdMmTkrFt8ePcmo0G2ld5ioWVBqc1 ueuomRNb/fwU2kHp56xdcH/AVnyehezNbki/19svi0Z3yKdsQnHiNxDjsuspGiEI7ClJ jdVWohySy95p4Ri2IoNyjZ4/fCKdhjNu2o1JS7w2dlSGEGmhQmHO+rD5E4wnpEl6rEKV VwYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=TvoLGDkIffVmU9mBzBey50/PttM3sTeTxFWbEcNGg4A=; b=ZkI49WWOWIuRfduFaAvYuumnLiINT4UfPjK0xDekju5oT4cBWylOmfojhIbOzL6i2C lbIkHsr1cn2er4n7ACQpbUMK3nh1vmnV+sLZKJV7/EqzON70a0Hj8XcAeL9uH9aiVuKO XT5ypSSJ4z3LVoIztdL0Pq3jkWg1XPtgmJQCJ3pFE7VEJjMxvlnjNBCTCbFKuKlnfx+f Lq10DyCy8iHraIgs2GT/QTs0yl1e73r4Fbv8JsK7zcxBUqvjwOwYJW8/Wuy2cYX7AEee sUDdUDnrppKkeTCxSBpKRBQV7upgsneR/+/pA2livocQFzBpAZ1zuSE5x5bXIbV6XMOm gd7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 69-v6si6591707pla.548.2018.05.06.13.46.45; Sun, 06 May 2018 13:47:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751878AbeEFUqd (ORCPT + 99 others); Sun, 6 May 2018 16:46:33 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:46130 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751835AbeEFUqb (ORCPT ); Sun, 6 May 2018 16:46:31 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1fFQY3-0001Yn-3v; Sun, 06 May 2018 20:46:23 +0000 Date: Sun, 6 May 2018 21:46:23 +0100 From: Al Viro To: John Paul Adrian Glaubitz Cc: Martin Steigerwald , Matthew Wilcox , dsterba@suse.cz, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Jens Axboe , linux-m68k@lists.linux-m68k.org, Debian m68k Subject: Re: moving affs + RDB partition support to staging? Message-ID: <20180506204622.GL30522@ZenIV.linux.org.uk> References: <20180425154602.GA8546@bombadil.infradead.org> <20180425203029.GQ21272@twin.jikos.cz> <20180426025717.GA32430@bombadil.infradead.org> <1613268.lKBQxPXt8J@merkaba> <76ca15e2-7b43-8b02-43e1-9ee65ab85356@physik.fu-berlin.de> <20180506005946.GI30522@ZenIV.linux.org.uk> <20180506073955.GJ30522@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180506073955.GJ30522@ZenIV.linux.org.uk> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, May 06, 2018 at 08:39:55AM +0100, Al Viro wrote: > On Sun, May 06, 2018 at 01:59:51AM +0100, Al Viro wrote: > > > > There is nothing at the moment that needs fixing. > > > > Funny, that... I'd been going through the damn thing for the > > last week or so; open-by-fhandle/nfs export support is completely > > buggered. And as for the rest... the least said about the error > > handling, the better - something like rename() hitting an IO > > error (read one) can not only screw the on-disk data into the > > ground, it can do seriously bad things to kernel data structures. > > ... and while we are at it, consider the following: [snip] Another piece of fun: in affs_add_entry() we have retval = affs_insert_hash(dir, bh); mark_buffer_dirty_inode(bh, inode); affs_unlock_dir(dir); affs_unlock_link(inode); d_instantiate(dentry, inode); done: affs_brelse(inode_bh); affs_brelse(bh); return retval; and in its callers - things like error = affs_add_entry(dir, inode, dentry, ST_USERDIR); if (error) { clear_nlink(inode); mark_inode_dirty(inode); iput(inode); return error; } Guess what happens if we hit affs_insert_hash() failure? d_instantiate() doesn't do anything to in-core inode refcount - that's caller's responsibility. affs_new_inode() has allocated an inode with ->i_count equal to 1; d_instantiate() transfers that reference into dentry (as ->d_inode). And then, since we'd got a non-zero error we do hit iput() (same as we would've if an error happened early enough in affs_add_entry() to bypass d_instantiate()). That drives ->i_count to 0, getting inode freed (zero link count when the last in-core reference is dropped means that there's no point retaining it in icache). So in that case we end up with struct dentry (still hashed and available for lookups to pick) that has ->d_inode pointing to freed memory. Welcome to memory corruption... I'm fixing that pile of crap (along with the NFS exports one and, hopefully, rename mess as well). HOWEVER, I am not going to take over the damn thing - David has violated the 11th commandment (Thou Shalt Never Volunteer), so he gets to joy of learning that codebase and taking care of it from now on.