Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2456885ybz; Sun, 26 Apr 2020 20:02:09 -0700 (PDT) X-Google-Smtp-Source: APiQypIS+9zJEOLxODymghJHdmhkbrHKh3HXhYm7GXb0ZN5tdRJUVR+nhtVar5E+tdS1gH3ABRxF X-Received: by 2002:a05:6402:759:: with SMTP id p25mr17497757edy.102.1587956529306; Sun, 26 Apr 2020 20:02:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587956529; cv=none; d=google.com; s=arc-20160816; b=x/75uCbHSajeptH5W3QFpZG57QkiKEAZI57xotPrexUJ020X6V21LN5BKtw7WLmKoc G6cn8gptXV13e5rMwYgWh2vhwuFjXQTKy/RnLStHaMWoCB6NDKTUs6lMrCli7hGqqqrd AKooiMOJJElCpcrtHXhn42sL6oobVZpJmdvLLoWbalUNOhgR5qvfoFXiKoTkZi2fSwoe /v736hnlJaSTelctNTLAVSOkBmpQeiug2HKeCbSOxSabU7wybRYUV3fC4CPkGMurq+9n 2okyZoLRi6ljfwMvXt/sgr1AEYEXLbj1bOnSqxgO6IQ9nlaevQDl74ZZX9/nXxHAO433 1WmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=yMtBR0rm2a1xYW8LqyJyGdANirdUSCJfFg7gnN6WtO0=; b=kHZ6pvHwPS3QpMRlBl28b7Wsmz3YLH6LfR95ogYIbjln0MzgAcBDTXEcuKUui/SbFd ofFk7VU5+n7rq0vCHUiGgqqNVSIC2yETVyu061RDpsMKEauc5KGggFmqdZgRO5eaEyRB Y8X9TkXX21Kr2Kd5izcDZkaf+eUzMTVXDOqoSAhEGP48KHaZfEVknA+hFopz3ZbNmF/4 ID1wrGQq6aknHjbqiA5UWdRRMOvMPzxaSNp+uNvlS4dslxCCf1998AP+QV+62wO8wc6X Hm2xAYix4rFJniK9wF3JPwtxMtCPOyjoyx1W31FxhKUFxfKzXsu/5ORnr1eXRzUklERB FuOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@aol.com header.s=a2048 header.b=i3WibM9N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k26si7704137ejs.504.2020.04.26.20.01.45; Sun, 26 Apr 2020 20:02:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@aol.com header.s=a2048 header.b=i3WibM9N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726484AbgD0DA3 (ORCPT + 99 others); Sun, 26 Apr 2020 23:00:29 -0400 Received: from sonic309-49.consmr.mail.ne1.yahoo.com ([66.163.184.175]:43109 "EHLO sonic309-49.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726316AbgD0DA2 (ORCPT ); Sun, 26 Apr 2020 23:00:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1587956427; bh=yMtBR0rm2a1xYW8LqyJyGdANirdUSCJfFg7gnN6WtO0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From:Subject; b=i3WibM9NgUesbBthFewLOkZuDpFKqDGNjF18vk9spN975ysCcL/YzlvyNXPwbmuR2J2XiHp0kvnmrGqvu7+YAa+7bU6Ub3r81NR06ImhNIOmafctTbHJdZkIbkDOPyYMd2gAOgmJSdHzMZzH6h5S0XIoa8IDA8QL9RnoFZL0V9qAo6J642m9bLadTS5sQ/BpYM/oSSuhpHA5cBx8pjzyu4wMaoimSdN7mYow8GJq0eLX2tQlKdrPqGSDvGoy+2MGkwFRBJvBWrg2GK//tcp+VhHHUnJ0LWzLV0jTKpyYPQRr+YNxdc+q/8BLerOwqkHYRScjiQNjmmeEQxeBpnoMuw== X-YMail-OSG: .gqvD30VM1n0mnRHSW5S0XixLLCBKdoDUGQVg0kmQjQN61NM7mSNUaVYh53fTrZ KUhm19yhEB1tWWLYrJCdknvFxJdpgEEAhYBzyzbdFQIY672s4vvG04I4cglbsGOMzyN8Lp__9RXO 3IyG8907H768v2qQAc3rq6Ik5hweJ943UI7onfngOQyde1B._8ns5auyYyAQmGpWTgEROW004aHu 7JjM6WnQTa4HOFh9Ihvp3cbHRoqBMmxddIn1R8MwCusPM_BjOWOIEiyiXHO9i6uQiD12OUk4etyF xj._CfP5S5YAlfwdCJlATx7SsGmq4uonpClqJCPIhPjiuSXSadKpe01H8Lmvd0ajfuSQLRkW6dgY khbcFCypSc1irFks7AkT0FCvMt3.lx1WgkN9u3qLUAVpExWZJPmtpobus878spudm9nFRue4eU0O Lsenp_qnXWzzNBwk9b2B1.4bNlZiUQTlWTFSRWqRdjAlrlBHvypyc7raQw8YJTlgbkiUG25bJAIr XKi2GUsmxZ.pMZa46USWIA8XoS8BIi6lrvoXSt.UcySagn0594nF9TR98nWqhsSJ0fvJBUkwdr1_ 6eE5j_w4TKIB5Y8BZ2ddqy.DAGWflIdDUsZTbHNtOmiN4CfofP8Z0VWvh8cxBtfecZunAnEu37fh lmQBF19erE8ltU2XGKtFXXadAEhjeAmWrs3pk2Y9neiFZZwj1_.T2lRTstcRn5Ylcrwlo46UZ1wj fGWqODJrJwQ8rfLm6n1Dn9Um1qDfj3Yfrdu1oeJjUox_eX8vR23sD4d1ScWA4XTTfAh844uMWLC8 vBxnDEhHRcrp6Wf432Jv9r.l6DX4Unmd.RAoQ5UXWrqnAoKyoIsX9mpiuLMVqmE2A2r0PYGgU8fN oY_BvSkqfXC0w4yM8Da1ksUaQNnr6xxlsirgm9wSvw371O_Epx8r30iirfjSAdjkzH2O8R2Pr7XS _NBIZ9GHXaTInDjJcZOWxpaQ2Qs7b0._FlUc5g0PexGOg6Si3SWDKyHrNnsijQcgQ4xK6liJUBUK U1Oc2ofAHdxMWnNhKUfEv.tKu2t1EnNLlm.w4kO29pKYncfMVHRpvM.teaQ3AL15o.QaZEsDbx9o dOpfh3x6kUJ0_ht4RX7cVxOXOWkGjY_QUKsfz76QVLXJ4IfX3Ne5gYkm6tLYppJRvWImnEF6wJtn NxxHGJnAqmvUrCb8b41UnqAQeqSGoUHnT.QU65ibXGEq3Rzhg6ryYGFosa9_btbpwmrStpfOvQ5U MxV0lufRxqI6zAyk_PNJKzWzyjDvyB1ENhNIOJFRGmTUr6BrJhB6wQlDSopJI_cnDtiI3AZBp4eD zy10YvbLAhHwEFZry.gvbdCIW4_rCFHbvvImcy9mrNZUyZK1fGyJXkxSweGiDpuRwZUvNlkNsa5u FiU0AXSJkyOr7XsfZzKWWvhIBhQsN3bfUfMOpSG79fqnDuq5xcaawRMBaZOo2OCBkMKUbwh1HN_N WHa8v4PiPls5Pz2FAeNBj Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ne1.yahoo.com with HTTP; Mon, 27 Apr 2020 03:00:27 +0000 Received: by smtp403.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID e9d3497fa89bdec9eee2b7b512753607; Mon, 27 Apr 2020 02:58:10 +0000 (UTC) Date: Mon, 27 Apr 2020 10:58:02 +0800 From: Gao Xiang To: Dave Chinner Cc: Guoqing Jiang , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, hch@infradead.org, willy@infradead.org, Mike Marshall , Martin Brandenburg , devel@lists.orangefs.org Subject: Re: [RFC PATCH 8/9] orangefs: use set/clear_fs_page_private Message-ID: <20200427025752.GA3979@hsiangkao-HP-ZHAN-66-Pro-G1> References: <20200426214925.10970-1-guoqing.jiang@cloud.ionos.com> <20200426214925.10970-9-guoqing.jiang@cloud.ionos.com> <20200426222455.GB2005@dread.disaster.area> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200426222455.GB2005@dread.disaster.area> User-Agent: Mutt/1.10.1 (2018-07-13) X-Mailer: WebService/1.1.15756 hermes Apache-HttpAsyncClient/4.1.4 (Java/11.0.6) Content-Length: 1575 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 27, 2020 at 08:24:55AM +1000, Dave Chinner wrote: > On Sun, Apr 26, 2020 at 11:49:24PM +0200, Guoqing Jiang wrote: > > Since the new pair function is introduced, we can call them to clean the > > code in orangefs. > > > > Cc: Mike Marshall > > Cc: Martin Brandenburg > > Cc: devel@lists.orangefs.org > > Signed-off-by: Guoqing Jiang > > --- > > fs/orangefs/inode.c | 24 ++++++------------------ > > 1 file changed, 6 insertions(+), 18 deletions(-) > > > > diff --git a/fs/orangefs/inode.c b/fs/orangefs/inode.c > > index 12ae630fbed7..893099d36e20 100644 > > --- a/fs/orangefs/inode.c > > +++ b/fs/orangefs/inode.c > > @@ -64,9 +64,7 @@ static int orangefs_writepage_locked(struct page *page, > > } > > if (wr) { > > kfree(wr); > > - set_page_private(page, 0); > > - ClearPagePrivate(page); > > - put_page(page); > > + clear_fs_page_private(page); > > THis is a pre-existing potential use-after-free vector. The wr > pointer held in the page->private needs to be cleared from the page > before it is freed. I'm not familar with orangefs. In my opinion, generally all temporary page->private access (r/w) should be properly protected by some locks, most of time I think it could be at least page lock since .migratepage, .invalidatepage, .releasepage, .. (such paths) are already called with page locked (honestly I'm interested in this topic, please correct me if I'm wrong). I agree that the suggested modification is more clear and easy to read. Thanks, Gao Xiang