Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp478407pxx; Wed, 28 Oct 2020 09:14:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgPzy1kwgKYKajOpbTd6zSfZoxjtZ8S2lP5LuyUDoOUqB3tzTczsd5YlpJ9w5t8lty/jgF X-Received: by 2002:a17:906:4d59:: with SMTP id b25mr8583108ejv.404.1603901651046; Wed, 28 Oct 2020 09:14:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603901651; cv=none; d=google.com; s=arc-20160816; b=f+2WiB8EEpWOtZpS4QVkMK0pNi3u2tx1uhynU9ErwcsB/HM9CKpj8HkhKSXbZkzC5y Zm8qAk0JppWRX/Q5iBo8ereTI5Gk/l30iVFN1klbCO5Y6Ln4rAfsrnqAEbZNeAE1AtXw UHRmZiWA3qNhKneZ7WujI2SHN0ExqeYO6lEaEo9YbFV4j0oRp/Kg4rYaMBV2AZKUo302 kZqw1+XMwfbREA4mQ5bYD/tT/tk0LHaP/7rNDn1WR+NPyWw8DHtoDDKedZP7ybPd7P/f c7zGtNiafrjExm8Td2gvc75oqZZAQdC5bS3I+one7LAaLFWvRPuAQJdNndq1AhwXyYop m3/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EpOue9m52sr3OR7rd5nKXmt7/YoMziruU4jgUAVaDQA=; b=Ee9/fjf4vx+Ct6LgXKKjQPC96kkq7acu0h0l119Wpq2dXu3VWCfBKThW7iwhqP0STn Tuc1Qzyf2dwkFCKxFmNWo0JM8smIHo6fpwCpVYNAE6ODGq40zUa82G6DeUwQI0RMGLeC 8HwRxRk7xCQ8GH/QQvdyrORfA2uzDVr33zV2JRtYtkpbpTq1+5/dJQlrLD9DNGNnw4Cm 84mhD3ELBUuJ633sxWWXQyb5ouQUQWwKtZM7QI3tAjhAo/+QSBCKk6ZtUSDNxVbTGBpC VnLRdbLUt7QFADPMiLeejNWeFa3FW+3cLBc2tacR3z2dq01u8E++EYXyZPpUCDPYjrvn xAcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=RNX6ZrwR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r6si3635033edw.131.2020.10.28.09.13.48; Wed, 28 Oct 2020 09:14:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=RNX6ZrwR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1815053AbgJ0RBr (ORCPT + 99 others); Tue, 27 Oct 2020 13:01:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:43754 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1793827AbgJ0PIc (ORCPT ); Tue, 27 Oct 2020 11:08:32 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1FEB020657; Tue, 27 Oct 2020 15:08:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603811311; bh=fHx7BqSEQSgwURzHFbfofNHRxUv8GxX2lB69b0Sp5qA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RNX6ZrwRWqxxQ/p9Y8L1ret5QC9miWldayCbTpWiquKxmjVE09hN6YwLa4UO6bYCB Zw8f7nk9+v0wmPyUCQcEfXl3EvsBjZpEG+wj6VGy/6bNkA8mcgSXfIvkgsgCAxf7Xa vjHDmy5Ilt/EcgoLO4v09/UbCaupOGt9HK4G0/vY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com, syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com, syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com, syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com, syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com, syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com, Hillf Danton , David Howells , Sasha Levin Subject: [PATCH 5.8 417/633] afs: Fix cell removal Date: Tue, 27 Oct 2020 14:52:40 +0100 Message-Id: <20201027135542.282271338@linuxfoundation.org> X-Mailer: git-send-email 2.29.1 In-Reply-To: <20201027135522.655719020@linuxfoundation.org> References: <20201027135522.655719020@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Howells [ Upstream commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 ] Fix cell removal by inserting a more final state than AFS_CELL_FAILED that indicates that the cell has been unpublished in case the manager is already requeued and will go through again. The new AFS_CELL_REMOVED state will just immediately leave the manager function. Going through a second time in the AFS_CELL_FAILED state will cause it to try to remove the cell again, potentially leading to the proc list being removed. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com Suggested-by: Hillf Danton Signed-off-by: David Howells cc: Hillf Danton Signed-off-by: Sasha Levin --- fs/afs/cell.c | 16 ++++++++++------ fs/afs/internal.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/fs/afs/cell.c b/fs/afs/cell.c index 1944be78e9b0d..bc7ed46aaca9f 100644 --- a/fs/afs/cell.c +++ b/fs/afs/cell.c @@ -291,11 +291,11 @@ struct afs_cell *afs_lookup_cell(struct afs_net *net, wait_var_event(&cell->state, ({ state = smp_load_acquire(&cell->state); /* vs error */ - state == AFS_CELL_ACTIVE || state == AFS_CELL_FAILED; + state == AFS_CELL_ACTIVE || state == AFS_CELL_REMOVED; })); /* Check the state obtained from the wait check. */ - if (state == AFS_CELL_FAILED) { + if (state == AFS_CELL_REMOVED) { ret = cell->error; goto error; } @@ -700,7 +700,6 @@ static void afs_deactivate_cell(struct afs_net *net, struct afs_cell *cell) static void afs_manage_cell(struct afs_cell *cell) { struct afs_net *net = cell->net; - bool deleted; int ret, active; _enter("%s", cell->name); @@ -712,13 +711,15 @@ static void afs_manage_cell(struct afs_cell *cell) case AFS_CELL_FAILED: down_write(&net->cells_lock); active = 1; - deleted = atomic_try_cmpxchg_relaxed(&cell->active, &active, 0); - if (deleted) { + if (atomic_try_cmpxchg_relaxed(&cell->active, &active, 0)) { rb_erase(&cell->net_node, &net->cells); + smp_store_release(&cell->state, AFS_CELL_REMOVED); } up_write(&net->cells_lock); - if (deleted) + if (cell->state == AFS_CELL_REMOVED) { + wake_up_var(&cell->state); goto final_destruction; + } if (cell->state == AFS_CELL_FAILED) goto done; smp_store_release(&cell->state, AFS_CELL_UNSET); @@ -760,6 +761,9 @@ static void afs_manage_cell(struct afs_cell *cell) wake_up_var(&cell->state); goto again; + case AFS_CELL_REMOVED: + goto done; + default: break; } diff --git a/fs/afs/internal.h b/fs/afs/internal.h index 522597b401fec..7689f4535ef9c 100644 --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -326,6 +326,7 @@ enum afs_cell_state { AFS_CELL_DEACTIVATING, AFS_CELL_INACTIVE, AFS_CELL_FAILED, + AFS_CELL_REMOVED, }; /* -- 2.25.1