Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp968947pxj; Fri, 21 May 2021 03:28:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw725UQNUkubUdg4QmhTXreFy3+JdkWwFgPDmi6db2++Uuv5Hw6rL1Fcjoquh+G+OCT7i3C X-Received: by 2002:a5d:9343:: with SMTP id i3mr11155280ioo.77.1621592886756; Fri, 21 May 2021 03:28:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621592886; cv=none; d=google.com; s=arc-20160816; b=MpDNb0nTwh5O3kuxU6e8Uy1Kyi6as+uW1u1xlso6G651VxFBzaaSi++nRjQf7ZBQMS cWy5701OB5+3nhTubvOJ9FEF1WQheO4LHfBp0DkrNu/Ms1unW4HacwXpLA4o98q/d5Ja lMiqj4DfNo4W1UGWVpLtKG77zM82EiAha2F/o64J9hcmr412ZyZ/2nfyhFDgmxVHks3K D8pUrIMP7z82d4qd7hyJNDW1npN0iqBskF6R5GyM5VnP+o7nAfQtsiv3wisPaJ0Lsmao nMb+BKU/CgibYl+4oRQzKvu3zLy6YilG1N1O6Cl7LgFa/aG6HYU610DmvHTFBswwpVeR tcxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=BPx5ipI3E8GnDuMWv0CNj4kKbqGRFobGccy1Mzb4NtU=; b=YbVCMOSf+pdOfAIewq1dXEvgG2BGSe6c64HFxJGD3+zWInRy0rZZNiSQLGCbRBQ4W/ dWQj3XEHADjxjvIowH8AyUiQZzh9hUnCpm4ugbzt2bMp6FHwRiG+BafTiJad8hqmZy6Q LgA6eNopDFkrM1t1VqbB04oP/SWqnqdzwv5f+UG6XCnEXCKI6Sm+RqzupHKrgu3z6Q5H +51hJVP7Y0Zh7sreHe+wkReXAeQ/axYWmC1+qN0ElIJKTFYY2d/nnAR4CepFX/qxBXEi ej1pphN2F9vZ73jLNeklMf7tyRJhr5ggOMsk5gQkq5OuwwmviDcZoAzf4OyjVaDzp6FI pbuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q205si3505122ioq.7.2021.05.21.03.27.54; Fri, 21 May 2021 03:28:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230312AbhEUIRC convert rfc822-to-8bit (ORCPT + 99 others); Fri, 21 May 2021 04:17:02 -0400 Received: from us-smtp-delivery-44.mimecast.com ([205.139.111.44]:32655 "EHLO us-smtp-delivery-44.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229629AbhEUIRC (ORCPT ); Fri, 21 May 2021 04:17:02 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-134-P7MMZ4skNEasB_Ci5O7ioQ-1; Fri, 21 May 2021 04:15:35 -0400 X-MC-Unique: P7MMZ4skNEasB_Ci5O7ioQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9FD3F107ACCD; Fri, 21 May 2021 08:15:34 +0000 (UTC) Received: from bahia.lan (ovpn-112-49.ams2.redhat.com [10.36.112.49]) by smtp.corp.redhat.com (Postfix) with ESMTP id B74C65C8A8; Fri, 21 May 2021 08:15:24 +0000 (UTC) Date: Fri, 21 May 2021 10:15:23 +0200 From: Greg Kurz To: Miklos Szeredi Cc: Al Viro , virtualization@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs-list , Stefan Hajnoczi , Max Reitz , Vivek Goyal Subject: Re: [PATCH v4 1/5] fuse: Fix leak in fuse_dentry_automount() error path Message-ID: <20210521101523.4f276dac@bahia.lan> In-Reply-To: References: <20210520154654.1791183-1-groug@kaod.org> <20210520154654.1791183-2-groug@kaod.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=groug@kaod.org X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: kaod.org Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 21 May 2021 09:54:19 +0200 Miklos Szeredi wrote: > On Thu, 20 May 2021 at 21:45, Al Viro wrote: > > > > On Thu, May 20, 2021 at 05:46:50PM +0200, Greg Kurz wrote: > > > Some rollback was forgotten during the addition of crossmounts. > > > > Have you actually tested that? Because I strongly suspect that > > by that point the ownership of fc and fm is with sb and those > > should be taken care of by deactivate_locked_super(). > > Not quite. Patch looks correct because destruction of fm is done in > fuse_put_super(), which only gets called if the sb initialization gets > as far as setting up sb->s_root, which only happens after the > successful fuse_fill_super_submount() call in this case. > > Doing the destruction from the various ->kill_sb() instances instead > of from ->put_super() would also fix this, but I'm not quite sure that > that would be any cleaner. > As saying in the answer I've just posted, a failure in fuse_fill_super_submount() causes an actual crash because fuse_mount_remove() logically assumes fm to already be in fc->mounts, which isn't the case at this point. In the root mount case, this is handled by taking back the ownership on fm, i.e. do the rollback *and* clear sb->s_fs_info. It seems that the same should be done for submounts. > Thanks, > Miklos