Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2718709pxv; Sun, 11 Jul 2021 23:43:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgxAdI+0B2gtONFnMCFUb/JLnnpH1LYF6hJSQ6dMKKkgVsWbxsMBnuZHq+lU4SEjtzsE8+ X-Received: by 2002:a17:906:2583:: with SMTP id m3mr49811256ejb.506.1626072198269; Sun, 11 Jul 2021 23:43:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626072198; cv=none; d=google.com; s=arc-20160816; b=ZdP9oKV+pBmDpYCZSTi9XV+zzGfIuF4UTVp4ZL+gfDo7u3kUwNQx7AXCLZhBWF96KM baWvheW5I/n6xpZuFWIoatXaI6FXbraMn5ucDYbGkO77pwebMveTzZHs2Cb6EvkzsZ6I PjGQ4eQzyuMxf28AbnGtyNlhVrqppeSIUy2S6vuQBg5GS00pOdoTAtZBl/OYdks6lXfF Xa7ia8IRL3MM8WZbVzLVAprUAi5VTCPQPQCA4B7mhXhz8E+GOZH4bweyaC0lIox1n8Qo EUrW2IxcKI6Ijo9JgNYfSM4Fb9PZsxofTFE8Bv6cT5pWMK65kioXtOG22/boRJbmPS/g i1kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=l9BRZSb0ENCJMEgeIls8+NMbCFd9bA46ywjPbFkc+xs=; b=UjOXBOru6q4CNgbup5a2UKSzvyTinbWosyU4XHOXMNIMBcLfToQCCzp4nN4C8jteaN y7n6drMaMSUMMuWgMroTfYcRZQU/vuQb4t7hAroq1kssKsMhdJCOhJXHQBr2m5SG2n/X tC6jo+Obhr98DeIUHgK9oRQnfSvO2NBwDVxclyJhaDSw1x1vc7L5HBZbxqyL7jDJgdcU RXnukDztD1LtzFVyOdlXZgmy0y9WtB8IEVf+cTFvPclUsUL2YyTOTUq4CiILtpMcdNpO PFdimr2rLXAlIBqf8LdlbFKJeD6/BbpOQEeZVzJDFfrpdqpDaRE/g/ca3K8yFn6gx60x UFow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vHbgk0Vl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cw28si12667985edb.299.2021.07.11.23.42.55; Sun, 11 Jul 2021 23:43:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vHbgk0Vl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238467AbhGLGoF (ORCPT + 99 others); Mon, 12 Jul 2021 02:44:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:55054 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237805AbhGLGex (ORCPT ); Mon, 12 Jul 2021 02:34:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A0877610F7; Mon, 12 Jul 2021 06:31:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626071499; bh=UuLPKepBpPFqNqTZWn8KjjNrCtSL8QWA/rx9s6gkB7I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vHbgk0VlrtBsC/Ntszx5EaLyYnom11V28MUqZjWjenm0q3F1h41Xq8lzeIZgUsmCA KC2v65TQ3obqwIttUVwusBldIYl2fcA8mryvNfvGbzrxoCV2S37GOUpXehA2l3gJMP TBHS7AcCLrSwKDQ2fo82+hD5WxmGCZzQvZpLaJdk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Greg Kurz , Max Reitz , Miklos Szeredi Subject: [PATCH 5.10 095/593] fuse: Fix infinite loop in sget_fc() Date: Mon, 12 Jul 2021 08:04:15 +0200 Message-Id: <20210712060853.662098246@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060843.180606720@linuxfoundation.org> References: <20210712060843.180606720@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kurz commit e4a9ccdd1c03b3dc58214874399d24331ea0a3ab upstream. We don't set the SB_BORN flag on submounts. This is wrong as these superblocks are then considered as partially constructed or dying in the rest of the code and can break some assumptions. One such case is when you have a virtiofs filesystem with submounts and you try to mount it again : virtio_fs_get_tree() tries to obtain a superblock with sget_fc(). The logic in sget_fc() is to loop until it has either found an existing matching superblock with SB_BORN set or to create a brand new one. It is assumed that a superblock without SB_BORN is transient and the loop is restarted. Forgetting to set SB_BORN on submounts hence causes sget_fc() to retry forever. Setting SB_BORN requires special care, i.e. a write barrier for super_cache_count() which can check SB_BORN without taking any lock. We should call vfs_get_tree() to deal with that but this requires to have a proper ->get_tree() implementation for submounts, which is a bigger piece of work. Go for a simple bug fix in the meatime. Fixes: bf109c64040f ("fuse: implement crossmounts") Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Greg Kurz Reviewed-by: Max Reitz Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/fuse/dir.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -353,6 +353,17 @@ static struct vfsmount *fuse_dentry_auto sb->s_flags |= SB_ACTIVE; fsc->root = dget(sb->s_root); + + /* + * FIXME: setting SB_BORN requires a write barrier for + * super_cache_count(). We should actually come + * up with a proper ->get_tree() implementation + * for submounts and call vfs_get_tree() to take + * care of the write barrier. + */ + smp_wmb(); + sb->s_flags |= SB_BORN; + /* We are done configuring the superblock, so unlock it */ up_write(&sb->s_umount);