Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED90BC433EF for ; Mon, 15 Nov 2021 02:24:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D8DD761056 for ; Mon, 15 Nov 2021 02:24:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229757AbhKOC1t (ORCPT ); Sun, 14 Nov 2021 21:27:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229453AbhKOC1d (ORCPT ); Sun, 14 Nov 2021 21:27:33 -0500 Received: from smtp02.aussiebb.com.au (smtp02.aussiebb.com.au [IPv6:2403:5800:3:25::1002]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6ACFBC061746; Sun, 14 Nov 2021 18:24:22 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp02.aussiebb.com.au (Postfix) with ESMTP id 55A4F102D7A; Mon, 15 Nov 2021 13:24:18 +1100 (AEDT) X-Virus-Scanned: Debian amavisd-new at smtp02.aussiebb.com.au Received: from smtp02.aussiebb.com.au ([127.0.0.1]) by localhost (smtp02.aussiebb.com.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtXQ1N5wrVTJ; Mon, 15 Nov 2021 13:24:18 +1100 (AEDT) Received: by smtp02.aussiebb.com.au (Postfix, from userid 116) id 40E3F102D70; Mon, 15 Nov 2021 13:24:18 +1100 (AEDT) Received: from mickey.themaw.net (unknown [100.72.131.210]) by smtp02.aussiebb.com.au (Postfix) with ESMTP id 8C850102D6D; Mon, 15 Nov 2021 13:24:16 +1100 (AEDT) Subject: [PATCH 2 0/2] xfs: fix inline link path race From: Ian Kent To: xfs , "Darrick J. Wong" , Christoph Hellwig Cc: Miklos Szeredi , Brian Foster , Al Viro , David Howells , linux-fsdevel , Kernel Mailing List Date: Mon, 15 Nov 2021 10:24:16 +0800 Message-ID: <163694289979.229789.1176392639284347792.stgit@mickey.themaw.net> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the inode of an inline symlink is released (dropped) while a path walk that is in rcu-walk mode is occuring the inode ->get_link() method can be NULL when VFS dereferences it causing a crash. But, since the release can occur at any time there's a small but finite possibility the link path text could be freed while it's being used. Changes since v1: - don't bother trying to rcu-free the link path since there could be side effects from the xfs reclaim code. --- Ian Kent (2): vfs: check dentry is still valid in get_link() xfs: make sure link path does not go away at access fs/xfs/xfs_iops.c | 3 +++ 1 file changed, 3 insertions(+) -- Ian