Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4970681rwl; Mon, 10 Apr 2023 21:17:15 -0700 (PDT) X-Google-Smtp-Source: AKy350aFAqxoq860RBLMWb0HPSSeyJ14NLfByQCmXABu75QIjYx8mZka/IUZDnLFT/gtpvNmbBm7 X-Received: by 2002:a17:906:a203:b0:93e:3194:99cd with SMTP id r3-20020a170906a20300b0093e319499cdmr1074642ejy.12.1681186634899; Mon, 10 Apr 2023 21:17:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681186634; cv=none; d=google.com; s=arc-20160816; b=U6Tc4zkhFJYNKhvQqejDZ5HX8UV8/dML1nXViRisc1IJhZnB+RuKhEd9Fo1K9hlbNH ijZQu31u5XOYylRU9SIxkJESyUL3j74kOzyZ1iWw7rFn148zXqwwSnIWeY91SWOvEcyP eSTNalM5+mnvLYqxgdJlsHj5aQoYRZVLO67qdOW64sCcFQSQ9rJ5K66Uwr3PSCNzDd9/ nJ5bFVxHkv4XBFgirjCZ3fZWJnv6g2MSCcTNXk09BLZB9qEzoBtEu0axpwy/4vRi2mxO AcO9AnoYcPtcDzWsUJRImSBZF67HeGDa8pAVhxrQGQV7ct8c420NhJhUf/tWh6/QxpJM uNGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=I4Ao6ZAi4DT/gmT/fQDeN6+0/0IVVbnWstizfJ72+BU=; b=gDUcnTllNH0orfbWc76qFVAdB6D31X4SF4BVV8eiP3MXOqXlo/qx0JChdXh7trppLq JFBd8E8S1bVw32/0W1GDXIDi97nOWPLkvX/sk4FGc58BnwkkVjy3iMBJ9buUHH3QQ9nV T4ePqAbM/+WrHCbddD/T3lrPCGe1zBlOn65EMPLdhCR+lPFXHd7gn6UNTwaOs5MgSYss zrhalPGKdxnnaugQHcCZVVbUy67oKmVICVpJqPZkAi29eleYg5neGLEcTQFExWVZuLgG FmOy0tB9enBvpvHzQXmJV54zvUYQXmPzmyLDVc2bJ7xVAgfblAjYN9VdseaDmA/O21z4 eC5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lf5-20020a170906ae4500b0094a72025d1bsi4417957ejb.917.2023.04.10.21.16.49; Mon, 10 Apr 2023 21:17:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230009AbjDKEJX (ORCPT + 99 others); Tue, 11 Apr 2023 00:09:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229656AbjDKEJW (ORCPT ); Tue, 11 Apr 2023 00:09:22 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C723519BE; Mon, 10 Apr 2023 21:09:20 -0700 (PDT) Received: from dggpeml500021.china.huawei.com (unknown [172.30.72.54]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4PwXLx4KXqznbKw; Tue, 11 Apr 2023 12:05:45 +0800 (CST) Received: from [10.174.177.174] (10.174.177.174) by dggpeml500021.china.huawei.com (7.185.36.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 11 Apr 2023 12:09:18 +0800 Message-ID: Date: Tue, 11 Apr 2023 12:09:17 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.1.2 Subject: Re: [PATCH v2] writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs Content-Language: en-US To: Andrew Morton CC: , , , , , , , , , , , , Baokun Li References: <20230410130826.1492525-1-libaokun1@huawei.com> <20230410205317.dcb186166b9603eeb876dfda@linux-foundation.org> From: Baokun Li In-Reply-To: <20230410205317.dcb186166b9603eeb876dfda@linux-foundation.org> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.177.174] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpeml500021.china.huawei.com (7.185.36.21) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-5.5 required=5.0 tests=NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/4/11 11:53, Andrew Morton wrote: > On Mon, 10 Apr 2023 21:08:26 +0800 Baokun Li wrote: > >> ... >> >> To solve this problem, percpu_ref_exit() is called under RCU protection >> to avoid race between cgwb_release_workfn() and bdi_split_work_to_wbs(). >> Moreover, replace wb_get() with wb_tryget() in bdi_split_work_to_wbs(), >> and skip the current wb if wb_tryget() fails because the wb has already >> been shutdown. >> >> Fixes: b817525a4a80 ("writeback: bdi_writeback iteration must not skip dying ones") >> Fixes: f3b6a6df38aa ("writeback, cgroup: keep list of inodes attached to bdi_writeback") > Two Fixes: is awkward. The Fixes: serves a guide to which kernel > versions should be patched, but those two commits are six years apart. > > So... how far back should this fix be backported? This issue was introduced in v4.3-rc7 by commit b817525a4a80 ("writeback: bdi_writeback iteration must not skip dying ones"), so anything that has this commit incorporated is problematic. Another fix tag patch invalidates a previously unintentional fix, and then the problem becomes more easily reproducible. This fix tag can actually be removed, and is added here so that people who see the patch will know what happened. -- With Best Regards, Baokun Li .