Received: by 2002:a05:7412:f589:b0:e2:908c:2ebd with SMTP id eh9csp44623rdb; Mon, 30 Oct 2023 23:07:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFeH+ogGVq1rKBKoq64Nj5FJfV5ePCp2Cgy1u1vkNlXxjzk4hmtOg/1iH0LtZ9FSwHChSCm X-Received: by 2002:a17:907:3183:b0:9b2:8df4:c692 with SMTP id xe3-20020a170907318300b009b28df4c692mr11354993ejb.27.1698732447572; Mon, 30 Oct 2023 23:07:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698732447; cv=none; d=google.com; s=arc-20160816; b=rg+YrImBkznt574i5IvQfDOcihBWzoI2aVevfLgf9LkvinYN/Q6n/vZsmBg9VjAGp2 lxtrYFq2halG+8Cd+mXNYzTVlanq4WXdT/F8ZrAk3lAMSXFxM3ibiUZTk5lkSp5fAbUy kPOtWNtlphsI9XFpN2W+ai3YiZTXmCu1fGDTlD92hFC2fkWPG6bRNJELJos7ZuR0AENm n56kN4/5B86aw2Lv7m9bp0Ij6i3/Jznd/+Ezmwq8KZ0GAvAP+Zy2ISCDlvrz0A6Zynrf ItM8IU05VYfiwypTwNGj5aEikQLXwfXukb62lrqd0dn65Ual0rnKSP1Jz/JqY/ZFc85E lBfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=z2xwiLiYF/MG8xwqDzFV+lD1aqeVydHX/euepOu191s=; fh=4Kvduo/jX9RC+FpfuSk07jDJwqDvWt28jnQwtrVzoTY=; b=K09TWTm3bGU1/AAWHOXW3cz+ls3XQQAP04MNdOBBG6nAMPWXKwwO9MA22mWg/FU0+Y 8V+w6jTGla27onxhl2cTvo50cHQYmXPjLCVu2PVkMmmQpXCSL5589jobgM2q6M7xi/dw KqxKrvCCFRAX6PoeOuif9EdJJpFu0lp1LxPJ2F5HxwisaQ/jVCe28awup0loRSDjr6Jz 0v9PLUNv+tNoYqovPGEfr5qGvZs2b2bhGrpfk6Bi9o6/MYDpjEtPyPZEHSq98ccK8Ei6 zcKb7Ugo2iOGCfSIctmvQlt2vKjlJGSs46PNiVaRnAkNEmvzry3bIGoBVsr24My2Xb7D JnYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id hq25-20020a1709073f1900b009a16297609esi275209ejc.312.2023.10.30.23.07.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:07:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 5CAFA80B9517; Mon, 30 Oct 2023 23:07:03 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234987AbjJaGFq (ORCPT + 99 others); Tue, 31 Oct 2023 02:05:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232876AbjJaGFp (ORCPT ); Tue, 31 Oct 2023 02:05:45 -0400 Received: from out30-119.freemail.mail.aliyun.com (out30-119.freemail.mail.aliyun.com [115.124.30.119]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2972E8F for ; Mon, 30 Oct 2023 23:05:37 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R191e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046060;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=4;SR=0;TI=SMTPD_---0VvGHDFU_1698732325; Received: from e69b19392.et15sqa.tbsite.net(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VvGHDFU_1698732325) by smtp.aliyun-inc.com; Tue, 31 Oct 2023 14:05:30 +0800 From: Gao Xiang To: linux-erofs@lists.ozlabs.org Cc: LKML , Linus Torvalds , Gao Xiang Subject: [PATCH] erofs: fix erofs_insert_workgroup() lockref usage Date: Tue, 31 Oct 2023 14:05:24 +0800 Message-Id: <20231031060524.1103921-1-hsiangkao@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.7 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 30 Oct 2023 23:07:03 -0700 (PDT) As Linus pointed out [1], lockref_put_return() is fundamentally designed to be something that can fail. It behaves as a fastpath-only thing, and the failure case needs to be handled anyway. Actually, since the new pcluster was just allocated without being populated, it won't be accessed by others until it is inserted into XArray, so lockref helpers are actually unneeded here. Let's just set the proper reference count on initializing. [1] https://lore.kernel.org/r/CAHk-=whCga8BeQnJ3ZBh_Hfm9ctba_wpF444LpwRybVNMzO6Dw@mail.gmail.com Fixes: 7674a42f35ea ("erofs: use struct lockref to replace handcrafted approach") Signed-off-by: Gao Xiang --- fs/erofs/utils.c | 8 +------- fs/erofs/zdata.c | 1 + 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/fs/erofs/utils.c b/fs/erofs/utils.c index cc6fb9e98899..4256a85719a1 100644 --- a/fs/erofs/utils.c +++ b/fs/erofs/utils.c @@ -77,12 +77,7 @@ struct erofs_workgroup *erofs_insert_workgroup(struct super_block *sb, struct erofs_sb_info *const sbi = EROFS_SB(sb); struct erofs_workgroup *pre; - /* - * Bump up before making this visible to others for the XArray in order - * to avoid potential UAF without serialized by xa_lock. - */ - lockref_get(&grp->lockref); - + DBG_BUGON(grp->lockref.count < 1); repeat: xa_lock(&sbi->managed_pslots); pre = __xa_cmpxchg(&sbi->managed_pslots, grp->index, @@ -96,7 +91,6 @@ struct erofs_workgroup *erofs_insert_workgroup(struct super_block *sb, cond_resched(); goto repeat; } - lockref_put_return(&grp->lockref); grp = pre; } xa_unlock(&sbi->managed_pslots); diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c index 036f610e044b..a7e6847f6f8f 100644 --- a/fs/erofs/zdata.c +++ b/fs/erofs/zdata.c @@ -796,6 +796,7 @@ static int z_erofs_register_pcluster(struct z_erofs_decompress_frontend *fe) return PTR_ERR(pcl); spin_lock_init(&pcl->obj.lockref.lock); + pcl->obj.lockref.count = 1; /* one ref for this request */ pcl->algorithmformat = map->m_algorithmformat; pcl->length = 0; pcl->partial = true; -- 2.39.3