Received: by 2002:a05:7412:b101:b0:e2:908c:2ebd with SMTP id az1csp3139097rdb; Thu, 16 Nov 2023 00:52:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IH2cDiXLuzivrMpXAeWHhuvHCnKCoM1d59AEYW/TBEMWbdRmpMrgR0TuXZqOR/78EZwjD8o X-Received: by 2002:a05:6a00:1acd:b0:6c4:cf33:cbe8 with SMTP id f13-20020a056a001acd00b006c4cf33cbe8mr15546845pfv.6.1700124768073; Thu, 16 Nov 2023 00:52:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700124768; cv=none; d=google.com; s=arc-20160816; b=Dkaj4vJkzAYkTVm9ow9pqg3mnU0Zq/oAGNirSbHryv0yZOvayr5JGRb/bjpBjTs6jJ 1yjIPLaLt4NWChXKH3Qn1HJ7po/qsxZO2FlLn11jxsF8dEptr5IuFtCM86ogcDT9pSJ8 lnrH5um+F6c8Y33+mKSsHTZ3tt1ndGS7vPDThsaOwuLmdUdT+qZWwaSe0nGIMiZJS9gv rVOjxqqvC9oHZrbpw2NKEKI0uOcdT6dVg4N8wA55mzuvdWa1fFFpe0eUjDwr6ISd1rdB XYtzWIbfbxpa0Ds/YkyfCtmdyCZ6pf5NVLAWuf76iRspyaYpyKC3wv+R59Zma3Vtg4re tILQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=oJbHiD6PnFCOELmx+1+cIp8pptxVRUD6yIKwL/p06vM=; fh=uR/zJ6bWpmHlgW6puRxESW668itiJLrwQ8AQrQKIqec=; b=uB0TxjfSAQaIA8ifV6oXafLH9huD5jKVZwwTjiK/jhB1VMAdTn5yy/3xYVQGxg/uXp iRkGsoPa/hlB2UAOWsMGXSZEbxGDeT81ud4ydvSiRE5ULNcHaB+ICmZsIqFJvuZ4NQet XYO9H6mLLx+JUsBL2ZvrCPt2U2uIsLOqgF6oAzUxbC37ge/flLDvHnR3uS5Qti6idHXV 6V387efdS92iFjkVCXaE7h9HjLeFeb/hD+/BwmmO80BJ+Hqu+s0Q1JOHneg6UxxhApwD LSy8UN4YhIrGhxcHO7ThaRwfivszVKhHSPeFYx+ZSmS4Xpu5gZKr4AkDN6Q7cWjBYNJc MJAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id a190-20020a6390c7000000b005ac50a019b2si11499122pge.766.2023.11.16.00.52.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 00:52:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id AB7B2801D5B4; Thu, 16 Nov 2023 00:52:45 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230215AbjKPIwh (ORCPT + 99 others); Thu, 16 Nov 2023 03:52:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229806AbjKPIwf (ORCPT ); Thu, 16 Nov 2023 03:52:35 -0500 Received: from out30-124.freemail.mail.aliyun.com (out30-124.freemail.mail.aliyun.com [115.124.30.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 374CC182; Thu, 16 Nov 2023 00:52:32 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0VwVkHLC_1700124749; Received: from 30.221.146.6(mailfrom:jefflexu@linux.alibaba.com fp:SMTPD_---0VwVkHLC_1700124749) by smtp.aliyun-inc.com; Thu, 16 Nov 2023 16:52:29 +0800 Message-ID: <345e0d5c-b01b-361d-fbb1-a0c6b093431e@linux.alibaba.com> Date: Thu, 16 Nov 2023 16:52:23 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH] fs: fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() Content-Language: en-US To: Hangyu Hua , miklos@szeredi.hu, vgoyal@redhat.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20231116075726.28634-1-hbh25y@gmail.com> From: Jingbo Xu In-Reply-To: <20231116075726.28634-1-hbh25y@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.7 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 16 Nov 2023 00:52:45 -0800 (PST) On 11/16/23 3:57 PM, Hangyu Hua wrote: > fuse_dax_conn_free() will be called when fuse_fill_super_common() fails > after fuse_dax_conn_alloc(). Then deactivate_locked_super() in > virtio_fs_get_tree() will call virtio_kill_sb() to release the discarded > superblock. This will call fuse_dax_conn_free() again in fuse_conn_put(), > resulting in a possible double free. > > Fixes: 1dd539577c42 ("virtiofs: add a mount option to enable dax") > Signed-off-by: Hangyu Hua Reviewed-by: Jingbo Xu > --- > fs/fuse/dax.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/fuse/dax.c b/fs/fuse/dax.c > index 23904a6a9a96..12ef91d170bb 100644 > --- a/fs/fuse/dax.c > +++ b/fs/fuse/dax.c > @@ -1222,6 +1222,7 @@ void fuse_dax_conn_free(struct fuse_conn *fc) > if (fc->dax) { > fuse_free_dax_mem_ranges(&fc->dax->free_ranges); > kfree(fc->dax); > + fc->dax = NULL; > } > } > -- Thanks, Jingbo