Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp103067lqp; Tue, 21 May 2024 20:51:02 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUCq/aUDZmYoDSEGKmC6Dhjj9XU2lgCsSSUN6rTuJ0HHYFQnfSoTMBFqHsJ1wI4K+Tvg7HinXeeyTx9HnzAmXAiKnShthOAi7tq/JEhzw== X-Google-Smtp-Source: AGHT+IHVQmpD0pYAbLdlHzFzXDmHKjez0f8RRngOSuZN9bULCbPh6oPho6yEhjII3EJnLQ6vMcl6 X-Received: by 2002:a05:6512:4c2:b0:520:b0fe:653f with SMTP id 2adb3069b0e04-526c1215a60mr404501e87.67.1716349861879; Tue, 21 May 2024 20:51:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716349861; cv=pass; d=google.com; s=arc-20160816; b=twG9WGD2KmZ44pcTBG/ZOpugC8lpcySsc3EWlWurFPtI/z11p03Lr2nKCeLoI6XpWR 088eYkCKPt+/YCErqB0TLgrYsXr815mIQa32lfaLr36UImxC5PBKsLDMX7rs90En+nRJ VTJco/nEx6TOG+yEM2aqX7122EN3k9sYeWA/5Ng+4L70VlGuyRLTVdEB9S1LkanSw4RA +RFDnn8kAWPfadwD5ELHjRLPh7deqxA1uv4DU/wtwLkq6NGHcYXTVyCAMKSFnQRUw8vD 6lk9ZO3YLjBlgMtvHBzFwgbT27YNIfuvrUOtNkbDuw7BylTsyBIvKN3d7zZNRxqQKTWG nPhg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=OAMLvYhw1CKG+WM3zsRjLIdm0AWydHVZA22RTGPsIbE=; fh=dfpuzL54LAMf7GQmHoqmub+qZCPWKUPNTVFHnj8Vxqk=; b=yBtCGQW6V9H/3a7JT+mNKJh69fq6R9zXOK8dC45MVK98lpf56hSkzr7fZGebHhxJ+Z 1lqrZWOADCAh7Z+R/7xwOJhU8qLSQKcdkooaJlDkWe6/jQpVa6Bn5bDPT1tgx+xR5Rxm 6bZj58Jt+CxtoE9mm6gBje1qRZqV9b2Pnpz2hFFqeKY8HZaFVYUMrZzfKCyJcV4H/dQt 6S9o64IASxZB8UADH9OcigWxZ9LgFoKGK9jZ6f+1XtuXORZCAWnzFWlyACx4aF3QqQ5e jejTGlzJRr+op6TfbAXgqghwpdkbsSGOKK9vodzxzfO/ZXFlRrhCfiq7n5Hhy3FNP72u TwFw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-185737-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185737-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5733c2d56d6si14259697a12.301.2024.05.21.20.51.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 20:51:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-185737-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-185737-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185737-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 905111F23482 for ; Wed, 22 May 2024 03:51:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 261A47BAE7; Wed, 22 May 2024 03:50:06 +0000 (UTC) Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA1127710C; Wed, 22 May 2024 03:50:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716349805; cv=none; b=oz5uE5keIO6Vx9Ff/G+AHmJJ8M7kpJktfP3Zwgngxw/DN/YNWbU7C5vtM+qG7jWdlRTgDvhLxNOSV/jbuaGjd7b5gJVhpIdpbvf7kHshBEXBC7FBi3ocfopP1wmA2W1hCf+5LaTf8toL3sYgrmfkGrIB2wtNM3rABkLbyxu02lE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716349805; c=relaxed/simple; bh=WMP43Nhkjw6tr3NT+HpRSczoh3A+6E4rMITc5OlgyjQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=rDh2tKEA3VutieqBgYXhbiWR+ga3cAoGfBla9DRYK/0GU2GbohSwfFsVdmTU6ZOmCrCFP3VYJQ1lhKWQ0NLkveZ+4HYs39NPGbsWZjmRSNU+dwaOdCC5tzdm8vjeyCrjeo7ZZMQiuRzaXKr2hLLweOW6yttPlLz26Q/LCopQBf8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Vkckk1wd5z4f3m7G; Wed, 22 May 2024 11:49:50 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.112]) by mail.maildlp.com (Postfix) with ESMTP id B69571A016E; Wed, 22 May 2024 11:50:00 +0800 (CST) Received: from huaweicloud.com (unknown [10.175.104.67]) by APP1 (Coremail) with SMTP id cCh0CgBHGBFea01mxlBXNQ--.57627S14; Wed, 22 May 2024 11:50:00 +0800 (CST) From: libaokun@huaweicloud.com To: netfs@lists.linux.dev, dhowells@redhat.com, jlayton@kernel.org Cc: hsiangkao@linux.alibaba.com, jefflexu@linux.alibaba.com, zhujia.zj@bytedance.com, linux-erofs@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, libaokun@huaweicloud.com, yangerkun@huawei.com, houtao1@huawei.com, yukuai3@huawei.com, wozizhi@huawei.com, Baokun Li Subject: [PATCH v3 10/12] cachefiles: Set object to close if ondemand_id < 0 in copen Date: Wed, 22 May 2024 19:43:06 +0800 Message-Id: <20240522114308.2402121-11-libaokun@huaweicloud.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240522114308.2402121-1-libaokun@huaweicloud.com> References: <20240522114308.2402121-1-libaokun@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:cCh0CgBHGBFea01mxlBXNQ--.57627S14 X-Coremail-Antispam: 1UD129KBjvJXoW7Zry8Wry8Jr4Utr4xtr4UCFg_yoW8ZrWDpF WakFW3Kry8Wr129r97Jw1kA3y8C3ykZFnxWrZIq348Arn8Xrn5Zr1Utr1UZF1UZ3yftr43 Jr18Kr9Iga4qy3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUQS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2jI8I6cxK62vIxIIY0VWUZVW8XwA2048vs2IY02 0E87I2jVAFwI0_JF0E3s1l82xGYIkIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0 rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6x IIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xv wVC2z280aVCY1x0267AKxVW0oVCq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFc xC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_ Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2 IErcIFxwACI402YVCY1x02628vn2kIc2xKxwAKzVCY07xG64k0F24l42xK82IYc2Ij64vI r41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8Gjc xK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0 cI8IcVAFwI0_Gr0_Xr1lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4UJVWxJr1lIxAIcVCF04 k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r4j6F4UMIIF0xvEx4A2jsIEc7Cj xVAFwI0_Gr1j6F4UJbIYCTnIWIevJa73UjIFyTuYvjTRupB-UUUUU X-CM-SenderInfo: 5olet0hnxqqx5xdzvxpfor3voofrz/ From: Zizhi Wo If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the object is set to reopen, the open request will be done with the still reopen state in above case. As a result, the request corresponding to this object is always skipped in select_req function, so the read request is never completed and blocks other process. Fix this issue by simply set object to close if its id < 0 in copen. Signed-off-by: Zizhi Wo Signed-off-by: Baokun Li Acked-by: Jeff Layton Reviewed-by: Jia Zhu --- fs/cachefiles/ondemand.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c index 6f815e7c5086..922cab1a314b 100644 --- a/fs/cachefiles/ondemand.c +++ b/fs/cachefiles/ondemand.c @@ -182,6 +182,7 @@ int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) xas_store(&xas, NULL); xa_unlock(&cache->reqs); + info = req->object->ondemand; /* fail OPEN request if copen format is invalid */ ret = kstrtol(psize, 0, &size); if (ret) { @@ -201,7 +202,6 @@ int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) goto out; } - info = req->object->ondemand; spin_lock(&info->lock); /* * The anonymous fd was closed before copen ? Fail the request. @@ -241,6 +241,11 @@ int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) wake_up_all(&cache->daemon_pollwq); out: + spin_lock(&info->lock); + /* Need to set object close to avoid reopen status continuing */ + if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) + cachefiles_ondemand_set_object_close(req->object); + spin_unlock(&info->lock); complete(&req->done); return ret; } -- 2.39.2