Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp1581593lqs; Sat, 15 Jun 2024 16:13:34 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXp52PAKQAkaR+/WG66H66vSW29kZliii1HzaZC+y6cGUyfIYu8NB5vG9TuY5oFsQr7GRUfekOylFsWd94Y9KNzXWuaD/ZDK/0y/hPPfA== X-Google-Smtp-Source: AGHT+IEieMPOckNjxYwj3W3vvZ69LFSnVgwn4ymnNTvppN5K14AHhmbzOiz3PQ6Q9W+eVhnZKgFR X-Received: by 2002:a0c:aa4a:0:b0:6b0:7485:71ac with SMTP id 6a1803df08f44-6b2afcf4434mr62742216d6.38.1718493213966; Sat, 15 Jun 2024 16:13:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718493213; cv=pass; d=google.com; s=arc-20160816; b=uP4r700FDN8P/NpGhSC8Eq1OUNSlqpNRS8ockPgOpbfou9o0UBeF08gO+AfOxwQ4VN eiF5aBtThSxWSzvgLCATlJ2vRtHWEcQbI04wY79VFhLSIjf2mXKoWN7JbGa7fB8Agn1d wweHmzVvROaESdQv8mdkXzzPfXXKSs8+T6uD3x4FmZfOoa88xl18aMjqZzmPsk8uVzcx cUOJgqOtLF5H6rTnt8iQYL6hhHMWMKTnl8spHnp+Ubdu5rD2bJORYD21uRwvp1MaA0zl 4Kt7oja324MNcooCZxUfUXtQSjl6k9Da916zAVntYAbsigOvV+k0/tK6ahA/UzdBRytl Q6+g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=WaPuINruPrEbczAsN4nNbVt86EXEyxm4Imad5SheDtA=; fh=GAyf613RMqpUh8fTJPOJpqUmrN3LCAWfmaEm2nSyHho=; b=0Dxp9aLY+/anE2A2tKvf7muGaGcdsAiOWbIkF1jSz0bhirLTwm7SCSfps5+QI6tYKu EMFQVlWrbk83LGSZIEi8schSg8EOJCE2AcCDbR7+C/e7o3/fcHSzN62d04KUYb6CsDN3 7QWAODeYnGO+8orYt0ELgq02Wk0zRe5K4VWd7J77PraYLbUZZGdxa5nXkvm0f9dVl41u cyaf+kF3TbSszZgGeiIlm1CmcBekC9zLIa9z98utxH71jd/IejKFNHhwlY9yS+yPiGxf DWebTk/wvsfZ3oTfYvb5HP+A6S2eKmO5oLbzQIhLpVTtrIQ0X5rCkT9Vt2FVaTOzs6Y/ LGVw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b="U/HIHWAW"; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-216012-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-216012-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id 6a1803df08f44-6b2a5afd518si69842596d6.196.2024.06.15.16.13.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Jun 2024 16:13:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-216012-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b="U/HIHWAW"; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-216012-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-216012-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id A4F991C215BB for ; Sat, 15 Jun 2024 20:45:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C776A61FF4; Sat, 15 Jun 2024 20:45:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="U/HIHWAW" Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3C6061FCF; Sat, 15 Jun 2024 20:45:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.50.34 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718484307; cv=none; b=qMmeVzleFIyrNe+1RhAgU5+w1ZKDS5bQYiEQU251pAVl6MtjSvCCVx4/mGojtCkl0+MYJ6lQGHHekKsJbr3T2vK/QQUhuutj8lICqtQoL5j9sHATYMGTGwEXMIfBxOFwXC8/9ysCnHg2pqvWWZYpo0jjjLeNT5LkPWsa8nEYu5o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718484307; c=relaxed/simple; bh=DEVpenWNdYzHyjqnsFXgj6XBhbqkz9f5UZJs7nNICsM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=I3P2zF59xJFzPwWuZlxdvyt7EQlNPUTmQUpEfNPzUT6SzNhYEnIMJjSaU0DG0KTRB/5tAkZ1W89eTigJWs1aaKK8DNSOQ21DocUSxaQ/t8tcvts6FFry8UPvzPIa5lzQzPTsZK8g2tjcH2ZrJ4d80cg4jRnyaZKk1hny1ced9j0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=U/HIHWAW; arc=none smtp.client-ip=90.155.50.34 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=WaPuINruPrEbczAsN4nNbVt86EXEyxm4Imad5SheDtA=; b=U/HIHWAWyhIiTs2klJKtzK3mcU Vx8EvFuExFMnFf7f4N5hLI0y3aIjVEK8U8aDBzzhkRL3SvYTCBaAx0/NiOWzk5jOGjKLPIv133Y0B mwOrFyCUc0KL006bY7/gVHwDSjkD9yuSs5b4f6aUOOeNXwiE89QqUaNlethzFilH3thV6Ll6vDcQe pSLCEwEHUdIDa3dVsBxZ9bOC5nDHkhHvQeCuwyEQ/8bwvWRxcZizRC8/So9KImywubLBQP6jyDWDj KbDiUXJiEBcAkhJX99Ptich0GeGk85jNJIDlKgZZWuwkXwhkC8hn97MEV4mMEhMiFuSX2fraCUW1h /lGV/dzg==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1sIaGc-00000000Yfr-28Gl; Sat, 15 Jun 2024 20:44:54 +0000 Date: Sat, 15 Jun 2024 21:44:54 +0100 From: Matthew Wilcox To: Hillf Danton Cc: linux-mm@kvack.org, Jan Kara , linux-kernel@vger.kernel.org, syzbot+d79afb004be235636ee8@syzkaller.appspotmail.com, linux-fsdevel@vger.kernel.org, linux-nilfs@vger.kernel.org, Ryusuke Konishi Subject: Re: [RFC PATCH] mm: truncate: flush lru cache for evicted inode Message-ID: References: <20240614235953.809-1-hdanton@sina.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240614235953.809-1-hdanton@sina.com> On Sat, Jun 15, 2024 at 07:59:53AM +0800, Hillf Danton wrote: > On Fri, 14 Jun 2024 14:42:20 +0100 Matthew Wilcox wrote: > > On Fri, Jun 14, 2024 at 09:18:56PM +0800, Hillf Danton wrote: > > > Flush lru cache to avoid folio->mapping uaf in case of inode teardown. > > > > What? inodes are supposed to have all their folios removed before > > being freed. Part of removing a folio sets the folio->mapping to NULL. > > Where is the report? > > > Subject: Re: [syzbot] [nilfs?] [mm?] KASAN: slab-use-after-free Read in lru_add_fn > https://lore.kernel.org/lkml/000000000000cae276061aa12d5e@google.com/ Thanks. This fix is wrong. Of course syzbot says it fixes the problem, but you're just avoiding putting the folios into the situation where we have debug that would detect the problem. I suspect this would trigger: +++ b/fs/inode.c @@ -282,6 +282,7 @@ static struct inode *alloc_inode(struct super_block *sb) void __destroy_inode(struct inode *inode) { BUG_ON(inode_has_buffers(inode)); + BUG_ON(inode->i_data.nrpages); inode_detach_wb(inode); security_inode_free(inode); fsnotify_inode_delete(inode); and what a real fix would look like would be calling clear_inode() before calling iput() in nilfs_put_root(). But I'm not an expert in this layer of the VFS, so I might well be wrong.