Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp1679658rdb;
        Sat, 3 Feb 2024 18:14:48 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFX0M63ZxV8wj1XtkMuczOVlUNYsn3GVfVQtCUt2AU6u5T3THMGLWidJakZvYest4aTnhFy
X-Received: by 2002:a05:6359:4c0b:b0:178:950d:1175 with SMTP id kj11-20020a0563594c0b00b00178950d1175mr12666948rwc.13.1707012887749;
        Sat, 03 Feb 2024 18:14:47 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707012887; cv=pass;
        d=google.com; s=arc-20160816;
        b=NvVCQCivoBuc8S56RFs6/u+sCb2ac6IADERHfim3mWyStJ0Jjf+CbRCZGOaeKHiLax
         W9cJTNgMb89VsTgH5TFgFcTZpSuWfAiZkm7Ya6QRsCz9d9oJcpzWR4vVOz4PwjsaJ+8Q
         MXgijeyi6jbqW6EmlgBeopWedMsGbiM3aAWqfB9jKe/I0KjeGGELRU4qv0P6WK2WmICG
         BMslYEETxqeirfZyAmJolnaPxjgN2u8RYf9oDwiLslcOmJy0bgUyOBvmUr68lTEMYqoF
         25a46Y7qU9Gz9vcJsQ4Im80fT0buSlp+QN3n4hQ5zfdUrQgImeX947CwfjXHvn7DSxBY
         5mQQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=sender:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:subject:cc:to:from
         :date:dkim-signature;
        bh=ZuR11fBjLGQWXEZ1T0kl/SRe7MKQ+YGDCG8pAWsXzfw=;
        fh=CzPMFynr/1EgG+2Nnl11hz8t2bOzfx8gn04w/7fXwB8=;
        b=M3kZYSZvzYgR0MjfrIyHIvw3XCESjaFjgm4tnvMMDJkSu3A2CvL0WFi2niq6kSdna7
         wa6hvep3kudSuxhKEt9CRZNgazHAAAX6U9Lsor57MxXseHwb+1QmEE35hW9qBC4JCt+H
         cqKGSVn9hCdZ82FwFoLPp2jfhjRDi8qsWSUGXDrmD6GhCWn3c+zkJUY73kf5/ZrI9GTf
         43+a7FnU5sCY1Ga+zuLpg0vciuaSzPPuWETpT+L0t7MKq3kh8ap5fQR/3JKuDPjfToJ3
         UJjZ1PX1WaTWbI2DRuac2qkXuo5xMM9H3xmvODB91iG0GSf2B//+kT8jomR8xrxfxLHI
         afdA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=gY2nsqug;
       arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk);
       spf=pass (google.com: domain of linux-nfs+bounces-1732-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-nfs+bounces-1732-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk
X-Forwarded-Encrypted: i=1; AJvYcCW/LQKj5pzPypxeQXlYhrmGqT0hgr9YMZrbItiy7xudZPI3hZBMcKX5fAqkSRQT59tMC+uf621K/gDiwY6v1kaY33U7YP9UdvbWigQWwQ==
Return-Path: <linux-nfs+bounces-1732-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id h70-20020a636c49000000b005d8e2f778c7si3734840pgc.294.2024.02.03.18.14.47
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 03 Feb 2024 18:14:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-nfs+bounces-1732-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=gY2nsqug;
       arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk);
       spf=pass (google.com: domain of linux-nfs+bounces-1732-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-nfs+bounces-1732-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 540DF285021
	for <linux.lists.archive@gmail.com>; Sun,  4 Feb 2024 02:14:47 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id AB64FEDE;
	Sun,  4 Feb 2024 02:14:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b="gY2nsqug"
X-Original-To: linux-nfs@vger.kernel.org
Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [62.89.141.173])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2CB3B10E9;
	Sun,  4 Feb 2024 02:14:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.89.141.173
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1707012882; cv=none; b=pJoM1gPcN8cgvvzcrtvu8gKPcUHf6XPZwEHejHBj4vVhvN5mSxfsDa3zoSnp1ad9A3LQ0Ju+799yS91ByTeAD90GaDvjnGHADHZCI7BWoKKi6IbRl/6rI3wH0BMEBoVlJZ6BKbEC2odKKK5xAd9xY7k6S+iO5AG/Ubc3zs5FKcc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1707012882; c=relaxed/simple;
	bh=iw2JbmP3n4xThPeqMrHzCJB0Mvrs4t2jpGYi+wwN+WU=;
	h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
	 Content-Disposition; b=MULp5ma9UId3+J6aq9H2mhuISdFei9xDR8AtyQWqCQMn7kgaXopkeLcib3f2U/pwCcboOMT+Fk1i+ECwAiGcrLMWKaSoqh+epXK3i8cWygk09DoneXKfI0A6YzQjpjIkLnEBH6G2Ux73hWYIrdpDhBYqXxeUq7C4MEiMhFOWgdc=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk; spf=none smtp.mailfrom=ftp.linux.org.uk; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b=gY2nsqug; arc=none smtp.client-ip=62.89.141.173
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=ftp.linux.org.uk
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=linux.org.uk; s=zeniv-20220401; h=Sender:Content-Type:MIME-Version:
	Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-Transfer-Encoding:
	Content-ID:Content-Description:In-Reply-To:References;
	bh=ZuR11fBjLGQWXEZ1T0kl/SRe7MKQ+YGDCG8pAWsXzfw=; b=gY2nsqug5SELFzl+lMzL51GyNX
	CKCAQzK7tt8Z3+31QSKXylEuMKQZBOhYIAY9afAwnrNXEZefdhyrFAh8YcfQmMayiSKIRBlDjL55v
	xCUQCjLoEC+K552+nMqZwnuGPLufR0mEZdrOhsv6fI05+aYlncxBFYJvsObOR82PBTEKQC/ihp3O2
	8cEE5yCXkB9MYNvTRP/GSLbuRHN6ew5t2q2j6QeEOrZ0TsorjHYLF5Snkt+uFITta4oTdSfEAvo1Z
	kmmIMlB7Al17Rnis5j9qs85bBKC4XJ+SJFSze1pRd3a9idtph/UMSkEDLCYJVguhRSQgMR66VtlHG
	iER0Iy5w==;
Received: from viro by zeniv.linux.org.uk with local (Exim 4.96 #2 (Red Hat Linux))
	id 1rWS1k-004r7D-1R;
	Sun, 04 Feb 2024 02:14:36 +0000
Date: Sun, 4 Feb 2024 02:14:36 +0000
From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Christian Brauner <brauner@kernel.org>, linux-ext4@vger.kernel.org,
	linux-nfs@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
	linux-cifs@vger.kernel.org
Subject: [PATCHES] RCU pathwalk race fixes
Message-ID: <20240204021436.GH2087318@ZenIV>
Precedence: bulk
X-Mailing-List: linux-nfs@vger.kernel.org
List-Id: <linux-nfs.vger.kernel.org>
List-Subscribe: <mailto:linux-nfs+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-nfs+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: Al Viro <viro@ftp.linux.org.uk>

	We still have some races in filesystem methods when exposed
to RCU pathwalk.  The series below is a result of code audit (the
second round of it) and it should deal with most of that stuff.
Exceptions: ntfs3 ->d_hash()/->d_compare() and ceph_d_revalidate().
Up to maintainers (a note for NTFS folks - when documentation says
that a method may not block, it *does* imply that blocking allocations
are to be avoided.  Really).

	Branch is 6.8-rc1-based; it lives in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git fixes.pathwalk-rcu

Individual patches are in followups; ditto for code audit notes.  Beginning
of the latter should probably be converted into docs; if anyone is willing
to help with such conversion, please say so - I'll be glad to answer any
questions, etc.

If somebody wants to grab bits and pieces of that series into individual
filesystem git trees, please say so.  Same for any problems spotted in
the patches, obviously.  If nothing shows up, that goes into #fixes and
into mainline.

Shortlog:
      fs/super.c: don't drop ->s_user_ns until we free struct super_block itself
      rcu pathwalk: prevent bogus hard errors from may_lookup()
      affs: free affs_sb_info with kfree_rcu()
      exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper
      hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info
      afs: fix __afs_break_callback() / afs_drop_open_mmap() race
      nfs: make nfs_set_verifier() safe for use in RCU pathwalk
      nfs: fix UAF on pathwalk running into umount
      procfs: move dropping pde and pid from ->evict_inode() to ->free_inode()
      procfs: make freeing proc_fs_info rcu-delayed
      fuse: fix UAF in rcu pathwalks
      cifs_get_link(): bail out in unsafe case
      ext4_get_link(): fix breakage in RCU mode

Diffstat:
 fs/affs/affs.h            |  1 +
 fs/affs/super.c           |  2 +-
 fs/afs/file.c             |  8 ++++++--
 fs/exfat/exfat_fs.h       |  1 +
 fs/exfat/nls.c            | 14 ++++----------
 fs/exfat/super.c          | 20 +++++++++++---------
 fs/ext4/symlink.c         |  8 +++++---
 fs/fuse/cuse.c            |  3 +--
 fs/fuse/fuse_i.h          |  1 +
 fs/fuse/inode.c           | 15 +++++++++++----
 fs/hfsplus/hfsplus_fs.h   |  1 +
 fs/hfsplus/super.c        | 12 +++++++++---
 fs/namei.c                |  6 +++++-
 fs/nfs/client.c           | 13 ++++++++++---
 fs/nfs/dir.c              |  4 ++--
 fs/proc/base.c            |  2 --
 fs/proc/inode.c           | 19 ++++++++-----------
 fs/proc/root.c            |  2 +-
 fs/smb/client/cifsfs.c    |  3 +++
 fs/super.c                | 13 ++++---------
 include/linux/nfs_fs_sb.h |  2 ++
 include/linux/proc_fs.h   |  1 +
 22 files changed, 88 insertions(+), 63 deletions(-)