• Christian Brauner's avatar
    Merge patch series "cachefiles: random bugfixes" · eeb17984
    Christian Brauner authored
    libaokun@huaweicloud.com <libaokun@huaweicloud.com> says:
    
    This is the third version of this patch series, in which another patch set
    is subsumed into this one to avoid confusing the two patch sets.
    (https://patchwork.kernel.org/project/linux-fsdevel/list/?series=854914)
    
    We've been testing ondemand mode for cachefiles since January, and we're
    almost done. We hit a lot of issues during the testing period, and this
    patch series fixes some of the issues. The patches have passed internal
    testing without regression.
    
    The following is a brief overview of the patches, see the patches for
    more details.
    
    Patch 1-2: Add fscache_try_get_volume() helper function to avoid
    fscache_volume use-after-free on cache withdrawal.
    
    Patch 3: Fix cachefiles_lookup_cookie() and cachefiles_withdraw_cache()
    concurrency causing cachefiles_volume use-after-free.
    
    Patch 4: Propagate error codes returned by vfs_getxattr() to avoid
    endless loops.
    
    Patch 5-7: A read request waiting for reopen could be closed maliciously
    before the reopen worker is executing or waiting to be scheduled. So
    ondemand_object_worker() may be called after the info and object and even
    the cache have been freed and trigger use-after-free. So use
    cancel_work_sync() in cachefiles_ondemand_clean_object() to cancel the
    reopen worker or wait for it to finish. Since it makes no sense to wait
    for the daemon to complete the reopen request, to avoid this pointless
    operation blocking cancel_work_sync(), Patch 1 avoids request generation
    by the DROPPING state when the request has not been sent, and Patch 2
    flushes the requests of the current object before cancel_work_sync().
    
    Patch 8: Cyclic allocation of msg_id to avoid msg_id reuse misleading
    the daemon to cause hung.
    
    Patch 9: Hold xas_lock during polling to avoid dereferencing reqs causing
    use-after-free. This issue was triggered frequently in our tests, and we
    found that anolis 5.10 had fixed it. So to avoid failing the test, this
    patch is pushed upstream as well.
    
    Baokun Li (7):
      netfs, fscache: export fscache_put_volume() and add
        fscache_try_get_volume()
      cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
      cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
      cachefiles: propagate errors from vfs_getxattr() to avoid infinite
        loop
      cachefiles: stop sending new request when dropping object
      cachefiles: cancel all requests for the object that is being dropped
      cachefiles: cyclic allocation of msg_id to avoid reuse
    
    Hou Tao (1):
      cachefiles: wait for ondemand_object_worker to finish when dropping
        object
    
    Jingbo Xu (1):
      cachefiles: add missing lock protection when polling
    
     fs/cachefiles/cache.c          | 45 ++++++++++++++++++++++++++++-
     fs/cachefiles/daemon.c         |  4 +--
     fs/cachefiles/internal.h       |  3 ++
     fs/cachefiles/ondemand.c       | 52 ++++++++++++++++++++++++++++++----
     fs/cachefiles/volume.c         |  1 -
     fs/cachefiles/xattr.c          |  5 +++-
     fs/netfs/fscache_volume.c      | 14 +++++++++
     fs/netfs/internal.h            |  2 --
     include/linux/fscache-cache.h  |  6 ++++
     include/trace/events/fscache.h |  4 +++
     10 files changed, 123 insertions(+), 13 deletions(-)
    
    Link: https://lore.kernel.org/r/20240628062930.2467993-1-libaokun@huaweicloud.comSigned-off-by: default avatarChristian Brauner <brauner@kernel.org>
    eeb17984
internal.h 16.5 KB