| Message ID | 9872f991-56a8-4915-b9b0-53accd6db0ef@moroto.mountain (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | netfs, fscache: Prevent Oops in fscache_put_cache() | expand |
Dan Carpenter <dan.carpenter@linaro.org> wrote: > zero = __refcount_dec_and_test(&cache->ref, &ref); > - trace_fscache_cache(debug_id, ref - 1, where); > + trace_fscache_cache(cache->debug_id, ref - 1, where); You can't do that if !zero. cache may be deallocated between the two lines. David
On Wed, Jan 10, 2024 at 07:01:40PM +0000, David Howells wrote: > Dan Carpenter <dan.carpenter@linaro.org> wrote: > > > zero = __refcount_dec_and_test(&cache->ref, &ref); > > - trace_fscache_cache(debug_id, ref - 1, where); > > + trace_fscache_cache(cache->debug_id, ref - 1, where); > > You can't do that if !zero. cache may be deallocated between the two lines. Ah... Right. I misread what was going on in the latter part of the function. Sorry, I'll resend. regards, dan carpenter
diff --git a/fs/netfs/fscache_cache.c b/fs/netfs/fscache_cache.c index d645f8b302a2..f0722cc2eae5 100644 --- a/fs/netfs/fscache_cache.c +++ b/fs/netfs/fscache_cache.c @@ -179,7 +179,6 @@ EXPORT_SYMBOL(fscache_acquire_cache); void fscache_put_cache(struct fscache_cache *cache, enum fscache_cache_trace where) { - unsigned int debug_id = cache->debug_id; bool zero; int ref; @@ -187,7 +186,7 @@ void fscache_put_cache(struct fscache_cache *cache, return; zero = __refcount_dec_and_test(&cache->ref, &ref); - trace_fscache_cache(debug_id, ref - 1, where); + trace_fscache_cache(cache->debug_id, ref - 1, where); if (zero) { down_write(&fscache_addremove_sem);
This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Check first, then dereference. Fixes: 9549332df4ed ("fscache: Implement cache registration") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- fs/netfs/fscache_cache.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)