fuse: fix race conditions on fi->nlookup

Message ID	20240810034209.552795-1-yangyun50@huawei.com (mailing list archive)
State	New
Headers	show Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE2161802B; Sat, 10 Aug 2024 03:42:40 +0000 (UTC) From: yangyun <yangyun50@huawei.com> To: Miklos Szeredi <miklos@szeredi.hu> CC: <linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <lixiaokeng@huawei.com> Subject: [PATCH] fuse: fix race conditions on fi->nlookup Date: Sat, 10 Aug 2024 11:42:09 +0800 Message-ID: <20240810034209.552795-1-yangyun50@huawei.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	fuse: fix race conditions on fi->nlookup \| expand fuse: fix race conditions on fi->nlookup

Message ID

20240810034209.552795-1-yangyun50@huawei.com (mailing list archive)

State

New

Headers

From: yangyun <yangyun50@huawei.com>
To: Miklos Szeredi <miklos@szeredi.hu>
CC: <linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<lixiaokeng@huawei.com>
Subject: [PATCH] fuse: fix race conditions on fi->nlookup
Date: Sat, 10 Aug 2024 11:42:09 +0800
Message-ID: <20240810034209.552795-1-yangyun50@huawei.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

fuse: fix race conditions on fi->nlookup | expand

Commit Message

yangyun Aug. 10, 2024, 3:42 a.m. UTC

Lock on fi->nlookup is missed in fuse_fill_super_submount(). Add lock
on it to prevent race conditions.

Fixes: 1866d779d5d2 ("fuse: Allow fuse_fill_super_common() for submounts")
Cc: stable@vger.kernel.org
Signed-off-by: yangyun <yangyun50@huawei.com>
---
 fs/fuse/inode.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Bernd Schubert Aug. 13, 2024, 8:47 p.m. UTC | #1

On 8/10/24 05:42, yangyun wrote:
> Lock on fi->nlookup is missed in fuse_fill_super_submount(). Add lock
> on it to prevent race conditions.
> 
> Fixes: 1866d779d5d2 ("fuse: Allow fuse_fill_super_common() for submounts")
> Cc: stable@vger.kernel.org
> Signed-off-by: yangyun <yangyun50@huawei.com>
> ---
>  fs/fuse/inode.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 99e44ea7d875..2e220f245ceb 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1593,7 +1593,9 @@ static int fuse_fill_super_submount(struct super_block *sb,
>  	 * that, though, so undo it here.
>  	 */
>  	fi = get_fuse_inode(root);
> +	spin_lock(&fi->lock);
>  	fi->nlookup--;
> +	spin_unlock(&fi->lock);
>  
>  	sb->s_d_op = &fuse_dentry_operations;
>  	sb->s_root = d_make_root(root);

LGTM


Reviewed-by: Bernd Schubert <bschubert@ddn.com>

Miklos Szeredi Aug. 22, 2024, 3:17 p.m. UTC | #2

On Sat, 10 Aug 2024 at 05:42, yangyun <yangyun50@huawei.com> wrote:
>
> Lock on fi->nlookup is missed in fuse_fill_super_submount(). Add lock
> on it to prevent race conditions.

It's okay to do this without lockinghere, because this is a brand new
superblock and and a brand new root inode for that superblock, so
there's no possible access from outside this function.

So just a comment should suffice.

Thanks,
Miklos

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 99e44ea7d875..2e220f245ceb 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1593,7 +1593,9 @@  static int fuse_fill_super_submount(struct super_block *sb,
 	 * that, though, so undo it here.
 	 */
 	fi = get_fuse_inode(root);
+	spin_lock(&fi->lock);
 	fi->nlookup--;
+	spin_unlock(&fi->lock);
 
 	sb->s_d_op = &fuse_dentry_operations;
 	sb->s_root = d_make_root(root);

fuse: fix race conditions on fi->nlookup

Commit Message

Comments

Patch