| Message ID | 153131984019.24777.15284245961241666054.stgit@localhost.localdomain (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Kirill Tkhai <ktkhai@virtuozzo.com> wrote: > diff --git a/fs/super.c b/fs/super.c > index 13647d4fd262..47a819f1a300 100644 > --- a/fs/super.c > +++ b/fs/super.c > @@ -551,7 +551,7 @@ struct super_block *sget_fc(struct fs_context *fc, > hlist_add_head(&s->s_instances, &s->s_type->fs_supers); > spin_unlock(&sb_lock); > get_filesystem(s->s_type); > - register_shrinker(&s->s_shrink); > + register_shrinker_prepared(&s->shrinker); > return s; > } > EXPORT_SYMBOL(sget_fc); > I already folded in a fix from Eric for this, but Al hasn't pulled the updated tree yet. David
On 7/11/2018 10:37 PM, Kirill Tkhai Wrote: > Hi, > > I'm observing "KASAN: use-after-free Read in shrink_slab" on recent > linux-next in the code I've added: > > https://syzkaller.appspot.com/bug?id=91767fc6346a4b9e0309a8cd7e2f356c434450b9 > > It seems to be not related to my patchset, since there is > a problem with double preallocation of shrinker. We should > use register_shrinker_prepared() in sget_fc(), since shrinker > is already allocated in alloc_super(). > > Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> > --- > fs/super.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/super.c b/fs/super.c > index 13647d4fd262..47a819f1a300 100644 > --- a/fs/super.c > +++ b/fs/super.c > @@ -551,7 +551,7 @@ struct super_block *sget_fc(struct fs_context *fc, > hlist_add_head(&s->s_instances, &s->s_type->fs_supers); > spin_unlock(&sb_lock); > get_filesystem(s->s_type); > - register_shrinker(&s->s_shrink); > + register_shrinker_prepared(&s->shrinker); should be &s->shrink here ?
diff --git a/fs/super.c b/fs/super.c index 13647d4fd262..47a819f1a300 100644 --- a/fs/super.c +++ b/fs/super.c @@ -551,7 +551,7 @@ struct super_block *sget_fc(struct fs_context *fc, hlist_add_head(&s->s_instances, &s->s_type->fs_supers); spin_unlock(&sb_lock); get_filesystem(s->s_type); - register_shrinker(&s->s_shrink); + register_shrinker_prepared(&s->shrinker); return s; } EXPORT_SYMBOL(sget_fc);
Hi, I'm observing "KASAN: use-after-free Read in shrink_slab" on recent linux-next in the code I've added: https://syzkaller.appspot.com/bug?id=91767fc6346a4b9e0309a8cd7e2f356c434450b9 It seems to be not related to my patchset, since there is a problem with double preallocation of shrinker. We should use register_shrinker_prepared() in sget_fc(), since shrinker is already allocated in alloc_super(). Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> --- fs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)