From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C952C47DD9 for ; Mon, 22 Jan 2024 15:27:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A11236B007E; Mon, 22 Jan 2024 10:27:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 999BD6B0080; Mon, 22 Jan 2024 10:27:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83B986B0082; Mon, 22 Jan 2024 10:27:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 6D3856B007E for ; Mon, 22 Jan 2024 10:27:44 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E2A331209EA for ; Mon, 22 Jan 2024 15:27:43 +0000 (UTC) X-FDA: 81707326806.24.0D71E48 Received: from out30-131.freemail.mail.aliyun.com (out30-131.freemail.mail.aliyun.com [115.124.30.131]) by imf05.hostedemail.com (Postfix) with ESMTP id CF1AD10000D for ; Mon, 22 Jan 2024 15:27:40 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=alibaba.com; spf=pass (imf05.hostedemail.com: domain of hsiangkao@linux.alibaba.com designates 115.124.30.131 as permitted sender) smtp.mailfrom=hsiangkao@linux.alibaba.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705937262; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nB53VEo9kZAqja4aEhYjcN2KMhePvFAsm7+Ysuuv8Gc=; b=sGzycy0zSpCbnrr2uJ1+G8BMGUI29Otfn2/LGtC4tReM6qLO6uX49520sBYtebr6kzOmVB i3al9ro1rj30IxkgNIl8pHR56bBUf91AOkRBZZ176UstFxcsQ9r41pCjGURNdwXBdPIupC 42SxuNnYiLYzi+9AdJNQ7ewCcT18VKU= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=alibaba.com; spf=pass (imf05.hostedemail.com: domain of hsiangkao@linux.alibaba.com designates 115.124.30.131 as permitted sender) smtp.mailfrom=hsiangkao@linux.alibaba.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705937262; a=rsa-sha256; cv=none; b=3NNiVxlpIVyKi59ljBcCJWinnEAb+2Mao7lfjsR8cqZEFyrjJr2UNv1RpHsj5pefs6i1IF ICya+2C9Z4zgdCbsdkHO1UAaRj0BJJWBuamhLFu5rhOmtSjS2vQhMCQrNzqk2kOgohQJtk pQ1XEMccv8OtwrSQb8CI8+4duMonRLs= X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R411e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046056;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=19;SR=0;TI=SMTPD_---0W.9olfy_1705937254; Received: from 30.25.251.50(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0W.9olfy_1705937254) by smtp.aliyun-inc.com; Mon, 22 Jan 2024 23:27:37 +0800 Message-ID: Date: Mon, 22 Jan 2024 23:27:34 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 06/10] cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode To: David Howells , Christian Brauner Cc: Jeff Layton , Matthew Wilcox , netfs@lists.linux.dev, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-erofs@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Marc Dionne , Gao Xiang , Chao Yu , Yue Hu , Jeffle Xu References: <20240122123845.3822570-1-dhowells@redhat.com> <20240122123845.3822570-7-dhowells@redhat.com> From: Gao Xiang In-Reply-To: <20240122123845.3822570-7-dhowells@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: CF1AD10000D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: yz6p1nxmn5c4hhc33z9uhnn3phisduyy X-HE-Tag: 1705937260-907384 X-HE-Meta: U2FsdGVkX1802LIywOy33qlxRP9C9ZUVrDxQ2PpcA+1hFe4cq1HH6A3rkAoYUsJ2XtWkffnrboTCzmBcBHNNfYhKtnqdVqWzP3+FOC5DgVVkAHlh6gi1FvfyUp6bfpehFjCkZq7j0i0PTfIW/KMAraEpbX4bGFz0oxIV3QTSRwqJn/RtICE5miFzgc+71gWpik2VMwSRTHBHEziSgS4ZojbWXtqBAlhg5QhYoCezaY/3J+v/NYToEZuq5i6GFoVde9w4gMbbLN5rtbWcq98/amHS0dF3YE6aSOZsuuoF0SUn6QvA5mcKIr37f0chC4Cq4N05K2hs6tRqWiTACEnBquCaMrvZb1e8HPh8c4qHXSpFMu2+z2awG3VY/DZfRWOBcmL8leC6Lf4a2H34xKawFH5ULWlDOiRGWkaNW2iMGbY8U+xtzEHdRqgE2el7/fRiRZc7rHARba3Q0JRE1/nJBWSRPmehbrDYI9WYJ4UUy9ncVeuBrSQqz3HkVb1muh5/elumumy3U0AhZ51Nnhxw+c6c3+FZaiRJeBwJQaMhC/cfL9CPInaqF5OaUjxKIOEHjyLMdSRRKEuhuFDMJ0aLYGgiFQykhFite/AgQix9uyTiLR0btFmkEyZtzp2uQ1SmWjUCvOtG6mycz/AWhSYXTPhK5wBj236rSaHXfhb2Zgf3wy6SL3u5fR+DYYr1fM/EMt5gwTGZdoB+x/1L4n8sk0exjb6LU6Ga6p7QYzfSfEE+YChB8i8nWMdylDq/qeqL2HWl4i/DTyQ+7Ew7uLxSbzGK162JHxnEQxpNi6L8ngOoW+38/iJaHGXFPoVdJhhqBq4bXZvHLpzXjHrD6HRuARjbx4hmQhp08h02XoMR42+T/ih+gNWd4/h1Wqq8T8xtKolNVzQjMgJAAvmOM5eHycXiNJl5XJB3vgObyekOhZ1I6Uc1kBmn7h73vGoS8gMwGMtA3inJ9KCtRUi/PNr DvZt3kjd gGqOBfAMeU3oAuPSCbeUrHHp0C/Ff34Hmljs5y3UoRc+TKWnWi41fNdYh6IGDuwzHfAdwYFmQZ+7xb7zya7C5nGM/8AC/btidHdahA1xsyIspr5sSk2fPcKkMScCh5E6V21gra73wLc4gmKG8A1y/Dzo0AEYfHZ9hO7qHydf/FZUA0e4tBd2n8TrPhveIsXMWVYXk19oPVsDzWuchUr1O2kOMPK8wJkxHPFsQ/wNPTPPfivbykLMth3fnUCvCX6wPSQFM+DD6x/1ldlr8r27OLCU/tF8ISZF6lDRVRR+EJeQHyfQ63jNArhTKJj0b7WSqLBXJoLdXkmxM3Pqv2RI6NDuf6G5OwwgxvVSFfC1r4WVnJRPKXp0WykNTTs6cysLrBrL8dHy0BypSgVAUX/GJhnenaoYIT5wkW7JCB1icxdlciL3Ut1ejYiY3Y9vCY95fsmYtH5ShWrpn4OuEft9IQJ7MpA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000013, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024/1/22 20:38, David Howells wrote: > cachefiles_ondemand_init_object() as called from cachefiles_open_file() and > cachefiles_create_tmpfile() does not check if object->ondemand is set > before dereferencing it, leading to an oops something like: > > RIP: 0010:cachefiles_ondemand_init_object+0x9/0x41 > ... > Call Trace: > > cachefiles_open_file+0xc9/0x187 > cachefiles_lookup_cookie+0x122/0x2be > fscache_cookie_state_machine+0xbe/0x32b > fscache_cookie_worker+0x1f/0x2d > process_one_work+0x136/0x208 > process_scheduled_works+0x3a/0x41 > worker_thread+0x1a2/0x1f6 > kthread+0xca/0xd2 > ret_from_fork+0x21/0x33 > > Fix this by making the calls to cachefiles_ondemand_init_object() > conditional. > > Fixes: 3c5ecfe16e76 ("cachefiles: extract ondemand info field from cachefiles_object") > Reported-by: Marc Dionne > Signed-off-by: David Howells > cc: Gao Xiang > cc: Chao Yu > cc: Yue Hu > cc: Jeffle Xu > cc: linux-erofs@lists.ozlabs.org > cc: netfs@lists.linux.dev > cc: linux-fsdevel@vger.kernel.org Looks good to me, thanks for fixing this: Reviewed-by: Gao Xiang Thanks, Gao Xiang