From nobody Mon Apr 13 14:26:56 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CDA2C433FE for ; Mon, 14 Nov 2022 12:19:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237093AbiKNMTw (ORCPT ); Mon, 14 Nov 2022 07:19:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237092AbiKNMTt (ORCPT ); Mon, 14 Nov 2022 07:19:49 -0500 Received: from out30-132.freemail.mail.aliyun.com (out30-132.freemail.mail.aliyun.com [115.124.30.132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D83B6222A0 for ; Mon, 14 Nov 2022 04:19:47 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R561e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046059;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0VUmtJD9_1668428383; Received: from localhost(mailfrom:jefflexu@linux.alibaba.com fp:SMTPD_---0VUmtJD9_1668428383) by smtp.aliyun-inc.com; Mon, 14 Nov 2022 20:19:44 +0800 From: Jingbo Xu To: xiang@kernel.org, chao@kernel.org, yinxin.x@bytedance.com, linux-erofs@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org, dhowells@redhat.com Subject: [PATCH v2] erofs: fix missing xas_retry() in fscache mode Date: Mon, 14 Nov 2022 20:19:43 +0800 Message-Id: <20221114121943.29987-1-jefflexu@linux.alibaba.com> X-Mailer: git-send-email 2.19.1.6.gb485710b MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The xarray iteration only holds the RCU read lock and thus may encounter XA_RETRY_ENTRY if there's process modifying the xarray concurrently. This will cause oops when referring to the invalid entry. Fix this by adding the missing xas_retry(), which will make the iteration wind back to the root node if XA_RETRY_ENTRY is encountered. Fixes: d435d53228dd ("erofs: change to use asynchronous io for fscache read= page/readahead") Suggested-by: David Howells Reviewed-by: Gao Xiang Reviewed-by: Jia Zhu Signed-off-by: Jingbo Xu --- v2: - update the commit message suggested by David - add "Suggested-by" tag, as this patch actually fixes the same issue as that fixed by David's patch [1]. Sorry I forgot in v1 ;-\ - add "Reviewed-by" tags [1] https://lore.kernel.org/lkml/084d78a4-6052-f2ec-72f2-af9c4979f5dc@linux= .alibaba.com/T/#m036d0221dacde491a1bcf2f4428e8b1450179df9 --- fs/erofs/fscache.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c index fe05bc51f9f2..458c1c70ef30 100644 --- a/fs/erofs/fscache.c +++ b/fs/erofs/fscache.c @@ -75,11 +75,15 @@ static void erofs_fscache_rreq_unlock_folios(struct net= fs_io_request *rreq) =20 rcu_read_lock(); xas_for_each(&xas, folio, last_page) { - unsigned int pgpos =3D - (folio_index(folio) - start_page) * PAGE_SIZE; - unsigned int pgend =3D pgpos + folio_size(folio); + unsigned int pgpos, pgend; bool pg_failed =3D false; =20 + if (xas_retry(&xas, folio)) + continue; + + pgpos =3D (folio_index(folio) - start_page) * PAGE_SIZE; + pgend =3D pgpos + folio_size(folio); + for (;;) { if (!subreq) { pg_failed =3D true; --=20 2.19.1.6.gb485710b