From nobody Fri May 17 01:43:37 2024
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D5A06BB2F
	for <linux-kernel@vger.kernel.org>; Wed, 17 Apr 2024 07:13:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=45.249.212.191
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713338043; cv=none;
 b=OklLPVwGw5BlTFMR2U0KlJDR+9ONLPEReErDycu8xGJvX4nr2i/Gg42kxjItlawhis5Kc1KJYuqdcTr9eB1TMm43TPsuUq2hTPlbj+b0utlhb2gOjFm63IIjmWJlKbj12yNC/Jgr0KOUtSk4KHaaDCDrHtDpvbfXZbA/lZe8FeI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713338043; c=relaxed/simple;
	bh=jEtvm58hsfe68giclCwNX670PHyRm5fl9eO0Wssg0qw=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
 b=Zh2+rxo8v+NQzMrADXVRdWe0xCRKUv+Pzevkco8sBMnxeKpvSrBaEY467Ku2HePJnuacWX4eCj8b5ss7NInsSxJ6p40kcpFnc0CN2q9ESgaYONJryzg1afPw6d8QYUvQvfZ+58DL+KvKW30+FZx/hJHzfpR9sHhtfR9FZY3DD/c=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=huawei.com;
 spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.191
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=huawei.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=huawei.com
Received: from mail.maildlp.com (unknown [172.19.162.112])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4VKBT51YpFz1HCMD;
	Wed, 17 Apr 2024 14:53:45 +0800 (CST)
Received: from dggpeml500021.china.huawei.com (unknown [7.185.36.21])
	by mail.maildlp.com (Postfix) with ESMTPS id BDA291400D9;
	Wed, 17 Apr 2024 14:54:38 +0800 (CST)
Received: from huawei.com (10.175.127.227) by dggpeml500021.china.huawei.com
 (7.185.36.21) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 17 Apr
 2024 14:54:38 +0800
From: Baokun Li <libaokun1@huawei.com>
To: <linux-erofs@lists.ozlabs.org>
CC: <xiang@kernel.org>, <chao@kernel.org>, <huyue2@coolpad.com>,
	<jefflexu@linux.alibaba.com>, <viro@zeniv.linux.org.uk>,
	<brauner@kernel.org>, <linux-kernel@vger.kernel.org>, <yangerkun@huawei.com>,
	<houtao1@huawei.com>, <libaokun1@huawei.com>
Subject: [PATCH v2] erofs: reliably distinguish block based and fscache mode
Date: Wed, 17 Apr 2024 14:55:13 +0800
Message-ID: <20240417065513.3409744-1-libaokun1@huawei.com>
X-Mailer: git-send-email 2.31.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
 dggpeml500021.china.huawei.com (7.185.36.21)
Content-Type: text/plain; charset="utf-8"

When erofs_kill_sb() is called in block dev based mode, s_bdev may not have
been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will
be mistaken for fscache mode, and then attempt to free an anon_dev that has
never been allocated, triggering the following warning:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
ida_free called for id=3D0 which is not allocated.
WARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140
Modules linked in:
CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630
RIP: 0010:ida_free+0x134/0x140
Call Trace:
 <TASK>
 erofs_kill_sb+0x81/0x90
 deactivate_locked_super+0x35/0x80
 get_tree_bdev+0x136/0x1e0
 vfs_get_tree+0x2c/0xf0
 do_new_mount+0x190/0x2f0
 [...]
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Instead of allocating the erofs_sb_info in fill_super() allocate it
during erofs_get_tree() and ensure that erofs can always have the info
available during erofs_kill_sb().

Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
---
Changes since v1:
  Allocate and initialise fc->s_fs_info in erofs_fc_get_tree() instead of
  modifying fc->sb_flags.

V1: https://lore.kernel.org/r/20240415121746.1207242-1-libaokun1@huawei.com/

 fs/erofs/super.c | 51 ++++++++++++++++++++++++++----------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/fs/erofs/super.c b/fs/erofs/super.c
index b21bd8f78dc1..4104280be2ea 100644
--- a/fs/erofs/super.c
+++ b/fs/erofs/super.c
@@ -581,8 +581,7 @@ static const struct export_operations erofs_export_ops =
=3D {
 static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *=
fc)
 {
 	struct inode *inode;
-	struct erofs_sb_info *sbi;
-	struct erofs_fs_context *ctx =3D fc->fs_private;
+	struct erofs_sb_info *sbi =3D EROFS_SB(sb);
 	int err;
=20
 	sb->s_magic =3D EROFS_SUPER_MAGIC;
@@ -590,19 +589,6 @@ static int erofs_fc_fill_super(struct super_block *sb,=
 struct fs_context *fc)
 	sb->s_maxbytes =3D MAX_LFS_FILESIZE;
 	sb->s_op =3D &erofs_sops;
=20
-	sbi =3D kzalloc(sizeof(*sbi), GFP_KERNEL);
-	if (!sbi)
-		return -ENOMEM;
-
-	sb->s_fs_info =3D sbi;
-	sbi->opt =3D ctx->opt;
-	sbi->devs =3D ctx->devs;
-	ctx->devs =3D NULL;
-	sbi->fsid =3D ctx->fsid;
-	ctx->fsid =3D NULL;
-	sbi->domain_id =3D ctx->domain_id;
-	ctx->domain_id =3D NULL;
-
 	sbi->blkszbits =3D PAGE_SHIFT;
 	if (erofs_is_fscache_mode(sb)) {
 		sb->s_blocksize =3D PAGE_SIZE;
@@ -704,11 +690,32 @@ static int erofs_fc_fill_super(struct super_block *sb=
, struct fs_context *fc)
 	return 0;
 }
=20
-static int erofs_fc_get_tree(struct fs_context *fc)
+static void erofs_ctx_to_info(struct fs_context *fc)
 {
 	struct erofs_fs_context *ctx =3D fc->fs_private;
+	struct erofs_sb_info *sbi =3D fc->s_fs_info;
+
+	sbi->opt =3D ctx->opt;
+	sbi->devs =3D ctx->devs;
+	ctx->devs =3D NULL;
+	sbi->fsid =3D ctx->fsid;
+	ctx->fsid =3D NULL;
+	sbi->domain_id =3D ctx->domain_id;
+	ctx->domain_id =3D NULL;
+}
=20
-	if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && ctx->fsid)
+static int erofs_fc_get_tree(struct fs_context *fc)
+{
+	struct erofs_sb_info *sbi;
+
+	sbi =3D kzalloc(sizeof(*sbi), GFP_KERNEL);
+	if (!sbi)
+		return -ENOMEM;
+
+	fc->s_fs_info =3D sbi;
+	erofs_ctx_to_info(fc);
+
+	if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && sbi->fsid)
 		return get_tree_nodev(fc, erofs_fc_fill_super);
=20
 	return get_tree_bdev(fc, erofs_fc_fill_super);
@@ -767,6 +774,7 @@ static void erofs_fc_free(struct fs_context *fc)
 	kfree(ctx->fsid);
 	kfree(ctx->domain_id);
 	kfree(ctx);
+	kfree(fc->s_fs_info);
 }
=20
 static const struct fs_context_operations erofs_context_ops =3D {
@@ -783,6 +791,7 @@ static int erofs_init_fs_context(struct fs_context *fc)
 	ctx =3D kzalloc(sizeof(*ctx), GFP_KERNEL);
 	if (!ctx)
 		return -ENOMEM;
+
 	ctx->devs =3D kzalloc(sizeof(struct erofs_dev_context), GFP_KERNEL);
 	if (!ctx->devs) {
 		kfree(ctx);
@@ -799,17 +808,13 @@ static int erofs_init_fs_context(struct fs_context *f=
c)
=20
 static void erofs_kill_sb(struct super_block *sb)
 {
-	struct erofs_sb_info *sbi;
+	struct erofs_sb_info *sbi =3D EROFS_SB(sb);
=20
-	if (erofs_is_fscache_mode(sb))
+	if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && sbi->fsid)
 		kill_anon_super(sb);
 	else
 		kill_block_super(sb);
=20
-	sbi =3D EROFS_SB(sb);
-	if (!sbi)
-		return;
-
 	erofs_free_dev_context(sbi->devs);
 	fs_put_dax(sbi->dax_dev, NULL);
 	erofs_fscache_unregister_fs(sb);
--=20
2.31.1