在 2024/6/28 14:29, libao...@huaweicloud.com 写道:
From: Baokun Li
Reusing the msg_id after a maliciously completed reopen request may cause
a read request to remain unprocessed and result in a hung, as shown below:
t1 | t2 | t3
---
在 2024/6/28 14:29, libao...@huaweicloud.com 写道:
From: Baokun Li
Because after an object is dropped, requests for that object are useless,
cancel them to avoid causing other problems.
This prepares for the later addition of cancel_work_sync(). After the
reopen requests is generated, cancel i
在 2024/6/28 14:29, libao...@huaweicloud.com 写道:
From: Baokun Li
Added CACHEFILES_ONDEMAND_OBJSTATE_DROPPING indicates that the cachefiles
object is being dropped, and is set after the close request for the dropped
object completes, and no new requests are allowed to be sent after this
state.
Thanks for catching this. How about adding a Fixes tag.
Reviewed-by: Jia Zhu
在 2024/4/24 11:34, libao...@huaweicloud.com 写道:
From: Hou Tao
When queuing ondemand_object_worker() to re-open the object,
cachefiles_object is not pinned. The cachefiles_object may be freed when
the pending read r
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Baokun Li
Replacing wait_for_completion() with wait_for_completion_killable() in
cachefiles_ondemand_send_req() allows us to kill processes that might
trigger a hunk_task if the daemon is abnormal.
But now only CACHEFILES_OP_READ is kill
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Zizhi Wo
If copen is maliciously called in the user mode, it may delete the request
corresponding to the random id. And the request may have not been read yet.
Note that when the object is set to reopen, the open request will be done
wit
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Baokun Li
We got the following issue in a fuzz test of randomly issuing the restore
command:
==
BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb6
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Baokun Li
We got the following issue in a fuzz test of randomly issuing the restore
command:
==
BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Baokun Li
The err_put_fd tag is only used once, so remove it to make the code more
readable.
Signed-off-by: Baokun Li
Reviewed-by: Jia Zhu
---
fs/cachefiles/ondemand.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Baokun Li
This prevents concurrency from causing access to a freed req.
Signed-off-by: Baokun Li
Reviewed-by: Jia Zhu
---
fs/cachefiles/daemon.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/cachefiles/daemon.c b/fs/cac
在 2024/4/24 11:39, libao...@huaweicloud.com 写道:
From: Baokun Li
We got the following issue in a fuzz test of randomly issuing the restore
command:
==
BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab
在 2024/4/24 11:34, libao...@huaweicloud.com 写道:
From: Jingbo Xu
Add missing lock protection in poll routine when iterating xarray,
otherwise:
Even with RCU read lock held, only the slot of the radix tree is
ensured to be pinned there, while the data structure (e.g. struct
cachefiles_req) st
Tested-by: Jia Zhu
在 2024/1/9 19:20, David Howells 写道:
In __cachefiles_prepare_write(), the start and pos variables were made
unsigned 64-bit so that the casts in the checking could be got rid of -
which should be fine since absolute file offsets can't be negative, except
that an error code may
Previously, in ondemand read scenario, if the anonymous fd was closed by
user daemon, inflight and subsequent read requests would return EIO.
As long as the device connection is not released, user daemon can hold
and restore inflight requests by setting the request flag to
CACHEFILES_REQ_NEW.
Sugg
Don't trigger EPOLLIN when there are only reopening read requests in
xarray.
Suggested-by: Xin Yin
Signed-off-by: Jia Zhu
Reviewed-by: Jingbo Xu
---
fs/cachefiles/daemon.c | 14 --
fs/cachefiles/internal.h | 12
2 files changed, 24 insertions(+), 2 deletions(-)
diff
When an anonymous fd is closed by user daemon, if there is a new read
request for this file comes up, the anonymous fd should be re-opened
to handle that read request rather than fail it directly.
1. Introduce reopening state for objects that are closed but have
inflight/subsequent read request
Changes since v5:
In cachefiles_daemon_poll(), replace xa_for_each_marked with
xas_for_each_marked.
[Background]
In the on-demand read mode, if user daemon unexpectedly closes an on-demand fd
(for example, due to daemon crashing), subsequent read operations and inflight
requests rely
We'll introduce a @work_struct field for @object in subsequent patches,
it will enlarge the size of @object.
As the result of that, this commit extracts ondemand info field from
@object.
Signed-off-by: Jia Zhu
Reviewed-by: Jingbo Xu
---
fs/cachefiles/interface.c | 7 ++-
fs/cachefiles/inte
Previously, @ondemand_id field was used not only to identify ondemand
state of the object, but also to represent the index of the xarray.
This commit introduces @state field to decouple the role of @ondemand_id
and adds helpers to access it.
Signed-off-by: Jia Zhu
Reviewed-by: Jingbo Xu
---
fs/
在 2023/9/15 16:27, Jingbo Xu 写道:
The device tag is not required in flatdev mode, and thus relax this
constraint in flatdev mode.
Signed-off-by: Jingbo Xu
LGTM
Reviewed-by: Jia Zhu
---
Sorry I forget to cc linux-erofs@lists.ozlabs.org in the former patch.
---
fs/erofs/super.c | 2 +-
Previously, in ondemand read scenario, if the anonymous fd was closed by
user daemon, inflight and subsequent read requests would return EIO.
As long as the device connection is not released, user daemon can hold
and restore inflight requests by setting the request flag to
CACHEFILES_REQ_NEW.
Sugg
Don't trigger EPOLLIN when there are only reopening read requests in
xarray.
Suggested-by: Xin Yin
Signed-off-by: Jia Zhu
---
fs/cachefiles/daemon.c | 14 --
fs/cachefiles/internal.h | 12
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/fs/cachefiles/d
When an anonymous fd is closed by user daemon, if there is a new read
request for this file comes up, the anonymous fd should be re-opened
to handle that read request rather than fail it directly.
1. Introduce reopening state for objects that are closed but have
inflight/subsequent read request
We'll introduce a @work_struct field for @object in subsequent patches,
it will enlarge the size of @object.
As the result of that, this commit extracts ondemand info field from
@object.
Signed-off-by: Jia Zhu
---
fs/cachefiles/interface.c | 7 ++-
fs/cachefiles/internal.h | 26 +++
Changes since v5:
In cachefiles_daemon_poll(), replace xa_for_each_marked with
xas_for_each_marked.
[Background]
In ondemand read mode, if user daemon closes anonymous fd(e.g. daemon
crashes), subsequent read and inflight requests based on these fd will
return -EIO.
Even if above men
Previously, @ondemand_id field was used not only to identify ondemand
state of the object, but also to represent the index of the xarray.
This commit introduces @state field to decouple the role of @ondemand_id
and adds helpers to access it.
Signed-off-by: Jia Zhu
---
fs/cachefiles/internal.h |
在 2023/4/14 21:51, David Howells 写道:
Jia Zhu wrote:
#define CACHEFILES_OBJECT_STATE_FUNCS(_state, _STATE) \
static inline bool
\
cachefiles_ondemand_object_is_##_state(const struct cachefiles_object
*object) \
{
在 2023/4/14 21:53, David Howells 写道:
Jia Zhu wrote:
+int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args)
+{
+ struct cachefiles_req *req;
+
+ XA_STATE(xas, &cache->reqs, 0);
+
+ if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
+
在 2023/4/14 21:48, David Howells 写道:
Jia Zhu wrote:
if (cachefiles_in_ondemand_mode(cache)) {
- if (!xa_empty(&cache->reqs))
- mask |= EPOLLIN;
+ if (!xa_empty(xa)) {
+ rcu_read_lock();
+ x
We should explicitly cast @blkaddr from u32 to u64 before the shift
operation to return the larger type.
Fixes: b1c2d99b18ff ("erofs: avoid hardcoded blocksize for subpage block
support")
Signed-off-by: Jia Zhu
---
fs/erofs/data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --gi
Previously, in ondemand read scenario, if the anonymous fd was closed by
user daemon, inflight and subsequent read requests would return EIO.
As long as the device connection is not released, user daemon can hold
and restore inflight requests by setting the request flag to
CACHEFILES_REQ_NEW.
Sugg
Don't trigger EPOLLIN when there are only reopening read requests in
xarray.
Suggested-by: Xin Yin
Signed-off-by: Jia Zhu
---
fs/cachefiles/daemon.c | 15 +--
fs/cachefiles/internal.h | 12
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/fs/cachefiles/
When an anonymous fd is closed by user daemon, if there is a new read
request for this file comes up, the anonymous fd should be re-opened
to handle that read request rather than fail it directly.
1. Introduce reopening state for objects that are closed but have
inflight/subsequent read request
Previously, @ondemand_id field was used not only to identify ondemand
state of the object, but also to represent the index of the xarray.
This commit introduces @state field to decouple the role of @ondemand_id
and adds helpers to access it.
Signed-off-by: Jia Zhu
---
fs/cachefiles/internal.h |
We'll introduce a @work_struct field for @object in subsequent patches,
it will enlarge the size of @object.
As the result of that, this commit extracts ondemand info field from
@object.
Signed-off-by: Jia Zhu
---
fs/cachefiles/interface.c | 7 ++-
fs/cachefiles/internal.h | 26 +++
Changes since v3:
1. Make enum cachefiles_object_state to all-uppercase and optimize the implement
of CACHEFILES_OBJECT_STATE_FUNCS.
2. For struct cachefiles_object:
1. Make ondemand field inside of "#ifdef CONFIG_CACHEFILES_ONDEMAND".
2. Rename struct cachefiles_ondemand_info *p
在 2023/3/28 22:12, David Howells 写道:
Jia Zhu wrote:
+ struct cachefiles_object *object =
+ ((struct cachefiles_ondemand_info *)work)->object;
container_of().
Thanks, will revise it.
+ continue;
+ } else if (cachefiles_ondemand_ob
在 2023/3/28 22:19, David Howells 写道:
Jia Zhu wrote:
+ if (!xa_empty(xa)) {
+ xa_lock(xa);
+ xa_for_each_marked(xa, index, req, CACHEFILES_REQ_NEW) {
+ if
(!cachefiles_ondemand_is_reopening_read(req)) {
在 2023/3/28 21:58, David Howells 写道:
Jia Zhu wrote:
@@ -65,10 +71,7 @@ struct cachefiles_object {
enum cachefiles_content content_info:8; /* Info about content
presence */
unsigned long flags;
#define CACHEFILES_OBJECT_USING_TMPFILE 0
Hi David,
Thanks for reviewing.
在 2023/3/28 21:52, David Howells 写道:
Jia Zhu wrote:
+enum cachefiles_object_state {
+ CACHEFILES_ONDEMAND_OBJSTATE_close, /* Anonymous fd closed by daemon or
initial state */
+ CACHEFILES_ONDEMAND_OBJSTATE_open, /* Anonymous fd associated with
obj
40 matches
Mail list logo
