Re: [PATCH V3 8/9] dax: replace exported dax_dev_get() with non-allocating dax_dev_find()

Next message: Alison Schofield: "Re: [PATCH V3 6/9] dax/fsdev: fail probe on invalid pgmap offset"
Previous message: Andy Shevchenko: "Re: [PATCH] staging: rtl8723bs: fix coding style in rtw_cmd.c"
In reply to: Dave Jiang: "Re: [PATCH V3 8/9] dax: replace exported dax_dev_get() with non-allocating dax_dev_find()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alison Schofield

Date: Tue Jun 02 2026 - 20:20:36 EST

On Sat, May 30, 2026 at 04:51:33PM +0000, John Groves wrote:
> From: John Groves <John@xxxxxxxxxx>
>
> This fix is in response to a Sashiko review, and some subsequent
> analysis.
>
> dax_dev_get() uses iget5_locked() which creates a new inode if no
> matching one exists. This is correct for the internal caller
> (alloc_dax), but dangerous for external callers that look up devices
> from user-supplied or metadata-supplied dev_t values:
>
> 1. A new inode is created with DAXDEV_ALIVE set but no backing driver,
> no ops, and no IDA-allocated minor number.
>
> 2. On teardown, dax_destroy_inode() warns because kill_dax() was never
> called, and dax_free_inode() calls ida_free() for a minor that was
> never ida_alloc'd -- potentially freeing the minor of a real device.
>
> Add dax_dev_find() which uses ilookup5() for lookup-only semantics:
> it returns an existing dax_device with an elevated inode reference, or
> NULL if no device with the given dev_t exists. It never creates inodes.
> A dax_alive() check under dax_read_lock() guards against returning a
> device that is concurrently being torn down by kill_dax().
>
> Make dax_dev_get() static again (internal to super.c for alloc_dax),
> export dax_dev_find() instead, and update the two external callers
> (famfs_inode.c, famfs.c). Also add the missing CONFIG_DAX=n stub.
>
> Fixes: 2ae624d5a555d ("dax: export dax_dev_get()")
> Signed-off-by: John Groves <john@xxxxxxxxxx>
> ---

Reviewed-by: Alison Schofield <alison.schofield@xxxxxxxxx>