Re: [PATCH] btrfs: fix a race in encoded read

[David Sterba]

On Thu, Dec 12, 2024 at 11:26:20AM +0100, Daniel Vacek wrote:
> On Thu, Dec 12, 2024 at 11:10 AM Johannes Thumshirn
> <Johannes.Thumshirn@xxxxxxx> wrote:
> >
> > On 12.12.24 10:35, Daniel Vacek wrote:
> > > On Thu, Dec 12, 2024 at 10:14 AM Johannes Thumshirn
> > > <Johannes.Thumshirn@xxxxxxx> wrote:
> > >> It got recently force pushed, 34725028ec5500018f1cb5bfd55c669c7bbf1346
> > >> it is now, sorry.
> > >
> > > Yeah, this looks very similar and it should fix the bug as well. In
> > > fact the fix part looks exactly the same, I just also changed the
> > > slab/stack allocation while you changed the atomic/refcount. But these
> > > are unrelated, IIUC. I actually planned to split it into two patches
> > > but David told me it's not necessary and I should send it as it is.
> > >
> > > Just nitpicking about your patch, the subject says simplify while I
> > > don't really see any simplification.
> > > Also it does not mention the UAF bug leading to crashes it fixes,
> > > missing the Fixes: and CC: stable tags.
> > >
> > > What do we do now?
> >
> > I think it's up to David if he want's to send the patch for this rc or
> > not. In my test environment the part that went upstream was sufficient
> > to fix the UAF, so this was the part that actually went to Linus first.
> 
> But it (I assume you are referring to `05b36b04d74a`) does not really
> fix the UAF. I'm still able to get the same crashes even with this
> commit applied. That was actually where I originally started testing.
> 
> > @Dave can you send '34725028ec55 ("btrfs: simplify waiting for encoded
> > read endios")' in the next PR? I can update the Fixes tag.
> 
> The commit message definitely needs to be updated mentioning that this
> actually fixes the UAF which `05b36b04d74a` does not really address.

Yeah, the commit message does not say anything about fixing things so I
skipped it when looking for -rc fixes.