[PATCH net 4/5] afs: Fix the server_list to unuse a displaced server rather than putting it

From: David Howells
Date: Tue Feb 18 2025 - 14:26:33 EST

Next message: Mickaël Salaün: "Re: [PATCH v5 9/24] landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials"
Previous message: Beata Michalska: "[PATCH] arm64: Utilize for_each_cpu_wrap for reference lookup"
In reply to: David Howells: "[PATCH net 1/5] rxrpc: rxperf: Fix missing decoding of terminal magic cookie"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net 0/5] rxrpc, afs: Miscellaneous fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When allocating and building an afs_server_list struct object from a VLDB
record, we look up each server address to get the server record for it -
but a server may have more than one entry in the record and we discard the
duplicate pointers. Currently, however, when we discard, we only put a
server record, not unuse it - but the lookup got as an active-user count.

The active-user count on an afs_server_list object determines its lifetime
whereas the refcount keeps the memory backing it around. Failing to reduce
the active-user counter prevents the record from being cleaned up and can
lead to multiple copied being seen - and pointing to deleted afs_cell
objects and other such things.

Fix this by switching the incorrect 'put' to an 'unuse' instead.

Without this, occasionally, a dead server record can be seen in
/proc/net/afs/servers and list corruption may be observed:

list_del corruption. prev->next should be ffff888102423e40, but was 0000000000000000. (prev=ffff88810140cd38)

Fixes: 977e5f8ed0ab ("afs: Split the usage count on struct afs_server")
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
cc: Jakub Kicinski <kuba@xxxxxxxxxx>
cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
cc: Eric Dumazet <edumazet@xxxxxxxxxx>
cc: Paolo Abeni <pabeni@xxxxxxxxxx>
cc: Simon Horman <horms@xxxxxxxxxx>
cc: linux-afs@xxxxxxxxxxxxxxxxxxx
cc: netdev@xxxxxxxxxxxxxxx
---
fs/afs/server_list.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/afs/server_list.c b/fs/afs/server_list.c
index 7e7e567a7f8a..d20cd902ef94 100644
--- a/fs/afs/server_list.c
+++ b/fs/afs/server_list.c
@@ -97,8 +97,8 @@ struct afs_server_list *afs_alloc_server_list(struct afs_volume *volume,
break;
if (j < slist->nr_servers) {
if (slist->servers[j].server == server) {
- afs_put_server(volume->cell->net, server,
- afs_server_trace_put_slist_isort);
+ afs_unuse_server(volume->cell->net, server,
+ afs_server_trace_put_slist_isort);
continue;
}

Next message: Mickaël Salaün: "Re: [PATCH v5 9/24] landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials"
Previous message: Beata Michalska: "[PATCH] arm64: Utilize for_each_cpu_wrap for reference lookup"
In reply to: David Howells: "[PATCH net 1/5] rxrpc: rxperf: Fix missing decoding of terminal magic cookie"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net 0/5] rxrpc, afs: Miscellaneous fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]