On Fri, Jan 10, 2020 at 05:05:54PM +0800, Anand Jain wrote: > fs_info is born during mount, and operations before the mount such as > scanning and assembling of the device volume should happen without any > reference to fs_info. > > However the patch commit a9261d4125c9 (btrfs: harden agaist duplicate > fsid on scanned devices) used fs_info to call btrfs_warn_in_rcu() and > btrfs_info_in_rcu(), so if fs_info is NULL, the stacked functions leads > to btrfs_printk() which shall print "unknown" instead of sb->s_id. Or > even might UAF as reported in [1]. > > So do the right thing, don't use btrfs_warn_in_rcu() and > btrfs_info_in_rcu() in device_list_add() instead just open code it. > > Link: > [1] https://www.spinics.net/lists/linux-btrfs/msg96524.html > Fixes: a9261d4125c9 (btrfs: harden agaist duplicate fsid on scanned devices) > Signed-off-by: Anand Jain <anand.jain@xxxxxxxxxx> > --- > fs/btrfs/volumes.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c > index 6fd90270e2c7..1a419841fc99 100644 > --- a/fs/btrfs/volumes.c > +++ b/fs/btrfs/volumes.c > @@ -889,17 +889,21 @@ static noinline struct btrfs_device *device_list_add(const char *path, > if (device->bdev != path_bdev) { > bdput(path_bdev); > mutex_unlock(&fs_devices->device_list_mutex); > - btrfs_warn_in_rcu(device->fs_info, > - "duplicate device fsid:devid for %pU:%llu old:%s new:%s", > + rcu_read_lock(); > + printk_ratelimited( Avoiding fs_info here is correct but we don't want to use raw printk or printk_ratelimited anywhere.
