hulk inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/8440 ------------------ The MFS event holds the inode reference, when the MFS is umounted, the kill_anon_super will clean the inode forcely and report warning if the inode is in used. After that, the mfs_destroy_events will release event and iput, this causes the wild-memory-access error. So we should move mfs_destroy_events forward to keep the release order. Moreover, we should keep the memory access order on caches-> flags to avoid the unexcept mutex status. Fixes: 465dc69f5ba3 ("mfs: Add basic events framework") Signed-off-by: Hongbo Li <lihongbo22@huawei.com> --- fs/mfs/cache.c | 2 ++ fs/mfs/super.c | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/mfs/cache.c b/fs/mfs/cache.c index c06dcc9dc758..fbc608982961 100644 --- a/fs/mfs/cache.c +++ b/fs/mfs/cache.c @@ -306,6 +306,8 @@ void mfs_post_event_read(struct mfs_cache_object *object, do { xas_lock(&xas); + /* Ensure flags changed after lock */ + smp_mb__before_atomic(); if (!test_bit(MFS_CACHE_READY, &caches->flags)) { xas_unlock(&xas); goto out; diff --git a/fs/mfs/super.c b/fs/mfs/super.c index 91b1b13b0657..ac35c13bbcee 100644 --- a/fs/mfs/super.c +++ b/fs/mfs/super.c @@ -399,6 +399,8 @@ static void mfs_kill_sb(struct super_block *sb) clear_bit(MFS_MOUNTED, &sbi->flags); if (support_event(sbi)) { + /* The barrier pair to make sure flags is new */ + smp_mb__before_atomic(); while (test_bit(MFS_CACHE_OPENED, &caches->flags)) { static DEFINE_RATELIMIT_STATE(busy_open, 30 * HZ, 1); @@ -407,10 +409,12 @@ static void mfs_kill_sb(struct super_block *sb) continue; pr_warn("Pending until close the /dev/mfs%u...\n", sbi->minor); } + /* Ensure flags status is updated */ + smp_mb__after_atomic(); mfs_fs_dev_exit(sb); } - kill_anon_super(sb); mfs_destroy_events(sb); + kill_anon_super(sb); if (sbi->mtree) { path_put(&sbi->lower); kfree(sbi->mtree); -- 2.34.1