On Thu, May 10, 2018 at 02:21:33PM +1000, Dave Chinner wrote: > Setting sb->s_fs_info to NULL on xfs_mount setup failure only solves > the use-after-free part of the problem - it doesn't solve the > use-before-initialisation part. To solve that we need to check the > SB_BORN flag in super_cache_count(). > > The SB_BORN flag is not set until ->fs_mount() completes > successfully and trylock_super() won't succeed until it is set. > Hence super_cache_scan() will not run until SB_BORN is set, so it > makes sense to not allow super_cache_scan to run and enter the > filesystem until it is set, too. This prevents the superblock > shrinker from entering the filesystem while it is being set up and > so avoids the use-before-initialisation issue. I'm fine with the first part of that (fs/super.c, that is), but I don't understand why do you need the xfs side of the patch with that. Confused...
