On Tue, Nov 12, 2024 at 3:00 PM Martin KaFai Lau <martin.lau@xxxxxxxxx> wrote:
>
> On 11/12/24 12:36 AM, Song Liu wrote:
> > void __destroy_inode(struct inode *inode)
> > {
> > BUG_ON(inode_has_buffers(inode));
> > + bpf_inode_storage_free(inode);
>
> Not sure if this is done in the rcu callback (i.e. after the rcu gp). Please check.
>
> > inode_detach_wb(inode);
> > security_inode_free(inode);
> > fsnotify_inode_delete(inode);
>
> [ ... ]
>
> > @@ -136,12 +119,7 @@ BPF_CALL_5(bpf_inode_storage_get, struct bpf_map *, map, struct inode *, inode,
> > if (flags & ~(BPF_LOCAL_STORAGE_GET_F_CREATE))
> > return (unsigned long)NULL;
> >
> > - /* explicitly check that the inode_storage_ptr is not
> > - * NULL as inode_storage_lookup returns NULL in this case and
> > - * bpf_local_storage_update expects the owner to have a
> > - * valid storage pointer.
> > - */
> > - if (!inode || !inode_storage_ptr(inode))
> > + if (!inode)
> > return (unsigned long)NULL;
>
> There is an atomic_read in this function:
>
> /* only allocate new storage, when the inode is refcounted */
> if (atomic_read(&inode->i_count) &&
> flags & BPF_LOCAL_STORAGE_GET_F_CREATE) {
>
> If the bpf_inode_storage_free is not done after rcu gp, this will need a
> inc_not_zero like how the sk storage does. I think moving the storage_free to
> the inode rcu call back may be easier if it is not the case now.
This is a great catch!
I will move bpf_inode_storage_free to i_callback().
Thanks,
Song
