debugfs: initialize cancellations earlier

Tetsuo Handa pointed out that in the (now reverted)
lockdep commit I initialized the data too late. The
same is true for the cancellation data, it must be
initialized before the cmpxchg(), otherwise it may
be done twice and possibly even overwriting data in
there already when there's a race. Fix that, which
also requires destroying the mutex in case we lost
the race.

Fixes: 8c88a474357e ("debugfs: add API to allow debugfs operations cancellation")
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20231221150444.1e47a0377f80.If7e8ba721ba2956f12c6e8405e7d61e154aa7ae7@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index 5063434..6d7c1a4 100644 (file)
--- a/fs/debugfs/file.c
+++ b/fs/debugfs/file.c
@@ -104,12 +104,14 @@ int debugfs_file_get(struct dentry *dentry)
                                        ~DEBUGFS_FSDATA_IS_REAL_FOPS_BIT);
                refcount_set(&fsd->active_users, 1);
                init_completion(&fsd->active_users_drained);
+               INIT_LIST_HEAD(&fsd->cancellations);
+               mutex_init(&fsd->cancellations_mtx);
+
                if (cmpxchg(&dentry->d_fsdata, d_fsd, fsd) != d_fsd) {
+                       mutex_destroy(&fsd->cancellations_mtx);
                        kfree(fsd);
                        fsd = READ_ONCE(dentry->d_fsdata);
                }
-               INIT_LIST_HEAD(&fsd->cancellations);
-               mutex_init(&fsd->cancellations_mtx);
        }
 
        /*