lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87sg8er7gp.fsf@x220.int.ebiederm.org>
Date:   Wed, 09 Dec 2020 15:32:38 -0600
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Al Viro <viro@...iv.linux.org.uk>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Oleg Nesterov <oleg@...hat.com>, Jann Horn <jann@...jh.net>
Subject: Re: [PATCH] files: rcu free files_struct

Al Viro <viro@...iv.linux.org.uk> writes:

> On Wed, Dec 09, 2020 at 11:13:38AM -0800, Linus Torvalds wrote:
>> On Wed, Dec 9, 2020 at 10:05 AM Eric W. Biederman <ebiederm@...ssion.com> wrote:
>> >
>> > -                               struct file * file = xchg(&fdt->fd[i], NULL);
>> > +                               struct file * file = fdt->fd[i];
>> >                                 if (file) {
>> > +                                       rcu_assign_pointer(fdt->fd[i], NULL);
>> 
>> This makes me nervous. Why did we use to do that xchg() there? That
>> has atomicity guarantees that now are gone.
>> 
>> Now, this whole thing should be called for just the last ref of the fd
>> table, so presumably that atomicity was never needed in the first
>> place. But the fact that we did that very expensive xchg() then makes
>> me go "there's some reason for it".
>> 
>> Is this xchg() just bogus historical leftover? It kind of looks that
>> way. But maybe that change should be done separately?
>
> I'm still not convinced that exposing close_files() to parallel
> 3rd-party accesses is safe in all cases, so this patch still needs
> more analysis.

That is fine.  I just wanted to post the latest version so we could
continue the discussion.  Especially with comments etc.

> And I'm none too happy about "we'll fix the things
> up at the tail of the series" - the changes are subtle enough and
> the area affected is rather fundamental.  So if we end up returning
> to that several years from now while debugging something, I would
> very much prefer to have the transformation series as clean and
> understandable as possible.  It's not just about bisect hazard -
> asking yourself "WTF had it been done that way, is there anything
> subtle I'm missing here?" can cost many hours of head-scratching,
> IME.

Fair enough.  I don't expect anyone is basing anything on that branch,
so a rebase is possible.

Now removing the pounding on task_lock isn't about correctness, and it
is not fixing a performance problem anyone has measured at this point.
So I do think it should be a follow on.  If for no other reason than to
keep the problem small enough it can fit in heads.

Similarly the dnotify stuff.  Your description certain makes it look
fishy but that the questionable parts are orthogonal to my patches.

> Eric, I understand that you want to avoid reordering/folding, but
> in this case it _is_ needed.  It's not as if there had been any
> serious objections to the overall direction of changes; it's
> just that we need to get that as understandable as possible.

I will post the patch that will become -1/24 in a moment.

Eric



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ