lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250209010910.GT1977892@ZenIV>
Date: Sun, 9 Feb 2025 01:09:10 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: NeilBrown <neilb@...e.de>
Cc: Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Jeff Layton <jlayton@...nel.org>,
	Dave Chinner <david@...morbit.com>, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 09/19] VFS: add _async versions of the various directory
 modifying inode_operations

On Fri, Feb 07, 2025 at 10:41:34PM +0000, Al Viro wrote:

> I'm sorry, but I don't buy the "complete with no lock on directory"
> part - not without a verifiable proof of correctness of the locking
> scheme.  Especially if you are putting rename into the mix.
> 
> And your method prototypes pretty much bake that in.
> 
> *IF* we intend to try going that way (and I'm not at all convinced
> that it's feasible - locking aside, there's also a shitload of fun
> with fsnotify, audit, etc.), let's make those new methods take
> a single argument - something like struct mkdir_args, etc., with
> inlines for extracting individual arguments out of that.  Yes, it's
> ugly, but it allows later changes without a massive headache on
> each calling convention modification.
> 
> Said that, an explicit description of locking scheme and a proof of
> correctness (at least on the "it can't deadlock" level) is, IMO,
> a hard requirement for the entire thing, async or no async.
> 
> We *do* have such for the current locking scheme.

While we are at it, the locking order is... interesting.  You
have
	* parent's ->i_rwsem before child's d_update_lock()
	* for a child, d_update_lock() before ->i_rwsem
and that - on top of ordering between ->i_rwsem of various
inodes.

Do you actually have a proof that it's deadlock-free?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ