There is a dangling reference to pipe in a watch_queue after clearing it.
Thus, NULL that pointer while clearing. This can be thought of as a v4 of
the patches I had sent earlier.
This change renders wqueue->defunct superfluous, as the latter is only used
to check if watch_queue is cleared. With this change, the pipe is NULL'd
while clearing, so we can just check if the pipe is NULL.
Extending comment for watch_queue->pipe in the definition of watch_queue
made the comment conventionally too long (it was already past 80 chars),
so I have changed the struct annotations to be doxygen-styled, so that
I can extend the comment mentioning that the pipe is NULL when watch_queue
is cleared.
Siddh Raman Pant (3):
kernel/watch_queue: Remove dangling pipe reference while clearing
watch_queue
kernel/watch_queue: Improve struct annotation formatting
kernel/watch_queue: Remove wqueue->defunct and use pipe for clear
check
include/linux/watch_queue.h | 95 +++++++++++++++++++++++++++----------
kernel/watch_queue.c | 11 ++---
2 files changed, 75 insertions(+), 31 deletions(-)
--
2.35.1
If not done, a reference to a freed pipe remains in the watch_queue,
as this function is called before freeing a pipe in free_pipe_info()
(see line 834 of fs/pipe.c).
We also need to use READ_ONCE() in post_one_notification() to prevent the
compiler from optimising and loading a non-NULL value from wqueue->pipe.
Signed-off-by: Siddh Raman Pant <[email protected]>
---
Changes in v4:
- Brought the lines towards the start rather than the end.
- Removed incorrect NULLing of wqueue->pipe->watch_queue.
The latter was pointed out by Eric Biggers <[email protected]>
in reply to v3.
Changes in v3:
- Restored the original unlock order, and clear before unlock.
- Used READ_ONCE() in post path.
This was explained by David Howells <[email protected]> in
reply to v1.
Changes in v2:
- Removed the superfluous ifdef guard.
kernel/watch_queue.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/watch_queue.c b/kernel/watch_queue.c
index a6f9bdd956c3..8999c4e3076d 100644
--- a/kernel/watch_queue.c
+++ b/kernel/watch_queue.c
@@ -99,7 +99,7 @@ static bool post_one_notification(struct watch_queue *wqueue,
struct watch_notification *n)
{
void *p;
- struct pipe_inode_info *pipe = wqueue->pipe;
+ struct pipe_inode_info *pipe = READ_ONCE(wqueue->pipe);
struct pipe_buffer *buf;
struct page *page;
unsigned int head, tail, mask, note, offset, len;
@@ -606,6 +606,9 @@ void watch_queue_clear(struct watch_queue *wqueue)
/* Prevent new notifications from being stored. */
wqueue->defunct = true;
+ /* This pipe will get freed by caller, and we are anyways clearing. */
+ wqueue->pipe = NULL;
+
while (!hlist_empty(&wqueue->watches)) {
watch = hlist_entry(wqueue->watches.first, struct watch, queue_node);
hlist_del_init_rcu(&watch->queue_node);
--
2.35.1
Improve formatting struct annotations in watch_queue.h, so that they
fall in the preferred 80 character limit.
Signed-off-by: Siddh Raman Pant <[email protected]>
---
include/linux/watch_queue.h | 96 +++++++++++++++++++++++++++----------
1 file changed, 71 insertions(+), 25 deletions(-)
diff --git a/include/linux/watch_queue.h b/include/linux/watch_queue.h
index fc6bba20273b..c99c39ec6548 100644
--- a/include/linux/watch_queue.h
+++ b/include/linux/watch_queue.h
@@ -18,57 +18,103 @@
struct cred;
+/**
+ * watch_type_filter - Filter on watch type
+ *
+ * @type: Type of watch_notification
+ * @subtype_filter: Bitmask of subtypes to filter on
+ * @info_filter: Filter on watch_notification::info
+ * @info_mask: Mask of relevant bits in info_filter
+ */
struct watch_type_filter {
enum watch_notification_type type;
- __u32 subtype_filter[1]; /* Bitmask of subtypes to filter on */
- __u32 info_filter; /* Filter on watch_notification::info */
- __u32 info_mask; /* Mask of relevant bits in info_filter */
+ __u32 subtype_filter[1];
+ __u32 info_filter;
+ __u32 info_mask;
};
+/**
+ * watch_filter - Filter on watch
+ *
+ * @rcu: (union) RCU head
+ * @type_filter: (union) Bitmask of accepted types
+ * @nr_filters: Number of filters
+ * @filters: Array of watch_type_filter
+ */
struct watch_filter {
union {
struct rcu_head rcu;
- /* Bitmask of accepted types */
DECLARE_BITMAP(type_filter, WATCH_TYPE__NR);
};
- u32 nr_filters; /* Number of filters */
+ u32 nr_filters;
struct watch_type_filter filters[];
};
+/**
+ * watch_queue - General notification queue
+ *
+ * @rcu: RCU head
+ * @filter: Filter on watch_notification::info
+ * @pipe: The pipe we're using as a buffer.
+ * @watches: Contributory watches
+ * @notes: Preallocated notifications
+ * @notes_bitmap: Allocation bitmap for notes
+ * @usage: Object usage count
+ * @lock: Spinlock
+ * @nr_notes: Number of notes
+ * @nr_pages: Number of pages in notes[]
+ * @defunct: True when queues closed
+ */
struct watch_queue {
struct rcu_head rcu;
struct watch_filter __rcu *filter;
- struct pipe_inode_info *pipe; /* The pipe we're using as a buffer */
- struct hlist_head watches; /* Contributory watches */
- struct page **notes; /* Preallocated notifications */
- unsigned long *notes_bitmap; /* Allocation bitmap for notes */
- struct kref usage; /* Object usage count */
+ struct pipe_inode_info *pipe;
+ struct hlist_head watches;
+ struct page **notes;
+ unsigned long *notes_bitmap;
+ struct kref usage;
spinlock_t lock;
- unsigned int nr_notes; /* Number of notes */
- unsigned int nr_pages; /* Number of pages in notes[] */
- bool defunct; /* T when queues closed */
+ unsigned int nr_notes;
+ unsigned int nr_pages;
+ bool defunct;
};
-/*
- * Representation of a watch on an object.
+/**
+ * watch - Representation of a watch on an object.
+ *
+ * @rcu: (union) RCU head
+ * @info_id: (union) ID to be OR'd in to info field
+ * @queue: Queue to post events to
+ * @queue_node: Link in queue->watches
+ * @watch_list: Link in watch_list->watchers
+ * @list_node: The list node
+ * @cred: Creds of the owner of the watch
+ * @private: Private data for the watched object
+ * @id: Internal identifier
+ * @usage: Object usage count
*/
struct watch {
union {
struct rcu_head rcu;
- u32 info_id; /* ID to be OR'd in to info field */
+ u32 info_id;
};
- struct watch_queue __rcu *queue; /* Queue to post events to */
- struct hlist_node queue_node; /* Link in queue->watches */
+ struct watch_queue __rcu *queue;
+ struct hlist_node queue_node;
struct watch_list __rcu *watch_list;
- struct hlist_node list_node; /* Link in watch_list->watchers */
- const struct cred *cred; /* Creds of the owner of the watch */
- void *private; /* Private data for the watched object */
- u64 id; /* Internal identifier */
- struct kref usage; /* Object usage count */
+ struct hlist_node list_node;
+ const struct cred *cred;
+ void *private;
+ u64 id;
+ struct kref usage;
};
-/*
- * List of watches on an object.
+/**
+ * watch_list - List of watches on an object.
+ *
+ * @rcu: RCU head
+ * @watchers: List head
+ * @release_watch: Function to release watch
+ * @lock: Spinlock
*/
struct watch_list {
struct rcu_head rcu;
--
2.35.1
On Thu, Aug 04, 2022 at 07:00:21PM +0530, Siddh Raman Pant wrote:
> There is a dangling reference to pipe in a watch_queue after clearing it.
> Thus, NULL that pointer while clearing. This can be thought of as a v4 of
> the patches I had sent earlier.
>
> This change renders wqueue->defunct superfluous, as the latter is only used
> to check if watch_queue is cleared. With this change, the pipe is NULL'd
> while clearing, so we can just check if the pipe is NULL.
>
> Extending comment for watch_queue->pipe in the definition of watch_queue
> made the comment conventionally too long (it was already past 80 chars),
> so I have changed the struct annotations to be doxygen-styled, so that
> I can extend the comment mentioning that the pipe is NULL when watch_queue
> is cleared.
>
> Siddh Raman Pant (3):
> kernel/watch_queue: Remove dangling pipe reference while clearing
> watch_queue
> kernel/watch_queue: Improve struct annotation formatting
> kernel/watch_queue: Remove wqueue->defunct and use pipe for clear
> check
>
> include/linux/watch_queue.h | 95 +++++++++++++++++++++++++++----------
> kernel/watch_queue.c | 11 ++---
> 2 files changed, 75 insertions(+), 31 deletions(-)
I think patches 1 and 3 should be merged together.
Also, please use a consistent version number for all patches in the series. You
have a version 1, version 2, and version 4 patch all in the same series, which
is very confusing.
- Eric
On Thu, Aug 04, 2022 at 07:00:23PM +0530, Siddh Raman Pant wrote:
> Improve formatting struct annotations in watch_queue.h, so that they
> fall in the preferred 80 character limit.
>
> Signed-off-by: Siddh Raman Pant <[email protected]>
This patch isn't just fixing overly long lines, but rather is introducing
kerneldoc comments and documenting things that weren't documented before.
That's fine, but please make the commit message accurately describe the patch.
> diff --git a/include/linux/watch_queue.h b/include/linux/watch_queue.h
> index fc6bba20273b..c99c39ec6548 100644
> --- a/include/linux/watch_queue.h
> +++ b/include/linux/watch_queue.h
> @@ -18,57 +18,103 @@
>
> struct cred;
>
> +/**
> + * watch_type_filter - Filter on watch type
If you're going to use kerneldoc comments, they should be correctly formatted.
This is not, since it's missing the word struct. You can run this command to
see the kerneldoc warnings:
./scripts/kernel-doc -v -none include/linux/watch_queue.h
> + * @lock: Spinlock
Please make sure that comments provide useful information and don't just repeat
what the code says.
- Eric
On Fri, 05 Aug 2022 12:52:11 +0530 Eric Biggers wrote:
> On Thu, Aug 04, 2022 at 07:00:23PM +0530, Siddh Raman Pant wrote:
> > Improve formatting struct annotations in watch_queue.h, so that they
> > fall in the preferred 80 character limit.
> >
> > Signed-off-by: Siddh Raman Pant [email protected]>
>
> This patch isn't just fixing overly long lines, but rather is introducing
> kerneldoc comments and documenting things that weren't documented before.
> That's fine, but please make the commit message accurately describe the patch.
>
> > diff --git a/include/linux/watch_queue.h b/include/linux/watch_queue.h
> > index fc6bba20273b..c99c39ec6548 100644
> > --- a/include/linux/watch_queue.h
> > +++ b/include/linux/watch_queue.h
> > @@ -18,57 +18,103 @@
> >
> > struct cred;
> >
> > +/**
> > + * watch_type_filter - Filter on watch type
>
> If you're going to use kerneldoc comments, they should be correctly formatted.
> This is not, since it's missing the word struct. You can run this command to
> see the kerneldoc warnings:
>
> ./scripts/kernel-doc -v -none include/linux/watch_queue.h
>
> > + * @lock: Spinlock
>
> Please make sure that comments provide useful information and don't just repeat
> what the code says.
>
> - Eric
>
Okay, will do.
Thanks,
Siddh
On Fri, 05 Aug 2022 12:46:17 +0530 Eric Biggers wrote:
> I think patches 1 and 3 should be merged together.
>
> Also, please use a consistent version number for all patches in the series. You
> have a version 1, version 2, and version 4 patch all in the same series, which
> is very confusing.
>
> - Eric
>
Will do.
Sorry for the confusion.
Thanks,
Siddh