Received: by 2002:a25:5b86:0:0:0:0:0 with SMTP id p128csp540714ybb;
        Thu, 28 Mar 2019 07:27:43 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzzdwPd+m4qYKGVZtnjmGXr78hlYB0DERwFDmWdD+siyButhBYyeAss7DJgukL6XeQaXNJE
X-Received: by 2002:a63:4e57:: with SMTP id o23mr38110012pgl.368.1553783263231;
        Thu, 28 Mar 2019 07:27:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553783263; cv=none;
        d=google.com; s=arc-20160816;
        b=DOGCoHlD9Ubb7Lw3CazpMSUamN2ZNwRapzeYSlAhXHiTens7CApwvcIt3KEvW1eh//
         34riCJUnczf6oPzykvVTt2FuMBGyTZNyVON5nWkTN3hvwetFJO1eHg21eMMeHkGuggJk
         1Y90OjP831BRWxxyhUj2lPpgnQ42Mq9qktAattVOu7J6uOHTZi7julGsygFSKktXn5pe
         CZLbK8ioZ98eR5L5oizJw7bDwq2abgXOHSIFsK7+swIDR7OGNyJWL87WH1zLBlJN43oF
         Ts1uSh2swDYbecrbyNS7IgV4aoXlH7dFMlLPHSrV/NhbxXkycGEQ1NvWnFqLG2w/m/Ut
         lruw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=Sq26IOhVttl9EHK7fffu4YwRcgIJOM2T6/BEKTCVp4o=;
        b=KIuCHjsGKFD/eHNTNjgGlF/YQK5KktuI8JomOWBrwhrRL1CN//J8ew/NWtbujy20N9
         p5wgWJHnYDWIo5L38pMencoz8+g41A5VToeu0I/3BKXhLhzQE4tehKdnhbks7Tz/lsJ+
         Apwnb9xT4C08fsuDxhRM70QS4wkgjplSHJjemlAIN5uxisaQEStI4CyuNL8zSq+9rJ6Q
         bzXGV0Kgf5V0ihsGsMkREiHegYq9R8vZfEfs6nBUdcs9zcY/7+8Q1ZRUtCvtqGwDI0hC
         FeuzqN5jW8TmNpGxq7DHGiEuyOD0Rc7Zbofsx/y8RRTW8cKQrPdG6tQ+k+iKJWV3MeXu
         4MIw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 82si21168401pft.35.2019.03.28.07.27.26;
        Thu, 28 Mar 2019 07:27:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726260AbfC1O0h (ORCPT <rfc822;sbrunau@gmail.com> + 99 others);
        Thu, 28 Mar 2019 10:26:37 -0400
Received: from mx1.redhat.com ([209.132.183.28]:24169 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726029AbfC1O0h (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Mar 2019 10:26:37 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 05009C04FFF9;
        Thu, 28 Mar 2019 14:26:25 +0000 (UTC)
Received: from dhcp-27-174.brq.redhat.com (unknown [10.43.17.68])
        by smtp.corp.redhat.com (Postfix) with SMTP id 981AD1001E69;
        Thu, 28 Mar 2019 14:26:20 +0000 (UTC)
Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000
        oleg@redhat.com; Thu, 28 Mar 2019 15:26:24 +0100 (CET)
Date:   Thu, 28 Mar 2019 15:26:19 +0100
From:   Oleg Nesterov <oleg@redhat.com>
To:     Joel Fernandes <joel@joelfernandes.org>
Cc:     Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Android Kernel Team <kernel-team@android.com>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <willy@infradead.org>,
        Michal Hocko <mhocko@suse.com>,
        "Reshetova, Elena" <elena.reshetova@intel.com>
Subject: Re: [PATCH] Convert struct pid count to refcount_t
Message-ID: <20190328142619.GA19441@redhat.com>
References: <20190327145331.215360-1-joel@joelfernandes.org>
 <CAGXu5j+nhsL_s36R0k5APUfP6cNiH-BGEJu6mV6UcsP0i3gtyA@mail.gmail.com>
 <CAG48ez1vZ5cngEKVtWTL9rz_K8K25b1sMKYrNs+jn4Va3KYucw@mail.gmail.com>
 <20190328023432.GA93275@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190328023432.GA93275@google.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 28 Mar 2019 14:26:37 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03/27, Joel Fernandes wrote:
>
> Also, based on Kees comment, I think it appears to me that get_pid and
> put_pid can race in this way in the original code right?
>
> get_pid			put_pid
>
> 			atomic_dec_and_test returns 1
> atomic_inc
> 			kfree
>
> deref pid /* boom */
> -------------------------------------------------
>
> I think get_pid needs to call atomic_inc_not_zero()

No.

get_pid() should only be used if you already have a reference or you do
something like

	rcu_read_lock();
	pid = find_vpid();
	get_pid();
	rcu_read_lock();

in this case we rely on call_rcu(delayed_put_pid) which drops the initial
reference.

If put_pid() sees pid->count == 1, then a) nobody else has a reference and
b) nobody else can find this pid on rcu-protected lists, so it is safe to
free it.

Oleg.