Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp2023278ybc; Wed, 13 Nov 2019 07:53:34 -0800 (PST) X-Google-Smtp-Source: APXvYqwHftpCGFEgMIyizCL9hrB8pGeD0ZgWe+2byXj+JEbqJrqM/NMscLoIYLRzTBlNZZ0SElW5 X-Received: by 2002:a50:fe96:: with SMTP id d22mr4341577edt.227.1573660414070; Wed, 13 Nov 2019 07:53:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573660414; cv=none; d=google.com; s=arc-20160816; b=B+1GBaxQYGtkSohJSHGMEtBffP1Z/2/N+1+v5WITHKOm2zq6mZ1IIF4driJqeAerD6 WgSXJkrJijuF36kUz4rw9eZuUX0kcTua4VbZYwA7sc5rJ9SCCFO2zD/hO44B3ellZ6Zh zqAZXmpwmdm+4OZC63kl5TcTVXwGd9mRHqG6DgmNSaz8Zh9DAlqy0xardDmGMK7EbjI9 UBZ3MT+tGbVESBwjmtX+/NYnzP6cJcxKpHb6m5IO4b5VFlpKq8LauUHYq+W5AibPdxPQ xHTgukaFRrhfKWX+djjPklmVs4pEC4WSdUe4A2VvH9S9pyYI14QN+X5WU1DowflqtSJx olow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=utSD9msrRobMAHhvuhF35QWHJGz/rsEyiC8Nt3LvZLM=; b=uc0uW6tM0rIXv7tdNY0+zfkCVe+jZjqnUs3EY6N6NX23YoguKlA0jNMW+/ruDm1Uy3 fvErMm71BZaQJFpXdYUhtFX+VB1x5dr3r3CWhoXvLOXu2dz51rsy7KXyUHXSg8ID6ZAM NyTKIu4fFGlBWzA+DlB1S8rdvYz/h3MInbKrWkMXooX2QuEln2BiXOjodPBFfu9LpPkk j7w9k+DzXl7Ij1/vw9r/NMfqIkYUB8LtvnbZLAoZY8Os3tjRMKv4avGi2gUf1TXTV2V7 qqVzaaPgczP2Ft95TjyYAOqxf248MMB0X7PFj6pbnSSNGkgcJrPWjWxR8L6BjhqJsw6N rShw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d6si1840640ede.119.2019.11.13.07.53.07; Wed, 13 Nov 2019 07:53:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727136AbfKMMwU (ORCPT + 99 others); Wed, 13 Nov 2019 07:52:20 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:47772 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbfKMMwU (ORCPT ); Wed, 13 Nov 2019 07:52:20 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1iUs88-0001Mh-K2; Wed, 13 Nov 2019 12:52:17 +0000 Date: Wed, 13 Nov 2019 12:52:16 +0000 From: Al Viro To: Amir Goldstein Cc: linux-fsdevel , Ritesh Harjani , linux-kernel , wugyuan@cn.ibm.com, Jeff Layton , Gao Xiang , Jan Kara , Linus Torvalds , ecryptfs@vger.kernel.org Subject: Re: [PATCH][RFC] ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable Message-ID: <20191113125216.GF26530@ZenIV.linux.org.uk> References: <20191022143736.GX26530@ZenIV.linux.org.uk> <20191022201131.GZ26530@ZenIV.linux.org.uk> <20191023110551.D04AE4C044@d06av22.portsmouth.uk.ibm.com> <20191101234622.GM26530@ZenIV.linux.org.uk> <20191102172229.GT20975@paulmck-ThinkPad-P72> <20191102180842.GN26530@ZenIV.linux.org.uk> <20191103163524.GO26530@ZenIV.linux.org.uk> <20191103182058.GQ26530@ZenIV.linux.org.uk> <20191103185133.GR26530@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 13, 2019 at 09:01:36AM +0200, Amir Goldstein wrote: > > - if (d_really_is_negative(lower_dentry)) { > > + /* > > + * negative dentry can go positive under us here - its parent is not > > + * locked. That's OK and that could happen just as we return from > > + * ecryptfs_lookup() anyway. Just need to be careful and fetch > > + * ->d_inode only once - it's not stable here. > > + */ > > + lower_inode = READ_ONCE(lower_dentry->d_inode); > > + > > + if (!lower_inode) { > > /* We want to add because we couldn't find in lower */ > > d_add(dentry, NULL); > > return NULL; > > Sigh! > > Open coding a human readable macro to solve a subtle lookup race. > That doesn't sound like a scalable solution. > I have a feeling this is not the last patch we will be seeing along > those lines. > > Seeing that developers already confused about when they should use > d_really_is_negative() over d_is_negative() [1] and we probably > don't want to add d_really_really_is_negative(), how about > applying that READ_ONCE into d_really_is_negative() and > re-purpose it as a macro to be used when races with lookup are > a concern? Would you care to explain what that "fix" would've achieved here, considering the fact that barriers are no-ops on UP and this is *NOT* an SMP race? And it's very much present on UP - we have fetch ->d_inode into local variable do blocking allocation check if ->d_inode is NULL now if it is not, use the value in local variable and expect it to be non-NULL That's not a case of missing barriers. At all. And no redefinition of d_really_is_negative() is going to help - it can't retroactively affect the value explicitly fetched into a local variable some time prior to that. There are other patches dealing with ->d_inode accesses, but they are generally not along the same lines. The problem is rarely the same...