Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp2111922ybc; Wed, 13 Nov 2019 09:09:21 -0800 (PST) X-Google-Smtp-Source: APXvYqzMKIjy2RwS2P+5GMhglnabc1+SwSMECCndclXmtvjMpx9cJ9qhW0jYlE/n5/EvFdc7bDyE X-Received: by 2002:aa7:c048:: with SMTP id k8mr4758956edo.254.1573664961002; Wed, 13 Nov 2019 09:09:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573664960; cv=none; d=google.com; s=arc-20160816; b=lKxehpb2iQ4IZQx5QP+YEuURkgSGdXVYXEHTdB1Fo1eHt5ffR08ExkyC4U+/+gBN6n WB16xeCFT9WFR/pBdEQ8w8EhfKK+tU3aM3JFa4PRaDTYyNvupzMYNHVzKrkwAQCllajy A6P6ncTBw6wltMaLgIxCsHY0On5f9Jv7UA+3gQ04h2768wZPF2WE6TjPf3SJ0m9mkBUB IINXdQUUdeXLWOBChcOSjD/aVtMyYIHQocGbN+wF8GvNdOjH+TLCzqOewJIuuwishEPO 7EzGSsaR/W6ww8Bbqz2hj0pvmV8ZHjmJIbLgbkxF6Z1yqS0/iZh3c1duzZoSHkb7tz/x TEvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=wrNEKbAI8SdPL4/nZNWweKCBGdbsKNPBi2tTjgkTk4g=; b=zkD9evyI2o4dqQdNvDn+DpkSfzA2KPhYcBVOsZsSsMCymHsCCoBJnoiQFPudnhfRfK s0Ac15hlv4wDjO9Gl+UWTAtpJ2TfEjCxGBpZVmID55LZw1k66kMt/TAv8pt6BV4tq+/G K6eg5LW3f/bRyn2WdQfjYQpjwuT0IEMRpDLT8e24s8+aZEDL/qXEZdFsckUj2SwZj3uh hwhbx2KHHXc+cvGxmIDxrbFxIEJNzWF3pfgrfJEAzu/Ry9wierVdp+qIhFi9ztKohWTR /zmQ4+985NxFJRhD0tCL89FvMfn90xUKjxQbX6pgnqnjm/qz4js6EakWzGPYoq9ypuI2 mCDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="dr/pD/nd"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d24si1926222eda.162.2019.11.13.09.08.56; Wed, 13 Nov 2019 09:09:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="dr/pD/nd"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728297AbfKMQWS (ORCPT + 99 others); Wed, 13 Nov 2019 11:22:18 -0500 Received: from mail-yb1-f195.google.com ([209.85.219.195]:33037 "EHLO mail-yb1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726098AbfKMQWS (ORCPT ); Wed, 13 Nov 2019 11:22:18 -0500 Received: by mail-yb1-f195.google.com with SMTP id i15so1183151ybq.0; Wed, 13 Nov 2019 08:22:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wrNEKbAI8SdPL4/nZNWweKCBGdbsKNPBi2tTjgkTk4g=; b=dr/pD/ndVpnhQ/dq8vwt31HTFhiLecVsaulHcl8WYtV7IlU6Vk6Q2zoGJoZPO0Q9lg 0kqoeQhbXKNkDNlyDCfM5Z3Q9cdUg3sBTb/ZvKqQ16U/WLseWLg6mWtPTr1ar4clvrqE VchRnBOu+R3jh2MGWvvhXAMpI7He3QdrA6ARhAvsIXN850RnNBNxcmbIzsveOg2oiLU8 yX4SglKyPb6phah2sZi9ZCKd6Jvf/R9rRPSifGYwYz2gkkO7sqxW9A1QBw6lW4Szd5L8 CUJSn1m/GKcc4aE1TYmjvsEbUsvDxirufa2cE++pM2XjuQL6VkBhpB2/xipSCRqXh/oD hqDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wrNEKbAI8SdPL4/nZNWweKCBGdbsKNPBi2tTjgkTk4g=; b=PJO8V9D9d1s62Dkt1SL2YOXmYcaFc8zYrf70KuUDK5Rio2Txj0XbVvAQ5BU6Em5gSL 9RAIh+sdu96PRwJVf+3CfBiVL3R9MSUyMPQJtHd4wVQybrkpw9NWhRG2nqZy91MDplwu 7JBJhdHoqN58mAXeEUwWs99nM7KA3nLS9yhEJ4+TgguiMmSHbWdOXr3DpRxAAkbb8xEf lhiY0jcMx4EmJAQ/TNGTiQhErUQckeXgjR3Qa5Idn7Yl4xJNmGYjSMU9F3SSh6xxMc+W YKJm9b1nSqWzYu0qxCjmIRTr0ydM7EB1RrwFN1SjY4T0NxIOY7JYnISaUmiTWSbt3Owp E+9A== X-Gm-Message-State: APjAAAX8A8BQ85yCXfaS0bW7q14I82qOTnIlw4DKxsPfZo5A+84a/kgN 80esdLRsQLhNqGWCdXf7nLf1Yekv30DGGuyKvRo= X-Received: by 2002:a25:383:: with SMTP id 125mr3323615ybd.45.1573662136812; Wed, 13 Nov 2019 08:22:16 -0800 (PST) MIME-Version: 1.0 References: <20191022143736.GX26530@ZenIV.linux.org.uk> <20191022201131.GZ26530@ZenIV.linux.org.uk> <20191023110551.D04AE4C044@d06av22.portsmouth.uk.ibm.com> <20191101234622.GM26530@ZenIV.linux.org.uk> <20191102172229.GT20975@paulmck-ThinkPad-P72> <20191102180842.GN26530@ZenIV.linux.org.uk> <20191103163524.GO26530@ZenIV.linux.org.uk> <20191103182058.GQ26530@ZenIV.linux.org.uk> <20191103185133.GR26530@ZenIV.linux.org.uk> <20191113125216.GF26530@ZenIV.linux.org.uk> In-Reply-To: <20191113125216.GF26530@ZenIV.linux.org.uk> From: Amir Goldstein Date: Wed, 13 Nov 2019 18:22:05 +0200 Message-ID: Subject: Re: [PATCH][RFC] ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable To: Al Viro Cc: linux-fsdevel , Ritesh Harjani , linux-kernel , wugyuan@cn.ibm.com, Jeff Layton , Gao Xiang , Jan Kara , Linus Torvalds , ecryptfs@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 13, 2019 at 2:52 PM Al Viro wrote: > > On Wed, Nov 13, 2019 at 09:01:36AM +0200, Amir Goldstein wrote: > > > - if (d_really_is_negative(lower_dentry)) { > > > + /* > > > + * negative dentry can go positive under us here - its parent is not > > > + * locked. That's OK and that could happen just as we return from > > > + * ecryptfs_lookup() anyway. Just need to be careful and fetch > > > + * ->d_inode only once - it's not stable here. > > > + */ > > > + lower_inode = READ_ONCE(lower_dentry->d_inode); > > > + > > > + if (!lower_inode) { > > > /* We want to add because we couldn't find in lower */ > > > d_add(dentry, NULL); > > > return NULL; > > > > Sigh! > > > > Open coding a human readable macro to solve a subtle lookup race. > > That doesn't sound like a scalable solution. > > I have a feeling this is not the last patch we will be seeing along > > those lines. > > > > Seeing that developers already confused about when they should use > > d_really_is_negative() over d_is_negative() [1] and we probably > > don't want to add d_really_really_is_negative(), how about > > applying that READ_ONCE into d_really_is_negative() and > > re-purpose it as a macro to be used when races with lookup are > > a concern? > > Would you care to explain what that "fix" would've achieved here, > considering the fact that barriers are no-ops on UP and this is > *NOT* an SMP race? > > And it's very much present on UP - we have > fetch ->d_inode into local variable > do blocking allocation > check if ->d_inode is NULL now > if it is not, use the value in local variable and expect it to be non-NULL > > That's not a case of missing barriers. At all. And no redefinition of > d_really_is_negative() is going to help - it can't retroactively affect > the value explicitly fetched into a local variable some time prior to > that. > Indeed. I missed that part of your commit message and didn't realize the variable was being used later. The language in the comment "can go positive under us" implied SMP race so I misunderstood the reason for READ_ONCE(). Sorry for the noise. Amir.