Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp2387338ybg;
        Thu, 30 Jul 2020 19:54:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzAurl6sodSQWQ7rp1obW2OIKqlY7caJldOYg9rCfS0elrycR+6OU3Zds4bL2u4jMsfo4M3
X-Received: by 2002:a17:906:e289:: with SMTP id gg9mr2120475ejb.448.1596164079598;
        Thu, 30 Jul 2020 19:54:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1596164079; cv=none;
        d=google.com; s=arc-20160816;
        b=HzqjiUynX3mTLmW7BJlXcQcpwyRbgynEHTaxqM+yKWekpguZ2iaKYp5M8SkpV2HI0d
         JQfY2YYtznSLTT+YVm/u7ouPInIN+CNOyzaJBE6DPHmDTKbyCW+9l8jh9YdlQquiFMlw
         RX6+3vqzdMjNKtg+PxdNe8tyBKHqSlY3geoyPDt6A87xvOmWOv0EGZaLqFNGOl9PABk5
         z+ESdQviK6Q1PhVPPcVaj81y/XNnRsquxB2hM2v/pCkYfFZ61yfJ46/u1Az18rGFW4DU
         0erCW8s38hyuph26cbc+DumDcAjaQv/v08QzdFPDXfI7dOc8eJ+mSjupqlr9O4fHsCPH
         lnLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=l+uP1W3s0IVnpqxnYvYPs1ilzRwp+d/Px1T0E6Ky5Ck=;
        b=imntU0WRmUOOpbB330hfOyzOfEwAU0xhjE8W/btBgob0LZUpDnEd0JWVfPEhYylb3L
         IdQId91mKXBnPwMoz2J+gcp5Gld52Qybgzqq/HxdcXTS4ZJK8rWxKh0KDI8WprDJ3WvU
         6ypz58W7m/74pO2QGvb+AEMVQhbm3/ce4Z5EheFkocdpWX+iB6qz9MGs5PpL5Ak8UaSf
         84/SkTdF2PJnwPdoD+1IDk46yOGsFsWfyhML0bPyqGn64u4IYkCcPMvHu82lT7QrP/KW
         nXCzprpQ/Y2mZ+mCzHD8URduQ+vN+qFcUv7qouGoYuVJAaKC47PqVnOZqboZyIL1Crcs
         w9vA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=v3IsjUzK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dn20si6506042ejc.111.2020.07.30.19.54.17;
        Thu, 30 Jul 2020 19:54:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=v3IsjUzK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731161AbgGaCxO (ORCPT <rfc822;vipinmukundan46@gmail.com>
        + 99 others); Thu, 30 Jul 2020 22:53:14 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56820 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731124AbgGaCxN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 30 Jul 2020 22:53:13 -0400
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60F3FC061574
        for <linux-kernel@vger.kernel.org>; Thu, 30 Jul 2020 19:53:13 -0700 (PDT)
Received: by mail-pj1-x1031.google.com with SMTP id t6so2574830pjr.0
        for <linux-kernel@vger.kernel.org>; Thu, 30 Jul 2020 19:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=kernel-dk.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=l+uP1W3s0IVnpqxnYvYPs1ilzRwp+d/Px1T0E6Ky5Ck=;
        b=v3IsjUzK4d6pM7yq9hMm7rOU9fqC6NDmZxMWXHhysuQnFv3vTCfwFeIsNDP7cWlwkS
         b3a/UKkZRC0eOy4Rh4/01Ljc9CBJrCkhywpPugYjmHPVqkPrngCACI06EslGsXit3KgG
         k2tNPiLHhGNlLj8TGMYyQk29QW2VMb1avqactPLyPRCGHswWbv4KO1o3nXFCRt7ROVfj
         xUdm1lv9qHTei7A+FP5b5RMHMVe7ryYKTyeRTppajpO6cMp0JT34GpDtEcbLM5dyOYTM
         avuLVIMxEifZ4m+mL9pg2X1OfUWbXksxXjAp1zjwN+M0VLvSvWz5ZFVjs5x3BgaU+BLF
         FbyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=l+uP1W3s0IVnpqxnYvYPs1ilzRwp+d/Px1T0E6Ky5Ck=;
        b=YURHt1l/Gas5vAcM6ekcbbZkcui0/S4EKxmiECq+rDsjoGTS8SVg3enNCp+9Kw+JQk
         r+Pzp3mykiTttFKzZpWlHSBwJIYEJG8ZuC8hH0l+4eqOV5mTrjXREzXewR1isRRn67kb
         SLLGR1E/0T2uFhtS00yygnFDzXxKnm2o7ZbupDZ5XHy12IhyYq5F1DJuSYXWS85NRG7c
         5MbWUFxwUtA3RWRBFvNQsKN7p9oV/5HDZoyl91SRU4qpGG+NXHUsQV0CHrZb0xEJffwO
         jgED+jfE/axsfkPufwjnhDLQuhHNbFjfoMdwrbYjYSf4hHModG5dYyrxVsk6qX7BrSKS
         p6vg==
X-Gm-Message-State: AOAM531PAi0EA8X6ieVZH1k66vxKWWdGcHsAF0O1krmqlal0vzuQG518
        18aAM7C6cvTacbWTtShaDCNGrg==
X-Received: by 2002:a17:90a:2309:: with SMTP id f9mr1923822pje.235.1596163992775;
        Thu, 30 Jul 2020 19:53:12 -0700 (PDT)
Received: from [192.168.1.182] ([66.219.217.173])
        by smtp.gmail.com with ESMTPSA id r77sm8390953pfc.193.2020.07.30.19.53.11
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 30 Jul 2020 19:53:12 -0700 (PDT)
Subject: Re: KASAN: use-after-free Read in io_uring_setup (2)
To:     Hillf Danton <hdanton@sina.com>
Cc:     syzbot <syzbot+9d46305e76057f30c74e@syzkaller.appspotmail.com>,
        io-uring@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
        viro@zeniv.linux.org.uk, Markus Elfring <Markus.Elfring@web.de>
References: <20200731014541.11944-1-hdanton@sina.com>
 <20200731022859.6372-1-hdanton@sina.com>
From:   Jens Axboe <axboe@kernel.dk>
Message-ID: <89fcf8d1-3c87-bd07-b974-e9c012eb1eea@kernel.dk>
Date:   Thu, 30 Jul 2020 20:53:10 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200731022859.6372-1-hdanton@sina.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 7/30/20 8:28 PM, Hillf Danton wrote:
> 
> On Thu, 30 Jul 2020 20:07:59 -0600 Jens Axboe wrote:
>> On 7/30/20 7:45 PM, Hillf Danton wrote:
>>>
>>> Add the missing percpu_ref_get when creating ctx.
>>>
> [...]
>> The error path doesn't care, the issue is only after fd install. Hence
> 
> Yes you are right.
> 
>> we don't need to grab a reference, just make sure we don't touch the ctx
>> after fd install.
> 
> This is a cure, not a generic one as it maybe a potpit for anyone adding
> changes here since on. But that's quite unlikely as this is a way one-off
> path.
> 
>> Since you saw this one, you must have also seen my
>> patch. Why not comment on that instead?
> 
> You know, it is unusually hard to add anything in your field, and I hit the
> send button after staring at the screen for two minutes, given a different
> approach.

The patch was sent out 7h ago. My suggestion would be to at least see
what other people may have commented or posted on the topic first, instead
of just ignoring it point blank and sending something else out.

A good way to start a discussion would be to reply to my email in this
very thread, with why you think an alternate solution might be better.
Or point out of there are errors in it. Just ignoring what else has been
posted just comes off as rude, to be honest.

You've got patches in for io_uring in the past, and I'd surely like to
see that continue. But working together is helping each other out, not
working in a vacuum, pretending not to see what else is being discussed
or posted.

-- 
Jens Axboe