Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2610744pxu; Sat, 28 Nov 2020 22:08:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJwuXfH+elt4QzsjtQZW1ECajJO1gpZh8L2bhXLQzWw7t1xSrAqTOdoRGZ9WTbp0l1fcSBjf X-Received: by 2002:aa7:d443:: with SMTP id q3mr15785904edr.262.1606630085291; Sat, 28 Nov 2020 22:08:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606630085; cv=none; d=google.com; s=arc-20160816; b=E1NZV6od504X3iIZwKrf04KI0Fcw52YTzj8YYRH5LhEvWc1dzivR/PipN0ELWWOmWB mG/z4Q57XlTQdPcw7tM1uWAoeMmAmnJ4lWcr60k74Q8a+XXiv3nVNQNKXVenhj1pydlv NJYvAwKN19m056HsAzBHBn/Bisn1p5EnLD96YLxxr9wRzy/e2QTReepfhI23ipAVM7xA vnfty1N3YAl8TC/74/CxnKpD2nVhn48sw8YbCW1drgHifB0mkcXYUmMG1oJtpd7wiPCH i+k/65mBivIDI7AOFi6rsJ/nbP3F/tPrlAdIsMKCtgsC9YQCZypYkmRyXRKpRWlqDL3t l+GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=FBlTZCTkopuUBzs/HkFfJK8NXujjySX80gaJ1IikQV0=; b=F+EsKfoZIVPgePVXjCJ78AYVTQ8SGbnq3KyI5zmfFj4ugs9i9jxtL+B8VckWZwm84S F18JWkr1Rp3UCFSCGi56ZhO18oH+ltugAjnPyboNnI/N1I8ZG1MVzk7h5yNGSy32GEhq mZukVUPhmnegt9brPGvDfeFit664GT99oRqeHH9xSxG7/ZyrU46FW9xHFayJtVZejDNP RqohUWWu4US3I0TIBagrl72N5xIGXp1KbwuqZtqvBZ7PGZ+vyuFnADVgNuftxizarmDy iE2XiTJrEEbF/fpDvbDXGPVyQ4cxk0Pf382pLTawmJQw5D4kW5soM9tq+gU1q09mAr5L 6RuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=btwmUo94; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a18si9981012ejr.333.2020.11.28.22.07.42; Sat, 28 Nov 2020 22:08:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=btwmUo94; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726218AbgK2GFs (ORCPT + 99 others); Sun, 29 Nov 2020 01:05:48 -0500 Received: from mail.kernel.org ([198.145.29.99]:47772 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726076AbgK2GFs (ORCPT ); Sun, 29 Nov 2020 01:05:48 -0500 Received: from localhost (82-217-20-185.cable.dynamic.v4.ziggo.nl [82.217.20.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 044D82076A; Sun, 29 Nov 2020 06:05:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606629907; bh=5aWFhJgbKoTM+X/d62wGGVwXdEBsZBjLZrpbYO/sMMM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=btwmUo94iBlYyhWD1fTlXmn98jsamsV6RyJnoykDVKGjXFeVmQzCFPfIwaK7bMCd8 3RbgANHJlIc7OLY1Rg+wfSBdAjCMASEWnIlHyJAVDd4nOb3TcoKwo28SPXKN2gm9rQ bylgmH2XYJfCnW5H3z4RBjDrC43Yaf4NzZPs+o6I= Date: Sun, 29 Nov 2020 07:05:03 +0100 From: Greg Kroah-Hartman To: Wen Yang Cc: Sasha Levin , linux-kernel@vger.kernel.org, "Eric W. Biederman" , Al Viro , stable@vger.kernel.org Subject: Re: [PATCH] exit: fix a race in release_task when flushing the dentry Message-ID: References: <20201128064722.9106-1-wenyang@linux.alibaba.com> <24bd714d-f598-c7c6-6821-38fd9c1f4d2b@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Nov 28, 2020 at 11:28:53PM +0800, Wen Yang wrote: > > > 在 2020/11/28 下午10:05, Greg Kroah-Hartman 写道: > > On Sat, Nov 28, 2020 at 09:59:09PM +0800, Wen Yang wrote: > > > > > > > > > 在 2020/11/28 下午4:06, Greg Kroah-Hartman 写道: > > > > On Sat, Nov 28, 2020 at 02:47:22PM +0800, Wen Yang wrote: > > > > > [ Upstream commit 7bc3e6e55acf065500a24621f3b313e7e5998acf ] > > > > > > > > No, that is not this commit at all. > > > > > > > > What are you wanting to have happen here? > > > > > > > > confused, > > > > > > > > greg k-h > > > > > > > > > > Thanks. > > > Let's explain it briefly: > > > > > > The dentries such as /proc//ns/ipc have the DCACHE_OP_DELETE flag, they > > > should be deleted when the process exits. > > > Suppose the following race appears: > > > > > > release_task dput > > > -> proc_flush_task > > > -> dentry->d_op->d_delete(dentry) > > > -> __exit_signal > > > -> dentry->d_lockref.count-- and return. > > > > > > > > > In the proc_flush_task function, because another processe is using this > > > dentry, it cannot be deleted; > > > In the dput function, d_delete may be executed before __exit_signal (the pid > > > has not been unhashed), so that d_delete returns false and the dentry can > > > not be deleted. > > > > > > So this dentry is still caches (count is 0), and its parent dentries are > > > also caches, and those dentries can only be deleted when drop_caches is > > > manually triggered. > > > > > > > > > In the release_task function, we should move proc_flush_task after the > > > tasklist_lock is released(Just like the commit > > > 7bc3e6e55acf065500a24621f3b313e7e5998acf did). > > > > I do not understand, is this a patch being submitted for the main kernel > > tree, or for a stable kernel release? > > > > If stable, please read: > > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > > for how to do this properly. > > > > If main kernel tree, you can't have the "Upstream commit" line in the > > changelog text as that makes no sense at all. > > > Hi, > This patch is submitted to the stable branches (from 4.9.y > to 5.6.y). > > This problem can also be solved if the following patch could be ported to > the stable branch: > 7bc3e6e55acf ("proc: Use a list of inodes to flush from proc") > 26dbc60f385f ("proc: Generalize proc_sys_prune_dcache into > proc_prune_siblings_dcache") > f90f3cafe8d5 ("proc: Use d_invalidate in proc_prune_siblings_dcache") > > However, the above-mentioned patches modify too much code (more than 100 > lines), and there may also be some undiscovered bugs. > > So the safer method may be to apply this small patch(also ported from the > equivalent fix already exist in Linus’ tree). > > We will reformat the patch later. We always prefer to take the original, upstream patches, instead of one-off changes as almost always, those one-off changes end up being wrong and hard to work with over time. So if we need more than one patch to solve this reported problem, that's fine, can you test the above series of patches and provide a backported set of them that we can use for this? thanks, gre gk-h