Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2846774pxu; Sun, 29 Nov 2020 06:47:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJyIgGmmJASKksR/fGc0KVauTJaT4ZaObg2KCXTejc5ekNskcBKDMMKb1QHcIEeUmFyZ7yvM X-Received: by 2002:a50:b264:: with SMTP id o91mr17269463edd.7.1606661276477; Sun, 29 Nov 2020 06:47:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606661276; cv=none; d=google.com; s=arc-20160816; b=eRsQUE6Z73MM1sXQRCx5/q070JTYbXqgBCSvdP2wFuKwtu12UH2l4ILQQL/WATqPxz VpOx30aQg451DHmG8d+1j7dRsMDAsPv2HBm7WCyc9bOUfAUFhlLGsNw/L88ImpgqGydq 1haut2AoA4tjopXAVweCKrLPc9PeA1Mh0IU7JNJt4XWKkms0jl1QW51ovztKsCmPqU+P 4vQ7iiBRGmYCSgWbf1bzgpzBBkQTV1aFzxhHdaybYYVGZNRLGFKnCbSVEZwGIwwr5gRi /OLV/StSD7E5Q0Nc52XlXHQdpeDQera/x+p/u4Q/O/12snB2Wdm2PjEIuMdnowJGj+O6 6T9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=pUZdJYxLgigdjEho6+93EaHj9SxSMGyHIMdZ3ipS1po=; b=i0tIsub2a8InHvZMMZBDsahr7CeDI+n74O2rUR/MaJvgu2vzmzFcHgikHUG4MGxscL mVRbrsFtmIjgkLGRu9FVD06mIJ3yYASwNh2NPzz/ymiN1X6syId7HhT7JgaW8fKuC8zu 9TQkvddWlH2l6F5ci4I3XdtFxXxuxXriWlvE8dpktOCaLEoebx3YBye+CjYlE6kZ6Vo8 omGyI+D58GitwYx0VY7KHkWPqrsvopEOu8QdFNU2+Ut1jmmynAB7mkp0NZiJnm8xvFZP 1t4WdzLMbogEJcya+/uM8BjL0Kemavbtnv0hYPLLpJ7VO8mpp229uc/h7dxHqob5zbha ltpg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bx14si9422184edb.13.2020.11.29.06.47.31; Sun, 29 Nov 2020 06:47:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727676AbgK2Ooq (ORCPT + 99 others); Sun, 29 Nov 2020 09:44:46 -0500 Received: from out30-130.freemail.mail.aliyun.com ([115.124.30.130]:41896 "EHLO out30-130.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725882AbgK2Ooq (ORCPT ); Sun, 29 Nov 2020 09:44:46 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04423;MF=wenyang@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0UGswpZn_1606661010; Received: from IT-C02W23QPG8WN.local(mailfrom:wenyang@linux.alibaba.com fp:SMTPD_---0UGswpZn_1606661010) by smtp.aliyun-inc.com(127.0.0.1); Sun, 29 Nov 2020 22:43:31 +0800 Subject: Re: [PATCH] exit: fix a race in release_task when flushing the dentry To: Greg Kroah-Hartman Cc: Sasha Levin , linux-kernel@vger.kernel.org, "Eric W. Biederman" , Al Viro , stable@vger.kernel.org References: <20201128064722.9106-1-wenyang@linux.alibaba.com> <24bd714d-f598-c7c6-6821-38fd9c1f4d2b@linux.alibaba.com> From: Wen Yang Message-ID: Date: Sun, 29 Nov 2020 22:43:30 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2020/11/29 下午2:05, Greg Kroah-Hartman 写道: > On Sat, Nov 28, 2020 at 11:28:53PM +0800, Wen Yang wrote: >> >> >> 在 2020/11/28 下午10:05, Greg Kroah-Hartman 写道: >>> On Sat, Nov 28, 2020 at 09:59:09PM +0800, Wen Yang wrote: >>>> >>>> >>>> 在 2020/11/28 下午4:06, Greg Kroah-Hartman 写道: >>>>> On Sat, Nov 28, 2020 at 02:47:22PM +0800, Wen Yang wrote: >>>>>> [ Upstream commit 7bc3e6e55acf065500a24621f3b313e7e5998acf ] >>>>> >>>>> No, that is not this commit at all. >>>>> >>>>> What are you wanting to have happen here? >>>>> >>>>> confused, >>>>> >>>>> greg k-h >>>>> >>>> >>>> Thanks. >>>> Let's explain it briefly: >>>> >>>> The dentries such as /proc//ns/ipc have the DCACHE_OP_DELETE flag, they >>>> should be deleted when the process exits. >>>> Suppose the following race appears: >>>> >>>> release_task dput >>>> -> proc_flush_task >>>> -> dentry->d_op->d_delete(dentry) >>>> -> __exit_signal >>>> -> dentry->d_lockref.count-- and return. >>>> >>>> >>>> In the proc_flush_task function, because another processe is using this >>>> dentry, it cannot be deleted; >>>> In the dput function, d_delete may be executed before __exit_signal (the pid >>>> has not been unhashed), so that d_delete returns false and the dentry can >>>> not be deleted. >>>> >>>> So this dentry is still caches (count is 0), and its parent dentries are >>>> also caches, and those dentries can only be deleted when drop_caches is >>>> manually triggered. >>>> >>>> >>>> In the release_task function, we should move proc_flush_task after the >>>> tasklist_lock is released(Just like the commit >>>> 7bc3e6e55acf065500a24621f3b313e7e5998acf did). >>> >>> I do not understand, is this a patch being submitted for the main kernel >>> tree, or for a stable kernel release? >>> >>> If stable, please read: >>> https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html >>> for how to do this properly. >>> >>> If main kernel tree, you can't have the "Upstream commit" line in the >>> changelog text as that makes no sense at all. >> >> >> Hi, >> This patch is submitted to the stable branches (from 4.9.y >> to 5.6.y). >> >> This problem can also be solved if the following patch could be ported to >> the stable branch: >> 7bc3e6e55acf ("proc: Use a list of inodes to flush from proc") >> 26dbc60f385f ("proc: Generalize proc_sys_prune_dcache into >> proc_prune_siblings_dcache") >> f90f3cafe8d5 ("proc: Use d_invalidate in proc_prune_siblings_dcache") >> >> However, the above-mentioned patches modify too much code (more than 100 >> lines), and there may also be some undiscovered bugs. >> >> So the safer method may be to apply this small patch(also ported from the >> equivalent fix already exist in Linus’ tree). >> >> We will reformat the patch later. > > We always prefer to take the original, upstream patches, instead of > one-off changes as almost always, those one-off changes end up being > wrong and hard to work with over time. > > So if we need more than one patch to solve this reported problem, that's > fine, can you test the above series of patches and provide a backported > set of them that we can use for this? > Ok, we will follow your suggestions. Thanks. -- Best wishes, Wen