Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp5188965pxv; Wed, 28 Jul 2021 05:26:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxhCQ/nt303/YNGEqkOUPyWbF/nHjUvOArhojPKNOy9InkG2E5dCfdchbi8jsn8PnJ4GW4C X-Received: by 2002:a17:907:1c9f:: with SMTP id nb31mr27245176ejc.342.1627475190863; Wed, 28 Jul 2021 05:26:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627475190; cv=none; d=google.com; s=arc-20160816; b=yQSopDQ9sIKvRZLSvgIViJjFIaYpy5tnzgQhx4IwwiSump/ItzfWXEhrPeXbp0/QKA 6j3oSBgygxMVqyiEcaO/vc1W2lfFRM/jO73QZdJU18uIw1FYFagIe1nBPYMxsnHRo4Da 2Uv7FroFvgy7RWkGBEhf4LXOGBvKDrMSWstxJIXD8jbR0mzdHpLCP4L+gxmJKYq0r45T nSKYU/2hbJf0Z8IQ1wa1dapahMNJOGTvC4IpxE5sLlggsSkuNmbFY+kllPpFyTWj8bBJ 7/BZkmjoToLEtOJGW56bImjgqolZCnhPHczn7s8rhMrQDPYYpPnGNTSJKFKJWKWb/NLs N/Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=aCB0O0BPzjwVZwEqkRlxokbHVO30cTre3aE2yTYnkNE=; b=c+GjO031QurxxJNC/IxP8hVIwSe/mPC/BjYvoSCQiAhGmAW2iRCjMN8M0/fDmBPv8V a6olflk/moyla47np0CR5DwqFg8U+lnwnGzZS741F+5Am/ZrQ2KfbkhyXenYeQT4nu7M zPtFrm5U84y75d/qGc7W2khGMukMEoElD6M9/+Y8iGKIQ5XWB9PFajXw0xavHWYp8GV0 QsRV+CndOn+uBhA6BHeVzVhWcGEJlpsvRFjTLUd5tmUSgJPNH/6T7Rs3MeLDq9y+y0jl JuXc52QVsYMRzHdVmteLjI8P9p15AH2ZFxc2xzTAjzWz62HYE70yX9vik+EgyrGfspsY L0Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=f8RFZbgy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p31si6939731edb.554.2021.07.28.05.26.07; Wed, 28 Jul 2021 05:26:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=f8RFZbgy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234869AbhG1MYx (ORCPT + 99 others); Wed, 28 Jul 2021 08:24:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:34628 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234601AbhG1MYx (ORCPT ); Wed, 28 Jul 2021 08:24:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5208E60C3E; Wed, 28 Jul 2021 12:24:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1627475091; bh=jlrPzEuJm9foO+7KNRHzPI4mF50awFwPR4lclougBGI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=f8RFZbgyPBX1w+my5BAr68m6Nr4g2HjcKFMrKBmJWOApLyn1qYBnskqFbTG0Jq6w7 EbLet8kbXNCQNYxoiocmnlinuiioqvUOHe6wY0H1KbAHw5wH0Csy41fimRSQblWsPz QYdMn7g5N+cQNFDPqq3C4Cpr/bVS42pH0KrX1Fal2G5oPg1AF0i7Dt4GcNnQ7RuAN0 dk0em/3RS99wV9E/xwik2bkjOYnl6MPw0Qsja53RB+A7YiVhbtJpJL8kjmzlBgkGUO tjfOst8LfA32m53rPf82tiuAX2loRRkdHPAj8U4wVtVXfMrv5BmwBB5wyPPuES5fiL naRfq9A9nV9Wg== Date: Wed, 28 Jul 2021 14:24:48 +0200 From: Alexey Gladkov To: Hillf Danton Cc: LKML , syzbot+01985d7909f9468f013c@syzkaller.appspotmail.com, syzbot+59dd63761094a80ad06d@syzkaller.appspotmail.com, syzbot+6cd79f45bb8fa1c9eeae@syzkaller.appspotmail.com, syzbot+b6e65bd125a05f803d6b@syzkaller.appspotmail.com, "Eric W. Biederman" Subject: Re: [PATCH v1] ucounts: Fix race condition between alloc_ucounts and put_ucounts Message-ID: <20210728122448.lh2e3nr4txhsmcwt@example.org> References: <000000000000efe97f05c74bb995@google.com> <20210728025837.1641-1-hdanton@sina.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210728025837.1641-1-hdanton@sina.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 28, 2021 at 10:58:37AM +0800, Hillf Danton wrote: > On Tue, 27 Jul 2021 17:24:18 +0200 Alexey Gladkov wrote: > > +++ b/kernel/ucount.c > > @@ -160,6 +160,7 @@ struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid) > > { > > struct hlist_head *hashent = ucounts_hashentry(ns, uid); > > struct ucounts *ucounts, *new; > > + long overflow; > > > > spin_lock_irq(&ucounts_lock); > > ucounts = find_ucounts(ns, uid, hashent); > > @@ -184,8 +185,12 @@ struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid) > > return new; > > } > > } > > + overflow = atomic_add_negative(1, &ucounts->count); > > spin_unlock_irq(&ucounts_lock); > > - ucounts = get_ucounts(ucounts); > > + if (overflow) { > > + put_ucounts(ucounts); > > Given if (atomic_add_unless(atomic, -1, 1)) > return 0; > > put can not help roll back overflow. In case of overflow, we don't try to rollback overflow. We return an error. > BTW can you specify a bit on the real workloads with the risk of count overflow? For example, one user has too many processes in one namespace. It is necessary to check and handle the possibility of counter overflow in this case. Linus described it here: https://lore.kernel.org/lkml/CAHk-%3dwjYOCgM%2bmKzwTZwkDDg12DdYjFFkmoFKYLim7NFmR9HBg@mail.gmail.com/ > > + return NULL; > > + } > > return ucounts; > > } > > > > @@ -193,8 +198,7 @@ void put_ucounts(struct ucounts *ucounts) > > { > > unsigned long flags; > > > > - if (atomic_dec_and_test(&ucounts->count)) { > > - spin_lock_irqsave(&ucounts_lock, flags); > > + if (atomic_dec_and_lock_irqsave(&ucounts->count, &ucounts_lock, flags)) { > > hlist_del_init(&ucounts->node); > > spin_unlock_irqrestore(&ucounts_lock, flags); > > kfree(ucounts); > > -- > > 2.29.3 > -- Rgrds, legion