Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1020536pxm; Wed, 23 Feb 2022 16:06:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJxRzVFxWz9Ayr/66XQW1HmjIBuaDRZY9AnVh+JMKw03uy2tGtMJoBy/Isu0WmQHWPUDWadY X-Received: by 2002:a63:e215:0:b0:373:9dd6:4b99 with SMTP id q21-20020a63e215000000b003739dd64b99mr179029pgh.561.1645661197750; Wed, 23 Feb 2022 16:06:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645661197; cv=none; d=google.com; s=arc-20160816; b=yOvyI8t1vcPsAXfI+9tDLwrYi+NlucPycUu4v4EybiTTOFRZ3fNATtxpU+pfVyrKdz UD5LGG5amHonBNRkeXPwnI97oRTGz+7T4oWXpAcFicqzlt5cAogiRcVtaePTCWLKrnRf 1sOAGZIunQ9YWe74LY+lhyBryXU/WyAf0Pp7aJR/QDjgDwk8Kn0/77Au7/LAw+x3fE0/ WNnIjCc2Nc/SScyAeSzesyyvDlbY6wybRfFUiT9MD5ODgGhhmBV+AHbZOVLKc26EXL8Z 0Ryf9C/Ibt6GlWqPtHZEBQYTRnzsF6SiyF9GBLzWN65OtAgYT35gX73MJYclnUmlWfqh esuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=BINvMWFOT7xvxvViQT8D36POQ4xMkDFjgZSnWEqMKQk=; b=iSW4kEbv3g1iBFrGkhxGVkXaCpmQdZJsdrFyrcJ49BL4yU3kaOnz5CNbES2MzgaihZ CTbH1OLtT2hX2FwCZ/x3pX4Yk7u+4li+2eYM/ehUsGlPn77tq+vZMnJzn2isQPfo2dXu Ymm0uVgRTVA8a1ywZ0Ke8/62i3ECk570t4bWTsmI8HnGKJUAv6XkydYG1m8JvRbKiwoC R2HTdvnpOBupUXAKXR4PVdwxf8wyalMeeclYiM7+FPOZCAnWiAtqSBBq04SJGJfUQcmy luVVzRr3z0evCX4q+rGmcLnAZOmHiH24UCEv7ukHoBtskY6XmOUk3wDBHa/r5G+dXxp4 XD4A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n13si1105769plf.196.2022.02.23.16.06.10; Wed, 23 Feb 2022 16:06:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244785AbiBWXYl (ORCPT + 99 others); Wed, 23 Feb 2022 18:24:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235909AbiBWXYk (ORCPT ); Wed, 23 Feb 2022 18:24:40 -0500 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6636F4BFFB; Wed, 23 Feb 2022 15:24:11 -0800 (PST) Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1nN0zQ-004Ozy-UT; Wed, 23 Feb 2022 23:24:09 +0000 Date: Wed, 23 Feb 2022 23:24:08 +0000 From: Al Viro To: Levi Yun Cc: keescook@chromium.org, ebiederm@xmission.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fs/exec.c: Avoid a race in formats Message-ID: References: <20220223231752.52241-1-ppbuk5246@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220223231752.52241-1-ppbuk5246@gmail.com> Sender: Al Viro X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 24, 2022 at 08:17:52AM +0900, Levi Yun wrote: > Suppose a module registers its own binfmt (custom) and formats is like: > > +---------+ +----------+ +---------+ > | custom | -> | format1 | -> | format2 | > +---------+ +----------+ +---------+ > > and try to call unregister_binfmt with custom NOT in __exit stage. Explain, please. Why would anyone do that? And how would such module decide when it's safe to e.g. dismantle data structures used by methods of that binfmt, etc.? Could you give more detailed example? Because it looks like papering over an inherently unsafe use of binfmt interfaces...