Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp4941692rwb; Wed, 17 Aug 2022 08:25:08 -0700 (PDT) X-Google-Smtp-Source: AA6agR4T08gs2U6lsDOlsVUmeNaNI0S9O6PHrdyz8E6SLF2th9tlDfJYmnjoTdmCljtPynodP3/I X-Received: by 2002:a17:902:d48f:b0:16f:a73:bf04 with SMTP id c15-20020a170902d48f00b0016f0a73bf04mr26969710plg.43.1660749908368; Wed, 17 Aug 2022 08:25:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660749908; cv=none; d=google.com; s=arc-20160816; b=j2q/U+9dEifq4ZIgbafaoQbX153TItLERHVk9H1ZeTnPu16waJYTAiyC5UU5+R8nwH wrxMXWnP4HdDeOK4AGgXfEp0tf+oMXpzbvaDMyOD+kAAME6D0SPPMsbga7bp06uK4f6a 5ghUULbSnyi8WR+QgDaQBVA5NDtoGftXwSwe8ApwvTr1HVTYDrgQjy6UiJnk62pfDLrl YcPuTRrMjv1fAoY5tK3DKrtCXY5rgo0fEzHCA1X5fWzDxZIXfH7PjXZuygfNtUEaxZ7q aZ9W91u5KoVQzmbWPFeuuuNyEiO3DSYdpqwY0BTylkeucSzkSn1nsV5PCo0MlazMGSou jd5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=+mo399GY6ufyD8AOQeB4UUIRSNutwXNmS/aC7b4Nd7Q=; b=Dkdrh4UwGxJaXSznMwWc2sTmc0pDBaByhJ4pvtcsbVHu3jVuxqrJ+MjpR7Z9kBw87W CX2h3X9MUtH+4ngqmies1HoZ5e3DngafC5Pq4vyxR/ntyEdgOx24vpzjK9GRQgLxDIjW q2nu1GS/QlbuhYFK4ZRpNRqSKkG1W2VM6QTub1K7SG2uLSKiH+oNiRrX8wjb+2ym/AuH 9Zp4QWZYLYXIiNBrjWp+IlR12GPbNkBvbRCD5g1cN5XFwyr4my+RJNiREMxCJrDuTW8k QBsmN0Ub6XXaHR0YS7g012vQmsGDeuw10HgbWmjv1snO7Rmh9wdMjTFEGt7s30r6AHEU IjdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tMOKTArV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c82-20020a624e55000000b0052af8afa07asi16046221pfb.64.2022.08.17.08.24.55; Wed, 17 Aug 2022 08:25:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tMOKTArV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239996AbiHQPGD (ORCPT + 99 others); Wed, 17 Aug 2022 11:06:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240830AbiHQPFi (ORCPT ); Wed, 17 Aug 2022 11:05:38 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60D035FA4 for ; Wed, 17 Aug 2022 08:05:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8B8E26154D for ; Wed, 17 Aug 2022 15:05:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C290FC433D6; Wed, 17 Aug 2022 15:05:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1660748733; bh=tfwd0rUf/nGoXOai5hLFPQArp2xvz79+ZguU3BcAs90=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=tMOKTArVJ+btfvBAT9wiWXbIAixE2o3dKAW9wtwS8tcM4Usg8Wo0GObRgB3pK1SH3 v9OD7F4t0fbI2PYpNSfPt1Hq+1LWv4jUM7sEHDfizrtQ73Otc1k6qKqMyahonm9P8I Pf7kL0nywvc02zI5BElQQIRmA2Lch4LG8V8BWYiSbhbNZRhrh/xNYTyE68cINOhntY 3k5hgJiecCtudmbUGwVPNtQKaYxipBg/JNYNqCzh43BLWNOjDHEF2/2k6R/gMmMlvr A9sJ5UsPoC12612Ln6a63GY/lI4hxIav+ZxljOSJ0O5yHSaMkKonEHloDcg17uyy6f gbJHbohpx0SuQ== Date: Wed, 17 Aug 2022 17:05:27 +0200 From: Christian Brauner To: Al Viro Cc: Greg Kroah-Hartman , Dongliang Mu , Dongliang Mu , Arve =?utf-8?B?SGrDuG5uZXbDpWc=?= , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Kees Cook , syzkaller , linux-kernel Subject: Re: [PATCH] binderfs: rework superblock destruction Message-ID: <20220817150527.g5l5cwhphx6wdvxr@wittgenstein> References: <20220817130306.96978-1-brauner@kernel.org> <20220817140149.pfakskeyxkqcot54@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 17, 2022 at 03:32:03PM +0100, Al Viro wrote: > On Wed, Aug 17, 2022 at 03:19:13PM +0100, Al Viro wrote: > > On Wed, Aug 17, 2022 at 04:01:49PM +0200, Christian Brauner wrote: > > > On Wed, Aug 17, 2022 at 02:59:02PM +0100, Al Viro wrote: > > > > On Wed, Aug 17, 2022 at 03:03:06PM +0200, Christian Brauner wrote: > > > > > > > > > +static void binderfs_kill_super(struct super_block *sb) > > > > > +{ > > > > > + struct binderfs_info *info = sb->s_fs_info; > > > > > + > > > > > + if (info && info->ipc_ns) > > > > > + put_ipc_ns(info->ipc_ns); > > > > > + > > > > > + kfree(info); > > > > > + kill_litter_super(sb); > > > > > +} > > > > > > > > Other way round, please - shut the superblock down, *then* > > > > free the objects it'd been using. IOW, > > > > > > I wondered about that but a lot of places do it the other way around. > > > So maybe the expected order should be documented somewhere. > > > > ??? > > > > "If you are holding internal references to dentries/inodes/etc., drop them > > first; if you are going to free something that is used by filesystem > > methods, don't do that before the filesystem is shut down" > > > > That's just common sense... Which filesystems are doing that "the other > > way around"? > > Note that something like e.g. ramfs, where we have a dynamically allocated > object ->s_fs_info is pointing to and gets freed early in their ->kill_sb() > is somewhat misleading - it's used only for two things, one is the > creation of root directory inode (obviously not going to happen at any > point after mount) and another - ->show_options(). By the point we get > around to killing a superblock, it would better *NOT* have mounts pointing > to it that might show up in /proc/mounts and make us call ->show_options(). > > So there we really know that nothing during the shutdown will even look > at that thing we'd just freed. Not that there'd ever been a point allocating > it - all that object contains is one unsigned short, so we might as well > just have stored (void *)root_mode in ->s_fs_info. Oh, well... Binderfs was really the first fs I ever wrote and back then I was trying to be as close to best practice at possible. One thing I remember being unclear about was what the best practice for filesystem shutdown would be. That included ->put_super() vs just ->kill_sb() but also the order in which kill_litter_super() and sb->s_fs_info cleanup should happen. For binderfs the order does matter and that's also the reason I originally decided to use ->put_super() as it's called after evict_inodes() and gives the required ordering.