Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp37003rdb; Fri, 29 Sep 2023 15:50:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHAkgN14YlQzytbpC00bNjAWaOGbEd1b6r9TiQI528bE0ssXJ2J/EGOM/yTlpMvyihRQSEm X-Received: by 2002:a05:6a00:24c6:b0:68c:2be:67bb with SMTP id d6-20020a056a0024c600b0068c02be67bbmr5932548pfv.20.1696027845350; Fri, 29 Sep 2023 15:50:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696027845; cv=none; d=google.com; s=arc-20160816; b=JZ7Giq17qFqxF2Uf56qBOrVouOlaAl9/6tsjCMVng54wwNWtlTDCz0KL7f0W2U1c4q et+12wSbE5XfJpqvevFXV2lrBBW14RqtjQ1EjKQgIWC0/ExPdYgJXHzoq/l1ydUHSG1R E2OMrW2j/JsUBhyOAQvJbAzDCGXaubqreV98ExtAnijpMtMcqyqmJzs8xKUVGO84/Dkm hb8M25s4oOnyW4zLMTUijjSJ1jR3ZbkkZVs7fJOIHVCs5SfDVPMbBIXaGUW19WgKtVTI hnv0xslVEARKXKlFsMCzi1dS9T6XOQjQFSI1i/A2duxrErycvcVJWcnpbC10ZckkVQas i9dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature; bh=giQVxRnSKY3QwiXLgUPf/Ch70Hbxs7OwhgAJkcsQUjA=; fh=DkJmP+KT1gtLtMW59+V6tBEWd8xFo9KE+3e0txB7KZ0=; b=GVIjgTTo6Zs3QzpHX04jrn13aAV6vXWT4HOCT7APuXi1ydE6A/Bcx8OOCWq2XjGOF/ UtNDAXNIZLt30UA58SdrFuYrHg/FNLKqSDah/M90/6NkRUr8IXGv9DUwKxojEp8Durfm N4ovvmPncBehAzQF0ATW3j7N+vxWmaKMREn+EbLRroFh1Ba77VQbTOBgpwzM4ANas8/x trTWPcF/AN4nhSWYymRuLkbBNvOq82f6Nb1iQsCTsXdNE20psdJ6D0xv+5By66m6Nn40 +tPp9l7BTytGnFWBymj0H3+FF60s5TUjZWcx/I75r4rOMplyyeK969hg3Am5lGQPxWqV Qh2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FjzxfIxQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id t22-20020a056a0021d600b0068c0323c2b7si22769120pfj.172.2023.09.29.15.50.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 15:50:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FjzxfIxQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id E305080657CF; Fri, 29 Sep 2023 14:23:12 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233779AbjI2VXJ (ORCPT + 99 others); Fri, 29 Sep 2023 17:23:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229545AbjI2VXI (ORCPT ); Fri, 29 Sep 2023 17:23:08 -0400 Received: from mail-oo1-xc34.google.com (mail-oo1-xc34.google.com [IPv6:2607:f8b0:4864:20::c34]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF76C1AA; Fri, 29 Sep 2023 14:23:05 -0700 (PDT) Received: by mail-oo1-xc34.google.com with SMTP id 006d021491bc7-57bb6b1f764so5950110eaf.2; Fri, 29 Sep 2023 14:23:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696022585; x=1696627385; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=giQVxRnSKY3QwiXLgUPf/Ch70Hbxs7OwhgAJkcsQUjA=; b=FjzxfIxQT8pZDpS0Ej5dJSBpenrlTmqXe1dL3aXaZN8lze/8RkRfy1GSx/0ev271dj pFlfS+TmzNWEuclt+ZGldSCYneVgNKzA/aXM0gNp20Frd7pSMQhbC9we3O3Bm3hFSsTq fu0fTo9Ovy93JJxGg/CpPo2XyMcD5fjpUpMNDkGdQ5E5sfuc+WYZGA3GEPOkzXXascxz vRWNCiug965iODUGryaonvcRaMLVfh/TL+1tS+LWseFI/u9HH5i2dP9ElIu3L4159CsO jZflXcLKnbsRapOqO3kq+9/zELdJGU3+IcxnJe0HehEMj7MlKQrbf1qGumhGxC1EfDbB 5l+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696022585; x=1696627385; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=giQVxRnSKY3QwiXLgUPf/Ch70Hbxs7OwhgAJkcsQUjA=; b=S48+UFbAyaqeuGJ/UxbSfpdH9oo/X46eH+GBUtFttRgQR7TP1jG56vFNlOa74XBtdJ CVlLNpmkPdktvuIk5oOsziGkjOPR43FIiLvONjZkuJek66nzGkIqW+uNbV+d8v6zsGzE hre+0eKRStfXcDokSCmq4Al8OOG2NrtAADEALFidWVV5A/Qn/v1OeVh/EgaBP0HjBt7N c34+mxDtnnQQ6rdIHt9s267gQJVDgEfybVB0cSWoEIW6vyKdeL3HwLJyoK2Ujmu0LpuH HWhyiF6tn3PmHHSh60Ms7fR3HoEnh2qi8jSUfVBIbdo6afan8VPRhVEX2SJv3cfVvqTr B5Jw== X-Gm-Message-State: AOJu0YwX0ybyIPamcK3dN0MzwrAsMtG9gb6c3KLIQo2RTO06oDbE5J9C Sr9O26WOXzU4E6URVjITb1JT7UU2diFMoeVqdXo= X-Received: by 2002:a4a:3948:0:b0:57b:a92a:ece9 with SMTP id x8-20020a4a3948000000b0057ba92aece9mr5263570oog.6.1696022585053; Fri, 29 Sep 2023 14:23:05 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a8a:108:0:b0:4f0:1250:dd51 with HTTP; Fri, 29 Sep 2023 14:23:04 -0700 (PDT) In-Reply-To: <20230929-test-lauf-693fda7ae36b@brauner> References: <20230928-kulleraugen-restaurant-dd14e2a9c0b0@brauner> <20230928-themen-dilettanten-16bf329ab370@brauner> <20230929-kerzen-fachjargon-ca17177e9eeb@brauner> <20230929-test-lauf-693fda7ae36b@brauner> From: Mateusz Guzik Date: Fri, 29 Sep 2023 23:23:04 +0200 Message-ID: Subject: Re: [PATCH v2] vfs: shave work on failed file open To: Christian Brauner Cc: Jann Horn , Linus Torvalds , viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 29 Sep 2023 14:23:13 -0700 (PDT) On 9/29/23, Christian Brauner wrote: > On Fri, Sep 29, 2023 at 03:31:29PM +0200, Jann Horn wrote: >> On Fri, Sep 29, 2023 at 11:20=E2=80=AFAM Christian Brauner >> wrote: >> > > But yes, that protection would be broken by SLAB_TYPESAFE_BY_RCU, >> > > since then the "f_count is zero" is no longer a final thing. >> > >> > I've tried coming up with a patch that is simple enough so the pattern >> > is easy to follow and then converting all places to rely on a pattern >> > that combine lookup_fd_rcu() or similar with get_file_rcu(). The >> > obvious >> > thing is that we'll force a few places to now always acquire a >> > reference >> > when they don't really need one right now and that already may cause >> > performance issues. >> >> (Those places are probably used way less often than the hot >> open/fget/close paths though.) >> >> > We also can't fully get rid of plain get_file_rcu() uses itself becaus= e >> > of users such as mm->exe_file. They don't go from one of the rcu >> > fdtable >> > lookup helpers to the struct file obviously. They rcu replace the file >> > pointer in their struct ofc so we could change get_file_rcu() to take = a >> > struct file __rcu **f and then comparing that the passed in pointer >> > hasn't changed before we managed to do atomic_long_inc_not_zero(). >> > Which >> > afaict should work for such cases. >> > >> > But overall we would introduce a fairly big and at the same time subtl= e >> > semantic change. The idea is pretty neat and it was fun to do but I'm >> > just not convinced we should do it given how ubiquitous struct file is >> > used and now to make the semanics even more special by allowing >> > refcounts. >> > >> > I've kept your original release_empty_file() proposal in vfs.misc whic= h >> > I think is a really nice change. >> > >> > Let me know if you all passionately disagree. ;) > > So I'm appending the patch I had played with and a fix from Jann on top. > @Linus, if you have an opinion, let me know what you think. > > Also available here: > https://gitlab.com/brauner/linux/-/commits/vfs.file.rcu > > Might be interesting if this could be perfed to see if there is any real > gain for workloads with massive numbers of fds. > I would feel safer with a guaranteed way to tell that the file was realloca= ted. I think this could track allocs/frees with a sequence counter embedded into the object, say odd means deallocated and even means allocated. Then you would know for a fact whether you raced with the file getting whacked and would never have to wonder if you double-checked everything you needed (like that f_mode) thing. This would also mean that consumers which get away with poking around the file without getting a ref could still do it, this is at least true for tid_fd_mode. All of them would need patching though. Extending struct file is not ideal by any means, but the good news is that: 1. there is a 4 byte hole in there, if one is fine with an int-sized counte= r 2. if one insists on 8 bytes, the struct is 232 bytes on my kernel (debian). still some room up to 256, so it may be tolerable? --=20 Mateusz Guzik