Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2086454rdb; Tue, 3 Oct 2023 09:45:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEjlSSAazCYudTH/Y/Im2xaCzjPyrWMMsf3nxEmiLPgnNrMQnPZA55fqETmi56JE7didNBV X-Received: by 2002:a05:6a20:938c:b0:15e:7323:5bf3 with SMTP id x12-20020a056a20938c00b0015e73235bf3mr4749139pzh.26.1696351546098; Tue, 03 Oct 2023 09:45:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696351546; cv=none; d=google.com; s=arc-20160816; b=x0Hj6qEbIzdncNaelHL5cGVms/yYZHo9yTsrbVZdB5shyAkGfMj1CO63oxTDjo1u+Q j7ggG9I8hJCTMygvoxFZATdI4XnE6x5x2C9SQ8SWG8afHo/EfzTdmHxEoTmAKpNLCmgt MTKwCerNF64d9+uEmXmyiSH+uQfCcvJ0Nsywp2K30C565VxqMgwCwKrDkzJbh44V9UB2 Nqs05pb/o2O4V73uihsGyKsBU0Gh+PeXjdH0KXig7MHrYTQGP78z0EBCm/Fasu0FTKez smn0FV3T3fo1pUME4fNJuFQ8C92ZgjV1pqZz+QCdtVZeR+7/kYfOUwTVUmnmgM1VZF+Y TVXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=vLoYJGWxjsVChee4V5VcvHKTn/mi3JXbvX6VtTm6bnY=; fh=7KleBTcWX5VO09Qpoli+FF9IltMVu0+KBkRW6vhvF9c=; b=eVvawo9j3EZaIOVnbtOPrvoaAImCfjEhPo8X/qwBvqzYWmT5FCPdsTgYQk/4rTSI9y aD6IpBMUOGDcTBGvJY+poMlHsD+hHkUg7AlQ83ylB0O7XzyPgRVQ4YFUmvDv6C4mMxWR 8AOhDI3wOq6HZzM1iyxJgPDumv4VX9AC8pm3sO57EKUUPwh/WfcG8csJnujgjtzJHTPC 2VBR2FP3S1kuQ3AGeccBYBiw18sFdyfLHVuq8IfzyYf+QlcC0uzKO53TEM61sMuxMM85 MuVOjiNpG2PE/q14U3nxA5pbQDqHyeyiRHq3BWC1gHc62FsXOlozgiRyg/QwLDSNAEMG hW5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TLl6iFVW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id k185-20020a6324c2000000b005849fe1d3aesi1726370pgk.458.2023.10.03.09.45.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 09:45:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TLl6iFVW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 13661805093D; Tue, 3 Oct 2023 09:45:22 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232066AbjJCQpN (ORCPT + 99 others); Tue, 3 Oct 2023 12:45:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231255AbjJCQpM (ORCPT ); Tue, 3 Oct 2023 12:45:12 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C0209E; Tue, 3 Oct 2023 09:45:08 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8F408C433C8; Tue, 3 Oct 2023 16:45:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696351508; bh=dop7RZSVr+4/mLN3z5UedbVXHAn1xpij/cdcv21p87g=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TLl6iFVWym0CSjXj60zbILQQLypWm1S8Pz/F/KicfpRKTEQUhJ/5j0JFSl+mwvOkZ JuTCHpTVZl009+pJEfQfQ0MHzUy66KTaNixEjnk6d0W0PFDQ5rXISq/jGw0cjRjDob WmLVbHiFlhHuREzrk4F/+bWZvxydDTDLAEwxCPvV9XiC/TK8ooguUQJwztWDvJdcoG p9M7YlpPyVkEMUZVmge8W3Gu7p6Fsvom2NHY+glzXoqQOpeZbxx+hrifTn3BtjSBEt USvlMVsLwyUrWbr8yk4wY7eA6a1cmwF5bKKPrqFycP3YsRzPr/AuCD9mxxkJIY/zSG gd0jZeD8DG3kg== Date: Tue, 3 Oct 2023 09:45:05 -0700 From: Nathan Chancellor To: Christian Brauner Cc: Linus Torvalds , Mateusz Guzik , Jann Horn , viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, llvm@lists.linux.dev, linuxppc-dev@lists.ozlabs.org Subject: Re: [PATCH v2] vfs: shave work on failed file open Message-ID: <20231003164505.GA624737@dev-arch.thelio-3990X> References: <20230928-themen-dilettanten-16bf329ab370@brauner> <20230929-kerzen-fachjargon-ca17177e9eeb@brauner> <20230929-test-lauf-693fda7ae36b@brauner> <20230930-glitzer-errungenschaft-b86880c177c4@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230930-glitzer-errungenschaft-b86880c177c4@brauner> X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 03 Oct 2023 09:45:24 -0700 (PDT) Hi Christian, > >From d266eee9d9d917f07774e2c2bab0115d2119a311 Mon Sep 17 00:00:00 2001 > From: Christian Brauner > Date: Fri, 29 Sep 2023 08:45:59 +0200 > Subject: [PATCH] file: convert to SLAB_TYPESAFE_BY_RCU > > In recent discussions around some performance improvements in the file > handling area we discussed switching the file cache to rely on > SLAB_TYPESAFE_BY_RCU which allows us to get rid of call_rcu() based > freeing for files completely. This is a pretty sensitive change overall > but it might actually be worth doing. > > The main downside is the subtlety. The other one is that we should > really wait for Jann's patch to land that enables KASAN to handle > SLAB_TYPESAFE_BY_RCU UAFs. Currently it doesn't but a patch for this > exists. > > With SLAB_TYPESAFE_BY_RCU objects may be freed and reused multiple times > which requires a few changes. So it isn't sufficient anymore to just > acquire a reference to the file in question under rcu using > atomic_long_inc_not_zero() since the file might have already been > recycled and someone else might have bumped the reference. > > In other words, callers might see reference count bumps from newer > users. For this is reason it is necessary to verify that the pointer is > the same before and after the reference count increment. This pattern > can be seen in get_file_rcu() and __files_get_rcu(). > > In addition, it isn't possible to access or check fields in struct file > without first aqcuiring a reference on it. Not doing that was always > very dodgy and it was only usable for non-pointer data in struct file. > With SLAB_TYPESAFE_BY_RCU it is necessary that callers first acquire a > reference under rcu or they must hold the files_lock of the fdtable. > Failing to do either one of this is a bug. > > Thanks to Jann for pointing out that we need to ensure memory ordering > between reallocations and pointer check by ensuring that all subsequent > loads have a dependency on the second load in get_file_rcu() and > providing a fixup that was folded into this patch. > > Cc: Jann Horn > Suggested-by: Linus Torvalds > Signed-off-by: Christian Brauner > --- > --- a/arch/powerpc/platforms/cell/spufs/coredump.c > +++ b/arch/powerpc/platforms/cell/spufs/coredump.c > @@ -74,10 +74,13 @@ static struct spu_context *coredump_next_context(int *fd) > *fd = n - 1; > > rcu_read_lock(); > - file = lookup_fd_rcu(*fd); > - ctx = SPUFS_I(file_inode(file))->i_ctx; > - get_spu_context(ctx); > + file = lookup_fdget_rcu(*fd); > rcu_read_unlock(); > + if (file) { > + ctx = SPUFS_I(file_inode(file))->i_ctx; > + get_spu_context(ctx); > + fput(file); > + } > > return ctx; > } This hunk now causes a clang warning (or error, since arch/powerpc builds with -Werror by default) in next-20231003. $ make -skj"$(nproc)" ARCH=powerpc LLVM=1 ppc64_guest_defconfig arch/powerpc/platforms/cell/spufs/coredump.o ... arch/powerpc/platforms/cell/spufs/coredump.c:79:6: error: variable 'ctx' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 79 | if (file) { | ^~~~ arch/powerpc/platforms/cell/spufs/coredump.c:85:9: note: uninitialized use occurs here 85 | return ctx; | ^~~ arch/powerpc/platforms/cell/spufs/coredump.c:79:2: note: remove the 'if' if its condition is always true 79 | if (file) { | ^~~~~~~~~ arch/powerpc/platforms/cell/spufs/coredump.c:69:25: note: initialize the variable 'ctx' to silence this warning 69 | struct spu_context *ctx; | ^ | = NULL 1 error generated. Cheers, Nathan