Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp748573rdb; Fri, 6 Oct 2023 19:33:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFL6mOzOdLqhUKmErDmtntL3mxhIqGcQzJCY9YuJtyKM1u59HnTElRHitJ8qAXiogKoJei1 X-Received: by 2002:a05:6a20:12d6:b0:153:4ea6:d127 with SMTP id v22-20020a056a2012d600b001534ea6d127mr11664196pzg.18.1696645988653; Fri, 06 Oct 2023 19:33:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696645988; cv=none; d=google.com; s=arc-20160816; b=voVufBl0yxoWwjSLE0VxEVH2/3Q7tesXUeNTy+Pj92TBC9OQSrNIwiAbOwwyFpPjVQ JmxE/LyrZ04fPChIxUNAtIIfB/lGPs15uvMmUTwtSeTYV8w0llvP5+XCC7PDyG0msFGF aoliZmGHpNXBVhgnKALTgcIP7CcppWz3pBudJHwEXQqLli1ya2a+/RJppc5wtB1ujD+d NEtfU5dqb1AeH7wW6vzMvVyQ6y68DdY1LUIR+tETTrsdK+roVOuaFQ1sqp1e5RWzo2y5 q//0AWqVcNAebt36qntTIkPd6HUJk9tR3ATj1pIAUQp6I3Csv7ZkNcYU70elnRWBmibH yTjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=aE++ezKdN8720LEY7IVJ33vhFnTrqC0qzrEhyMq8nsc=; fh=nDZReFxMy1DvidL8EVBTu29Ep+SsmPj2IdBGlE5pkrc=; b=DmlL244vWnSfBM7o5qQSbHcgNfLMRPswoM0dewNmxHzyZBO/IdAGEqqx++zxtuT/dd aQzYXgsyyL9dZHBNQcE6d/hhEdG+R6njKsh0NkoMca1OvL0E0Lan8tm/CMQtC71weD1s 72LgvS69d+gwZlKTGCqMNkCkJOBrzIhoM6oTDqw8Ys8ILHzEMQbx7uShisY8wbdM/xzD Ohwzjq2uMOXBOLcin1+/39ZoDHsnpiRKBH0O86iRc82/BxU4901Kfn+nTHsuWsDkcOAe 78EG0VFUZLIq4h0s3C67k6IotB6NF94uWvuXzdVMHRFZzP3G14E6VLs7A7XXIa0axSna xawA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b="wRG/NNYs"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id q12-20020a170902eb8c00b001c73738781dsi4696279plg.609.2023.10.06.19.33.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 19:33:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b="wRG/NNYs"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id D80A28028FFB; Fri, 6 Oct 2023 19:33:07 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234087AbjJGCdB (ORCPT + 99 others); Fri, 6 Oct 2023 22:33:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234064AbjJGCcw (ORCPT ); Fri, 6 Oct 2023 22:32:52 -0400 Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D230C6 for ; Fri, 6 Oct 2023 19:32:51 -0700 (PDT) Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6927528c01dso449740b3a.0 for ; Fri, 06 Oct 2023 19:32:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20230601.gappssmtp.com; s=20230601; t=1696645970; x=1697250770; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=aE++ezKdN8720LEY7IVJ33vhFnTrqC0qzrEhyMq8nsc=; b=wRG/NNYschSu4Ps9+zTjxeb9fHnBi7SneTWGkY4c/571j0QDN/mg7LhJrN6KzjIvza eeSDT61CRnPcn+oJiScfbjFPa04fkaC796VlOr5pcdCM5wEKjJa+cOBqDK2L+4TneTv0 fU6x4kUfFUuTro2n5YgQgIf6EH5NHPCyRtLpTxbJn5jOpJ3IFZ3PoYahn2pPCtDGaona pqvaSPr/K9cm9lN07GSaQaMgm2TIypfr8fqDWCMAh5Wb6Ak+Dfy1yNees1gNSyvJni4B E1n6SifAedvukbTQRvvRSgXZDSHNTNzIiPqu56yxyYC2NjmjwVB4nUUafPdB9XQBKmLD KCjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696645970; x=1697250770; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aE++ezKdN8720LEY7IVJ33vhFnTrqC0qzrEhyMq8nsc=; b=OuFct9cBy2ZSAZh0ba22dNVp6r2ajIXhlPIQX9D2MsvshMEnShAsEamj2ZqAd/C016 yi86XtsDXy3f4loo2rBiSDpFRcUH4zWoyLg7gEa62AdancO08CfFL+akv4ycczTrRzbg Ou5ORFUC89oYQOvLHjABLz4+BwSt2Difha2lNzESchHd/zBBvWRDvhYDbfzfdohQC6A5 hH/8mchuRRQBHERYuGz39pM3tjGwF2CCAxxYhwoJmWPz1A2bhtQX7av0o9LzG2N3/b6v T2v28WucTqS6ePQ+/dgi7UByxmK4Uelu6yF0j0GD9x6wpdCB5+mzn9U+taQ2kkhGaf2r kpPA== X-Gm-Message-State: AOJu0YzhX9s8j+71ed0pur9e9nGeK5UACb+J9P02B4k9xC871T49G9Xo tuuJBIvwdxkqT3B5WL+Mjl1AmeHwcye2jh26eY8= X-Received: by 2002:a05:6a00:1d94:b0:690:d314:38d with SMTP id z20-20020a056a001d9400b00690d314038dmr10732845pfw.1.1696645970427; Fri, 06 Oct 2023 19:32:50 -0700 (PDT) Received: from [192.168.1.136] ([198.8.77.194]) by smtp.gmail.com with ESMTPSA id c24-20020a637258000000b0055c178a8df1sm417065pgn.94.2023.10.06.19.32.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 06 Oct 2023 19:32:49 -0700 (PDT) Message-ID: Date: Fri, 6 Oct 2023 20:32:47 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: audit: io_uring openat triggers audit reference count underflow in worker thread Content-Language: en-US To: Dan Clash , "audit@vger.kernel.org" , "io-uring@vger.kernel.org" Cc: "paul@paul-moore.com" , "linux-kernel@vger.kernel.org" References: From: Jens Axboe In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 06 Oct 2023 19:33:08 -0700 (PDT) On 10/6/23 2:09 PM, Dan Clash wrote: > diff --git a/fs/namei.c b/fs/namei.c > index 2a8baa6ce3e8..4f7ac131c9d1 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -187,7 +187,7 @@ getname_flags(const char __user *filename, int flags, int *empty) > } > } > > - result->refcnt = 1; > + refcount_set(&result->refcnt, 1); > /* The empty path is special. */ > if (unlikely(!len)) { > if (empty) > @@ -248,7 +248,7 @@ getname_kernel(const char * filename) > memcpy((char *)result->name, filename, len); > result->uptr = NULL; > result->aname = NULL; > - result->refcnt = 1; > + refcount_set(&result->refcnt, 1); > audit_getname(result); > > return result; > @@ -259,9 +259,10 @@ void putname(struct filename *name) > if (IS_ERR(name)) > return; > > - BUG_ON(name->refcnt <= 0); > + BUG_ON(refcount_read(&name->refcnt) == 0); > + BUG_ON(refcount_read(&name->refcnt) == REFCOUNT_SATURATED); > > - if (--name->refcnt > 0) > + if (!refcount_dec_and_test(&name->refcnt)) > return; > > if (name->name != name->iname) { > diff --git a/include/linux/fs.h b/include/linux/fs.h > index d0a54e9aac7a..8217e07726d4 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -2719,7 +2719,7 @@ struct audit_names; > struct filename { > const char *name; /* pointer to actual string */ > const __user char *uptr; /* original userland pointer */ > - int refcnt; > + refcount_t refcnt; > struct audit_names *aname; > const char iname[]; > }; > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 37cded22497e..232e0be9f6d9 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2188,7 +2188,7 @@ __audit_reusename(const __user char *uptr) > if (!n->name) > continue; > if (n->name->uptr == uptr) { > - n->name->refcnt++; > + refcount_inc(&n->name->refcnt); > return n->name; > } > } > @@ -2217,7 +2217,7 @@ void __audit_getname(struct filename *name) > n->name = name; > n->name_len = AUDIT_NAME_FULL; > name->aname = n; > - name->refcnt++; > + refcount_inc(&name->refcnt); > } > > static inline int audit_copy_fcaps(struct audit_names *name, > @@ -2349,7 +2349,7 @@ void __audit_inode(struct filename *name, const struct dentry *dentry, > return; > if (name) { > n->name = name; > - name->refcnt++; > + refcount_inc(&name->refcnt); > } > > out: > @@ -2474,7 +2474,7 @@ void __audit_inode_child(struct inode *parent, > if (found_parent) { > found_child->name = found_parent->name; > found_child->name_len = AUDIT_NAME_FULL; > - found_child->name->refcnt++; > + refcount_inc(&found_child->name->refcnt); > } > } I'm not fully aware of what audit is doing with struct filename outside of needing it for the audit log. Rather than impose the atomic references for everyone, would it be doable to simply dupe the struct instead of grabbing the (non-atomic) reference to the existing one? If not, since there's no over/underflow handling right now, it'd certainly be cheaper to use an atomic_t here rather than a full refcount. -- Jens Axboe