Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp217741rdb; Tue, 5 Dec 2023 03:39:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IGBQEK+Ve4Mq6i/IIlKHNDB2TkNgVcsNyj9gPjdoWwn46wUrTxcu2JxxkTXKQvUkCbEx/xG X-Received: by 2002:a05:6a21:1487:b0:18f:97c:977e with SMTP id od7-20020a056a21148700b0018f097c977emr5438118pzb.102.1701776347308; Tue, 05 Dec 2023 03:39:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701776347; cv=none; d=google.com; s=arc-20160816; b=i6MnDgVHZjAuIK/GQoZP+qanSxIkzfsh/GJSqLL9AsNDCpjZ47GcVeCf0cD7150flr Z5bltPa07g+pzzMBR146i7u1n3rpUvlJiVq+1AWyv/+evsm6AgukUXMZj13YzKVs4PxH RMb5vOAZ1qvztOIamEX4rMdgfvrgyQbNppDwr6pcle94yXJ+JAGMuWZbdKU8JyaDjgbq HYMSd+Pj+9OTpddsB9n5fENWy78eX/1UqGSPiGYPO9gzB3RxltDrlJmckOU/hmGIxoLi XRECr2MlFoneYZudakEOWokPNIaWqFX6htXvsIDL99tuk8I047+tZ1uNLF5668hhPcTH KEfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6n3CNCRXrQnR14Zifyn4Ryl/MZuwAQvnPm0qPLxi7Vs=; fh=WliUQWifT1nkD8KBWL665/3fSM2dfXoBCLbUnCekUfo=; b=kNMH3i9q3tmVajxJVY/MjU3begX5pYSXqlTH+xZk1lpWPHkitCSoU0PNkDhz0sQglf kgW5NoeuCqR3KnZJKDhRbJe/Kxp33lZ0/oj/VgGWUCu4uMZkMLD4RzjNPAC63N3uozEP upGbNiQnPY3iGN5PyTp/db8jboCFQyVSyOFv9h27vA/8KqgCxw5Z5XP3rlf3D2/7bCoJ Zm2TWxxhARmCDp0XuzeZJDf0Z2cpAlLnUl1BlMNTHR4HSGR5oka+0Wo7Wv8a4kjYp6tQ gzMnhcAO4bqAN9UnL6brWi39jvzJ/wHDyTG29KcI0d3A5Fb7DfGC+6p9VZoWja+i2MwV 6/zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CWF7d+Kk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id b7-20020a655cc7000000b005b958401e4fsi9666002pgt.418.2023.12.05.03.39.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 03:39:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CWF7d+Kk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id B81708228992; Tue, 5 Dec 2023 03:39:04 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1442117AbjLELif (ORCPT + 99 others); Tue, 5 Dec 2023 06:38:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345109AbjLELie (ORCPT ); Tue, 5 Dec 2023 06:38:34 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB16885 for ; Tue, 5 Dec 2023 03:38:40 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64A4AC433C8; Tue, 5 Dec 2023 11:38:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701776320; bh=HpQfzKH9PkcgbFsZNKCTx0ikve2nD8WgZ8kDoy0hkBA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CWF7d+KkggDuCYM2ZU8EJIKTxe7uCccNTV72qrVHVEt6Q9Uuc/a6adZQAXfD9uQQR mrajWEOGXEhUvJssq7ok9NsIqToNwgakLRba7uZJ83ee2M1NxubiYugKhck/WOeVUd i3cD/49HSP56/Iqhx048G0eA3fX1z0WC80CDeqYTU8WrLbajgyLEG9ZVfokcGO90pq a/05lO9I274mHG7GxzwCX2xReZI4E5QKDm88rskarGW+U2KLvySzitr6m6e5aoPhX0 XAqVcx6W+IP7Usyp9EOdajaLItYeRdvsxLzsHOpMXDpdKz2lDfxNGxytfdmiWqMHSL J5CS2r67Mm8Aw== Date: Tue, 5 Dec 2023 12:38:35 +0100 From: Christian Brauner To: Kees Cook Cc: Al Viro , "Guilherme G. Piccoli" , Peter Zijlstra , linux-fsdevel@vger.kernel.org, Tony Luck , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH 3/5] fs: Add DEFINE_FREE for struct inode Message-ID: <20231205-horchen-gemieden-8013e0f30883@brauner> References: <20231202211535.work.571-kees@kernel.org> <20231202212217.243710-3-keescook@chromium.org> <20231202212846.GQ38156@ZenIV> <202312021331.D2DFBF153@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <202312021331.D2DFBF153@keescook> X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 05 Dec 2023 03:39:05 -0800 (PST) On Sat, Dec 02, 2023 at 01:34:32PM -0800, Kees Cook wrote: > On Sat, Dec 02, 2023 at 09:28:46PM +0000, Al Viro wrote: > > On Sat, Dec 02, 2023 at 01:22:13PM -0800, Kees Cook wrote: > > > Allow __free(iput) markings for easier cleanup on inode allocations. > > > > NAK. That's a bloody awful idea for that particular data type, since > > 1) ERR_PTR(...) is not uncommon and passing it to iput() is a bug. > > Ah, sounds like instead of "if (_T)", you'd rather see > "if (!IS_ERR_OR_NULL(_T))" ? > > > 2) the common pattern is to have reference-consuming primitives, > > with failure exits normally *not* having to do iput() at all. > > This I'm not following. If I make a call to "new_inode(sb)" that I end > up not using, I need to call "iput()" in it... If we wanted to do this properly then we would need to emulate consume or move semantics like Rust has. So a cleanup function for inodes based on scope for example and then another primitive that transfers/moves ownership of that refcount to the consumer. Usually this is emulate by stuff like TAKE_POINTER() and similar stuff in userspace. But I'm not sure how pleasant it would be to do this cleanly.