Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp1992409lqg; Mon, 4 Mar 2024 09:31:34 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUswQPtgT7927hWrxXNYki2cHMVkdLrbOSuc1EUTUg4V8d8XdnNGI4yxgcvggGZ76Ial4xNX01BJC/u4J0YWQil7AWbv1aECwfvAMSFqQ== X-Google-Smtp-Source: AGHT+IG+ocvY3PM4yNSs2OeyjuLJjJtJkhXhgzpo7I4KOwLdb/gKTiZsV76qqTt0MntWhypFqWcv X-Received: by 2002:a05:6870:f152:b0:220:99bf:c26d with SMTP id l18-20020a056870f15200b0022099bfc26dmr10163987oac.9.1709573494656; Mon, 04 Mar 2024 09:31:34 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709573494; cv=pass; d=google.com; s=arc-20160816; b=cdw+Qg2JG/3AMzqCZDkmuqCgh3XzpXAUaJ67jyuL+1Ghz3hF+ynb0mlXC0iTVs3ewf 8OU9qw1e4M2sEGTNUmy4oaiOms2t5K6EHSG00g9nazTsOijiK+/kNn39KoL+soWeFT1t LhZGdybyTXbcVBHzO5/uZ8310q20avLTNA082kIY2Aa8T1l0FDWKi7L5JRwwG3ZnlYRm rB+z2ua7zzdsy7PARDt5r7YMCMM5kWRoaMQdRtgbcnsub1LXf8TJffPtqLHq2maJAy2c TCCm/vT+Cy3irUlYaHTaey0/IL4jAHvVK42Ouh9pT+teqDy+ecMa6qRwKUkSwL4L8xca EUxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date; bh=gjWCqU4xjgdPnT7VG8lOuaqPqoWNkNB9Bsq3t45bvPY=; fh=98KwVV8RpDNth19YVoL1G0g1wneJOt7kGhMv/1sMvIU=; b=xIRbw0PZtoxYA9UfQg/HxfPG0t62iwB++qgUFH8lAfhTHMNWo9h9ngJSt/44VP8lQy 7zx+VIrkdJekAUY+7kYgksbSORMSv13p607yE+3j9QNgNsEjYvEIe78llCuK4Slwpw1T iFeKJJoZV1OGqgH+s/QNEFDIVdtSZRsEu8UwoTJ6me7Dkw6gQKNzPvuruBPuSg5idQ5E t45UUznbOQt+t2pxhbMxiBQD2g5laP2xW/UzNd9nANzbZkEHaiOAWcFUkmCRTwuxtST+ qUwiPin27JyRddd0GOQu0tUqYvWuSeF258mLZbDpOBs/uZJ+F5kdAim6myMM+bZjZBah EDVg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=communityfibre.ca); spf=pass (google.com: domain of linux-kernel+bounces-91002-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-91002-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 14-20020ac8590e000000b0042ef2e82e65si2443302qty.690.2024.03.04.09.31.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 09:31:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-91002-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=communityfibre.ca); spf=pass (google.com: domain of linux-kernel+bounces-91002-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-91002-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5FF071C21283 for ; Mon, 4 Mar 2024 17:31:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 72A77612FD; Mon, 4 Mar 2024 17:31:23 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3A2861FA4; Mon, 4 Mar 2024 17:31:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.233.56.17 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709573483; cv=none; b=jTLb5rh2wTsGSVEL90z1cGyvtc0XOMx0DfLbGT5h1HNitJsvm2gi5oLqXUaB0oYI0qhidXK+n4X3rg/i5nTmsSucQ5njtsjd0HmKoiAAOMpJa2hhlwSe5+P5FyfC/Uw0K7HupzPBooq/zLwEuevxI5bh0sTXsZKmcpzUA5/d7zk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709573483; c=relaxed/simple; bh=Tl4tLi0JyDRR497x6GHkoHWa7mhQVEGmFRIbiwCjj7M=; h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version: Content-Type:Content-Disposition:In-Reply-To; b=XzKIGXv7I5b+vmRagbfmdT1GjYYIwLnw7baFWIBW59xaUrP6n4we32IwYiXY9J/22CUXT0unXvh2teUG0icnTbCQKBr9VKWJZNbPVC/7dbDVa7TqH/bREGEcW29p8LTKhTzhalmwvAOLKpK2Q0ZH3bUh2Lito3uEvgG3ESdPaUY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=communityfibre.ca; spf=pass smtp.mailfrom=communityfibre.ca; arc=none smtp.client-ip=205.233.56.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=communityfibre.ca Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=communityfibre.ca Received: by kanga.kvack.org (Postfix, from userid 63042) id 9B7F56B007E; Mon, 4 Mar 2024 12:31:20 -0500 (EST) Date: Mon, 4 Mar 2024 12:31:20 -0500 From: Benjamin LaHaise To: Bart Van Assche Cc: Edward Adam Davis , syzbot+b91eb2ed18f599dd3c31@syzkaller.appspotmail.com, brauner@kernel.org, jack@suse.cz, linux-aio@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk Subject: Re: [PATCH] fs/aio: fix uaf in sys_io_cancel Message-ID: <20240304173120.GP20455@kvack.org> References: <0000000000006945730612bc9173@google.com> <14f85d0c-8303-4710-b8b1-248ce27a6e1f@acm.org> <20240304170343.GO20455@kvack.org> <73949a4d-6087-4d8c-bae0-cda60e733442@acm.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <73949a4d-6087-4d8c-bae0-cda60e733442@acm.org> User-Agent: Mutt/1.4.2.2i On Mon, Mar 04, 2024 at 09:15:47AM -0800, Bart Van Assche wrote: > On 3/4/24 09:03, Benjamin LaHaise wrote: > >This is just so wrong there aren't even words to describe it. I > >recommending reverting all of Bart's patches since they were not reviewed > >by anyone with a sufficient level of familiarity with fs/aio.c to get it > >right. > > Where were you while my patches were posted for review on the fsdevel > mailing list and before these were sent to Linus? That doesn't negate the need for someone with experience in a given subsystem to sign off on the patches. There are at least 2 other people I would trust to properly review these patches, and none of their signoffs are present either. > A revert request should include a detailed explanation of why the revert > should happen. Just claiming that something is wrong is not sufficient > to motivate a revert. A revert is justified when a series of patches is buggy and had insufficient review prior to merging. Mainline is not the place to be testing half baked changes. Getting cancellation semantics and locking right is *VERY HARD*, and the results of getting it wrong are very subtle and user exploitable. Using the "a kernel warning hit" approach for work on cancellation is very much a sign that the patches were half baked. What testing did you do on your patch series? The commit messages show nothing of interest regarding testing. Why are you touching the kiocb after ownership has already been passed on to another entity? This is as bad as touching memory that has been freed. You clearly do not understand how that code works. -ben -- "Thought is the essence of where you are now."