Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp135638lqh; Fri, 3 May 2024 16:23:54 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX+wV/L2eGSWmZpD6FDs/jefnxj6Qa7Q4eRILC1KM7RAMMQ+3sLKZNlreIs2j3oOywYB1y9xLHDFsd2CyO+baGZ6RWa3UOu2VXxNi5W3w== X-Google-Smtp-Source: AGHT+IGbg8B5QM712x/ioNz0UGHFrqY8+I1OKlJH/F3xDyiy0qynOqU4Jx9VY5IkrkUgNzXtRc7/ X-Received: by 2002:a05:6a21:1014:b0:1af:8832:a03d with SMTP id nk20-20020a056a21101400b001af8832a03dmr3126760pzb.48.1714778633961; Fri, 03 May 2024 16:23:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714778633; cv=pass; d=google.com; s=arc-20160816; b=yYpKasy3lvcJSg0Z1mVtQeLuSbqfyFYc8qYdFbU8rmc0PBBRDWr8l0IPJqALlVGAiR HeOYyYw3cId26Oy3HoBuRJ1X5X+C8GOMPXe/NnHhGUxD0krSccq3qLF/VpfVaPUgkHnx 8J80Prb3i4I4PDhVzBoN5cZuAuXA8bz40UeGUgaSzOXP39yuZ8DmcajznBMih0IwAKSc sxWXRb0u4pm1SyTm9gCjqs8KBmqgl0F3v1FkNbZT3aQuqtozMdx629hBX9NunwiaMZE5 pMV7DyUz29OwYw7lq8+NZY9EobWGYi5h29cBU2AYb0rNG8WUOmjSSySTBOCukSCxO7MA s6ug== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=VUA37CihXVg7mm5FxSpz/CzjnHfbPR2trIEY0fDnh+Q=; fh=lAGW8j5smD1X3RK1HKproAizxwUVlfqxd+UnMtipvJI=; b=MOCpHamTXr3yP/SMyGqJUst3waXlhBiTkVxbDxMDP9sgVfEKCE/rKSPpKJ+rDMn1R+ 3wSkLZ6+HJoAQWwm/L7MdiWqNGgbINKi4HUsfGFGymcpw6dfhMT9wppIRjg9O6vOPJgK tA/6iyXigrxsTC4u+DZikrLn9v3LD4DQ2Ej+ct1CV4OqOxT3Z3URs8qxDPWBS+9Yvcy5 S7v82HFK1Rmv4qbGJh1yFvEg4XSVizdqcb0OHYjuXyEYbQA4tTrtYuj072J7Og+1Y3Hb TYhewCepd6UIRfLuEx3FJfscldanDaFCEC6lmRVMrD22d6G5rmh8nwq+e5JTc2wjMPpX D08g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QgbhR5TG; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-168398-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168398-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id s68-20020a632c47000000b005f8008f3c8asi3722709pgs.370.2024.05.03.16.23.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 May 2024 16:23:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-168398-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QgbhR5TG; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-168398-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168398-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DEECFB20D1B for ; Fri, 3 May 2024 23:23:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0DA5C84DF5; Fri, 3 May 2024 23:23:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="QgbhR5TG" Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D457483CA6 for ; Fri, 3 May 2024 23:23:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714778616; cv=none; b=W9TA+UkKq8Ta4nEAdbzqmlhxb7zdnvjA48j/Td33ThuIFG0hkjgRZAYnKRatDS0lJilbAOg6ntcx+tm4CLHgOyIlt8ZMv5SPHWubJJqgXFSvRlMAuQ56BL80n19Iw8AxmKcoXhM5iND9JuwsVtCHmI/fcJWESwtvRCNZ6CipeO8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714778616; c=relaxed/simple; bh=zTpIfqRQDzdzVfUsy6l5qLMI78ldTHEPUTPdLY17JIM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=i3eJ/mDhVMVZzS7FYDiFFYEIAiCD31IdN61pTZdIOvFnQFKryS4Mj6Tewiy2ZHwTAXz++L6CbHXI8gEPZ0ay7PbvX+JkR6NvGS127TPmopG42+B6RBD4xYbbeCn1S/X9rW3vZ49gPFkLW2pRvfla+dOEfpFfErEpaMD7z5cbFmo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=QgbhR5TG; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1ec486198b6so1373775ad.1 for ; Fri, 03 May 2024 16:23:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1714778614; x=1715383414; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=VUA37CihXVg7mm5FxSpz/CzjnHfbPR2trIEY0fDnh+Q=; b=QgbhR5TGzckPzZKG39guSJM+khq955ZxBWGEAq0fY52fc//uRlCu4dqNh8ggEc62Zc Vdd5iECV2R8RjmhJhKBVj0c+bd1l+dF9HPBZomRJmiJXJtNkcie5MbtnDa6iiew+wIii EBRNqwd/Wqpe7a4gS1eB3ujq8jMj6CFLDRrcQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714778614; x=1715383414; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=VUA37CihXVg7mm5FxSpz/CzjnHfbPR2trIEY0fDnh+Q=; b=RQtw0T7vzomd1btp3Gr3tgNvE93lkpIlM6R29t0yQq0ySs40WJzSIEp6mlHKOmH4vf MZADKMeApCkYGI6Q8otoOVfR7gbMjmnYH4Df9xp8kXmF1m+8mblQatHZuSVBeOVXz+BA eUS0PRz1cjfJa/deS5aynvFEvGjsECNGVlPTIxaFKolN6mNhy9Uxn/cEz78P55MlGkuF PmFTaz6+XNqktPc8SZnVdkND4POT6nd/SkXGomoV+lztxx7XBTJpMocn8MBwog0JNFzf PNQIbnWsmZOb2pb6VWmFTDpnJK0xVmi5jnOzDYIk9x365TNnl1VnHulY8yfID1fhmZcu 3FIg== X-Forwarded-Encrypted: i=1; AJvYcCXGF30RLZrtgh30NkxJuXRqPjlgiBnhJR6LpS0OurVRCK0wwYP7lBCr6S7j8b2iLL9gqO+jIhGCzDeuB7tzu1RRTAE4uLgsJC+2IUwh X-Gm-Message-State: AOJu0YwNGQmZhGUGgS+RmAG0xLxWYiVStzwh47lnteKBqoRTTO7/ZWrw miaa3PzF7ERJ+vfcg2ZOItIM8YqUMfVAK/CfqI1hEnKcgAw8W18rKmGIXQmYJg== X-Received: by 2002:a17:903:1c2:b0:1e4:6243:8543 with SMTP id e2-20020a17090301c200b001e462438543mr4608970plh.5.1714778614174; Fri, 03 May 2024 16:23:34 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id b11-20020a170902d50b00b001eb2f4648d3sm3793511plg.228.2024.05.03.16.23.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 May 2024 16:23:33 -0700 (PDT) Date: Fri, 3 May 2024 16:23:33 -0700 From: Kees Cook To: Al Viro Cc: Linus Torvalds , axboe@kernel.dk, brauner@kernel.org, christian.koenig@amd.com, dri-devel@lists.freedesktop.org, io-uring@vger.kernel.org, jack@suse.cz, laura@labbott.name, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, minhquangbui99@gmail.com, sumit.semwal@linaro.org, syzbot+045b454ab35fd82a35fb@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com Subject: Re: [PATCH] epoll: try to be a _bit_ better about file lifetimes Message-ID: <202405031616.793DF7EEE@keescook> References: <202405031110.6F47982593@keescook> <20240503211129.679762-2-torvalds@linux-foundation.org> <20240503212428.GY2118490@ZenIV> <20240503214531.GB2118490@ZenIV> <202405031529.2CD1BFED37@keescook> <20240503230318.GF2118490@ZenIV> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240503230318.GF2118490@ZenIV> On Sat, May 04, 2024 at 12:03:18AM +0100, Al Viro wrote: > On Fri, May 03, 2024 at 03:46:25PM -0700, Kees Cook wrote: > > On Fri, May 03, 2024 at 02:52:38PM -0700, Linus Torvalds wrote: > > > That means that the file will be released - and it means that you have > > > violated all the refcounting rules for poll(). > > > > I feel like I've been looking at this too long. I think I see another > > problem here, but with dmabuf even when epoll is fixed: > > > > dma_buf_poll() > > get_file(dmabuf->file) /* f_count + 1 */ > > dma_buf_poll_add_cb() > > dma_resv_for_each_fence ... > > dma_fence_add_callback(fence, ..., dma_buf_poll_cb) > > > > dma_buf_poll_cb() > > ... > > fput(dmabuf->file); /* f_count - 1 ... for each fence */ > > > > Isn't it possible to call dma_buf_poll_cb() (and therefore fput()) > > multiple times if there is more than 1 fence? Perhaps I've missed a > > place where a single struct dma_resv will only ever signal 1 fence? But > > looking through dma_fence_signal_timestamp_locked(), I don't see > > anything about resv nor somehow looking into other fence cb_list > > contents... > > At a guess, > r = dma_fence_add_callback(fence, &dcb->cb, dma_buf_poll_cb); > if (!r) > return true; > > prevents that - it returns 0 on success and -E... on error; > insertion into the list happens only when it's returning 0, > so... Yes; thank you. I *have* been looking at it all too long. :) The last related thing is the drivers/gpu/drm/vmwgfx/ttm_object.c case: /** * get_dma_buf_unless_doomed - get a dma_buf reference if possible. * * @dmabuf: Non-refcounted pointer to a struct dma-buf. * * Obtain a file reference from a lookup structure that doesn't refcount * the file, but synchronizes with its release method to make sure it * has * not been freed yet. See for example kref_get_unless_zero * documentation. * Returns true if refcounting succeeds, false otherwise. * * Nobody really wants this as a public API yet, so let it mature here * for some time... */ static bool __must_check get_dma_buf_unless_doomed(struct dma_buf *dmabuf) { return atomic_long_inc_not_zero(&dmabuf->file->f_count) != 0L; } If we end up adding epi_fget(), we'll have 2 cases of using "atomic_long_inc_not_zero" for f_count. Do we need some kind of blessed helper to live in file.h or something, with appropriate comments? -- Kees Cook