Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp480670lqh; Sat, 4 May 2024 08:40:59 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXNzMI+6QHwE1XaO+RzMRDzoFnv1SXIAgXNwxJQX9lpw1yqQ3xsuSbKIMrL+VzmWdiMK79rW3bsffcja+j6SjNQAgbqo5fuvQ+slLk4jA== X-Google-Smtp-Source: AGHT+IHoAnafmGTwjgcfwdz76hECvhxObTc20BEoDwLXRYGrwBEhtFU52NE1+mKBn5gw/LrFKSy1 X-Received: by 2002:a17:906:840a:b0:a59:ba2b:590f with SMTP id n10-20020a170906840a00b00a59ba2b590fmr178335ejx.67.1714837259532; Sat, 04 May 2024 08:40:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714837259; cv=pass; d=google.com; s=arc-20160816; b=TZ0htfZ5XdHvjWnZBDbN/su8LoKyh/8gD8M1e+O5xanSOHBNi9JOeWhcGcVxEpS34p T2jaRaHJRuTHjs3G1d0FgauRHazcQIQWOW52VdhxR4Ld1u8LHisqChPUgpXMosoFjNN9 DnW6/1CePK6iBjlmH8XbRP+FVK0Lc+PkZSuvFnK/rE0zFnzjKZstAJh1jaW0Diy8vQqW QXoa1jD3PicyIlUWaXZkWzXJ03C/7RM73EBnMRGGmW46sbLqGBZznOx1+iIteBgaa/6X pth+3DP9gGvjGX6atSrgTbi3EmaFFa7dHEbS0DhAbUSkg6sU1iHhEthSPlfsx/sntk1q B3+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=PFxw8P3AYgeC7IB6rTn+68WOAU10n6cRPv/6X7o+SOY=; fh=p7b8TQd9g5fCNuzr5d14kgX7MwMqD16rddrngD5/qtg=; b=uritpElwINvq+9AYuf9qt8hrrIl3kC5d3KVSAS/8y608T6O36AKgM9hYOGsoqbRibl sYLOPoNvMgcQEhTv3bti0bDKEW014qSTMevvJhiHB7A+gDzsTR+w8AqBn8M/skvtFqa0 HniU7o55qvjXlCBnidqX8hZuyl+bazbmSnHUthNwVxMDr0YJwTZ22hexbnaDX7SoXkAM RMl4mFWlZciGV3DTXi9cMXKxwCDoOrPfkk00cYLLbgRCHGrkBiMP1bEsfW12RVtmxlT5 hoCUjO14ptjrJk7Gj1a7+efAig/eah4JMEBrTDm8ojIFl4xCx0gyurptsGAleA3U3zM6 yoMw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=HWYpKkor; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-168732-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168732-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id m6-20020a17090607c600b00a522e8dec86si2719215ejc.583.2024.05.04.08.40.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 May 2024 08:40:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-168732-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=HWYpKkor; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-168732-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-168732-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 16F871F21F9D for ; Sat, 4 May 2024 15:40:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 91893502B3; Sat, 4 May 2024 15:40:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="HWYpKkor" Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 240963EA76 for ; Sat, 4 May 2024 15:40:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714837246; cv=none; b=AX9iLotGJHOXeF9aTc4M3OKrnSCYxycbT13jKIoi/p+DYVvhrTHvpK5yd5Q+O4Hi/4VdjtlRC42Y9p0T8EzkXEcjVNAHpXGK6pWdnRVujs5UexRC+D6W44eeJZxNoPwOniSpIA7s2AOwUKGaBwT2bXO/CqYLvMoKO5Z78tOcdx4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714837246; c=relaxed/simple; bh=+wl7Si+XKc7WGkikTFO8826D1qbowNHEhUrycKotHDY=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=H2opA8mp4asQKeBkgeu3wpSDidSu9g2UhBaGYEiuHm5nUScZD9tb+FGpeZ5j+HEW5wTX3qM8VxTrjht1tyT4PmQRIaQcJ/B6KCHKPURjfL4tl+Eia8usEQVpKaQTwbceQAU6ufdpJhGkhCXh3DIu/9DCCGLi/N6mk/M9OrwZqXY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org; spf=pass smtp.mailfrom=linuxfoundation.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=HWYpKkor; arc=none smtp.client-ip=209.85.218.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-a59a934ad50so97235766b.1 for ; Sat, 04 May 2024 08:40:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1714837243; x=1715442043; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=PFxw8P3AYgeC7IB6rTn+68WOAU10n6cRPv/6X7o+SOY=; b=HWYpKkor+X0OlBZ+pN69qc1p+9D286NR/kjb9Eut9WyLQcVKAOVM+kjWJolAyRIjnb EleZB/FacFvDmPO7B6sIPd5rt4NS4hLPAbwx/r0yyPImDmy+aY8X2i+CokrQrNVi9S9s PrkfUJUNyE7Febc1tcRFEVT+pa1I32u++fKWc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714837243; x=1715442043; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PFxw8P3AYgeC7IB6rTn+68WOAU10n6cRPv/6X7o+SOY=; b=IF4jTQK3+LIFcILcNOn7Ih9h3fCpRQCfzp6PWhy251cZgcAg+jDEwRkSUHfBoUefB0 Jp//mQPEnYWkmsHM5cuHXLRfqs+i2i69bNE0LzjbnTHzbLY5WcNIV3toZpPSqTshtgqH RFPx2IwKJ+K1/soYgdsOKFNq/A4TbJJjQ1IF+Dksklu5QPCAed8BGJiwAOkLKfa58OVi hg9i4AtWvmuSbtuhtKxfUk+4XrqWJ76aK5GMF9tIfeHElQvcFceCr6vMaAIpF4MVLzGQ 615W0nN/STO+LdGgEWJbj1iUdZwoIzUhmCde5IyQwO5B38ea5yb61CQ73m3lpNjJfFtd c56Q== X-Forwarded-Encrypted: i=1; AJvYcCXr/mkxooAEYfEpTYBKFYpGAd1aKg7ifM3zS0lFWHTylDFTnRYn4lxOcYC13fKjCmsfDHMxUh6W27MyFOPQtVJ7a7yiktGo18MIJGcl X-Gm-Message-State: AOJu0Yxy+FFCfpTQf5AhRyEcRi4t429hqI9YygsaMK+y4MhZ/ljEqJDE wQwqZzPS6kwxw1sn8uo7870M6Wtmlc8A6F1215NGQqW+cFh8pb0Xjrv8qKP1n8CiJEUkdEKzyFE Ep8xnyg== X-Received: by 2002:a17:906:dc04:b0:a52:8a8a:59a7 with SMTP id yy4-20020a170906dc0400b00a528a8a59a7mr3655133ejb.15.1714837243414; Sat, 04 May 2024 08:40:43 -0700 (PDT) Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com. [209.85.218.45]) by smtp.gmail.com with ESMTPSA id d12-20020a17090648cc00b00a59a874136fsm837629ejt.214.2024.05.04.08.40.42 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 04 May 2024 08:40:42 -0700 (PDT) Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-a599c55055dso125713766b.0 for ; Sat, 04 May 2024 08:40:42 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCXNi2keMaZ+m0Q0wHPiq2c3w2GoPa3zj7G42nGoSXvSd1zxKH3NtMgpdYpqFNklhJ7MAkTkF5R6myjJfnj6fqLvie/IvHtY2evRZuQL X-Received: by 2002:a17:906:cf83:b0:a55:75f6:ce0f with SMTP id um3-20020a170906cf8300b00a5575f6ce0fmr3540131ejb.13.1714837242162; Sat, 04 May 2024 08:40:42 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <202405031110.6F47982593@keescook> <20240503211129.679762-2-torvalds@linux-foundation.org> <20240503212428.GY2118490@ZenIV> <20240504-wohngebiet-restwert-6c3c94fddbdd@brauner> In-Reply-To: From: Linus Torvalds Date: Sat, 4 May 2024 08:40:25 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] epoll: try to be a _bit_ better about file lifetimes To: Christian Brauner Cc: Al Viro , keescook@chromium.org, axboe@kernel.dk, christian.koenig@amd.com, dri-devel@lists.freedesktop.org, io-uring@vger.kernel.org, jack@suse.cz, laura@labbott.name, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, minhquangbui99@gmail.com, sumit.semwal@linaro.org, syzbot+045b454ab35fd82a35fb@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" On Sat, 4 May 2024 at 08:32, Linus Torvalds wrote: > > Now, during this TOTALLY INNOCENT sock_poll(), in another thread, the > file closing completes, eventpoll_release() finishes [..] Actually, Al is right that ep_item_poll() should be holding the ep->mtx, so eventpoll_release() -> eventpoll_release_file_file() -> mutex_lock(&ep->mtx) should block and the file doesn't actually get released. So I guess the sock_poll() issue cannot happen. It does need some poll() function that does 'fget()', and believes that it works. But because the f_count has already gone down to zero, fget() doesn't work, and doesn't keep the file around, and you have the bug. The cases that do fget() in poll() are probably race, but they aren't buggy. epoll is buggy. So my example wasn't going to work, but the argument isn't really any different, it's just a much more limited case that breaks. And maybe it's even *only* dma-buf that does that fget() in its ->poll() function. Even *then* it's not a dma-buf.c bug. Linus