Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2387245lqo;
        Mon, 20 May 2024 04:30:32 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUpScbn119m37we23yT/jCpOhGai9xYWG/VkETPm63aFz36hqT8yLpmzJMkCy+Npcg47tvma4fchucV5v/Vaxls8l6BwA04gafYag+5Ag==
X-Google-Smtp-Source: AGHT+IGmWZxtdKIKiy9tgwz7xwG9fKb7W4v+6U/fCKIvHBNxU7MgAKEXJ1OgfnSnartX1gz7zMCo
X-Received: by 2002:a05:6e02:1aad:b0:36c:7eb2:50d5 with SMTP id e9e14a558f8ab-36cc149a3a6mr347399465ab.25.1716204632176;
        Mon, 20 May 2024 04:30:32 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716204632; cv=pass;
        d=google.com; s=arc-20160816;
        b=yZv/jSXlPW1E7VZBY7/mAjWXe5czxB5kxCqsl5h8YKN+u842FrbpU80Uq4yjgmYICs
         awNTdnSXj8SelHNvgpyHOrrBxvRXfPqSpua3H9iOMFkAmhyl1ns4yAz1olKX6FIDMsy1
         tBF17GP7SaINr0GXi7DmfXkdcYmeWxYOxqzK94wmgYovoo1HUGho5XS72hfbcjfy+wgw
         zgYbU9dedPEP+0brs5982/QRGXouEY9UQ3zkyA2JpX3nuLQfckJWFu5ettJ2fhl4t5TM
         kAswQODRkHpQdL0ruMIBn2OzMu5/M6MiUcG3NmsFmc19BJyXdhBWUKC2Vf9TTFsS+Fj1
         3bcQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject
         :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id
         :precedence:date:message-id:dkim-signature;
        bh=e5msGpPJDfpNozD6dX0TXGDkIn5t6CljDiGOFY3+f8E=;
        fh=3/rxvK09MbYZqfF0wx0QAkpUgQw6J4eOic7PFvL9Tso=;
        b=YzRp3NLUB0RIpkU0UK553dfbOo+CkNMUWMZofgZ4bwDToPcp8TJSdLEHUaD2cM+d5H
         Jfi3d6OErz7k4UKS3os7smLVCat6CLuyLedDvjBfta9bNZ+lkkEbi4jTbV1oLgedA0YF
         LyTFRPcl3yDADA8QbMVb6eFmVYXfw79hY49XouXFrz9UrQT+DwYMoVFWzTUMRXq6eypJ
         EFKThnEKnlAgNQikS+2quh0oBEoFd8A2tIcdpLRKJIG/e0csZbAdjTmI4XmK+pc/fT/G
         RaupsGtViANqUBI09JM7ZSKc0ohdS8jGwzj7jodZ8AYDPDMqRCla4O3IMlX8sPEmkYMi
         27yA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux.alibaba.com header.s=default header.b=ZRWlrIKp;
       arc=pass (i=1 spf=pass spfdomain=linux.alibaba.com dkim=pass dkdomain=linux.alibaba.com dmarc=pass fromdomain=linux.alibaba.com);
       spf=pass (google.com: domain of linux-kernel+bounces-183651-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-183651-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.alibaba.com
Return-Path: <linux-kernel+bounces-183651-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id 41be03b00d2f7-63409e824d2si144257a12.79.2024.05.20.04.30.31
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 20 May 2024 04:30:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-183651-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.alibaba.com header.s=default header.b=ZRWlrIKp;
       arc=pass (i=1 spf=pass spfdomain=linux.alibaba.com dkim=pass dkdomain=linux.alibaba.com dmarc=pass fromdomain=linux.alibaba.com);
       spf=pass (google.com: domain of linux-kernel+bounces-183651-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-183651-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.alibaba.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9918E28304B
	for <linux.lists.archive@gmail.com>; Mon, 20 May 2024 11:24:23 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 154D2535D6;
	Mon, 20 May 2024 11:24:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="ZRWlrIKp"
Received: from out30-112.freemail.mail.aliyun.com (out30-112.freemail.mail.aliyun.com [115.124.30.112])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C871B42044;
	Mon, 20 May 2024 11:24:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.112
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716204255; cv=none; b=greCa1sb+xv72iCpJ/akfoPgLzaDg9c7HIUimHzBbUIv2Lzluvpy20ejUz5iACi0axYAPHyAlSTIBg/5FDhQeHg0DVDT5HLns46odRRFkBST4Q+zQX8OYP3XvPIh2T62mlZVcIMvcycil1yhyc4yO49mOlIxndyCPX9j/UF0IJY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716204255; c=relaxed/simple;
	bh=e5msGpPJDfpNozD6dX0TXGDkIn5t6CljDiGOFY3+f8E=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=I7tEErEllBZlwaOHiDrH8ALqwn8RUQMuhdYygIRDzo+QeSMlHmC/MgCRAxcO3vlftc4EW/R3q4zEl2xD3dvU9LTJvaykmYE4gihTij+EdeVlcCc5NfF1LQWqyG+DK1K4iNYXScsfKNxsHNWKyI0dtE1yDpwPeyZoGBJwAT25a2o=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=ZRWlrIKp; arc=none smtp.client-ip=115.124.30.112
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com
DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=linux.alibaba.com; s=default;
	t=1716204249; h=Message-ID:Date:MIME-Version:Subject:To:From:Content-Type;
	bh=e5msGpPJDfpNozD6dX0TXGDkIn5t6CljDiGOFY3+f8E=;
	b=ZRWlrIKplW1YPjLd05G9+f+tm8g6XYzuhfjvg3YpjE61faO8TNVdmVePsn751grmQA222UszBEuvIMM9CiMIBjplNb8Zbp8YOOeHs+ujwbX0F704RA4gJjnuPqUGTLGoqCnOUlkmp3oGg/X98WSQoQMIhvRaAODS67uSQDnnLPY=
X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R271e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037067109;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=14;SR=0;TI=SMTPD_---0W6s..ub_1716204246;
Received: from 30.97.48.204(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0W6s..ub_1716204246)
          by smtp.aliyun-inc.com;
          Mon, 20 May 2024 19:24:08 +0800
Message-ID: <e57ae68f-29c3-41ac-bf16-f11d546dd958@linux.alibaba.com>
Date: Mon, 20 May 2024 19:24:06 +0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v2 08/12] cachefiles: never get a new anonymous fd if
 ondemand_id is valid
To: Baokun Li <libaokun@huaweicloud.com>,
 Jingbo Xu <jefflexu@linux.alibaba.com>, netfs@lists.linux.dev,
 dhowells@redhat.com, jlayton@kernel.org
Cc: zhujia.zj@bytedance.com, linux-erofs@lists.ozlabs.org,
 linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
 yangerkun@huawei.com, houtao1@huawei.com, yukuai3@huawei.com,
 wozizhi@huawei.com, Baokun Li <libaokun1@huawei.com>
References: <20240515084601.3240503-1-libaokun@huaweicloud.com>
 <20240515084601.3240503-9-libaokun@huaweicloud.com>
 <f4d24738-76a2-4998-9a28-493599cd7eae@linux.alibaba.com>
 <d62b162d-acb3-2fa7-085e-79da3278091a@huaweicloud.com>
 <a3ca2292-0218-45f6-8afe-4319a10b69e2@linux.alibaba.com>
 <5b1b2719-2123-9218-97b4-ccda8b5cb3b4@huaweicloud.com>
From: Gao Xiang <hsiangkao@linux.alibaba.com>
In-Reply-To: <5b1b2719-2123-9218-97b4-ccda8b5cb3b4@huaweicloud.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit



On 2024/5/20 19:14, Baokun Li wrote:
> On 2024/5/20 17:24, Jingbo Xu wrote:
>>
>> On 5/20/24 5:07 PM, Baokun Li wrote:
>>> On 2024/5/20 16:43, Jingbo Xu wrote:
>>>> On 5/15/24 4:45 PM, libaokun@huaweicloud.com wrote:
>>>>> From: Baokun Li <libaokun1@huawei.com>
>>>>>
> SNIP
>>>>>
>>>>> To avoid this, allocate a new anonymous fd only if no anonymous fd has
>>>>> been allocated (ondemand_id == 0) or if the previously allocated
>>>>> anonymous
>>>>> fd has been closed (ondemand_id == -1). Moreover, returns an error if
>>>>> ondemand_id is valid, letting the daemon know that the current userland
>>>>> restore logic is abnormal and needs to be checked.
>>>>>
>>>>> Fixes: c8383054506c ("cachefiles: notify the user daemon when looking
>>>>> up cookie")
>>>>> Signed-off-by: Baokun Li <libaokun1@huawei.com>
>>>> The LOCs of this fix is quite under control.  But still it seems that
>>>> the worst consequence is that the (potential) malicious daemon gets
>>>> hung.  No more effect to the system or other processes.  Or does a
>>>> non-malicious daemon have any chance having the same issue?
>>> If we enable hung_task_panic, it may cause panic to crash the server.
>> Then this issue has nothing to do with this patch?  As long as a
>> malicious daemon doesn't close the anonymous fd after umounting, then I
>> guess a following attempt of mounting cookie with the same name will
>> also wait and hung there?
>>
> Yes, a daemon that only reads requests but doesn't process them will
> cause hung，but the daemon will obey the basic constraints when we
> test it.

If we'd really like to enhanace this ("hung_task_panic"), I think
you'd better to switch wait_for_completion() to
wait_for_completion_killable() at least IMHO anyway.

Thanks,
Gao Xiang