From: Al Viro <viro@ZenIV.linux.org.uk>
To: Martin Brandenburg <martin@omnibond.com>
Cc: Mike Marshall <hubcap@omnibond.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: Orangefs ABI documentation
Date: Sat, 30 Jan 2016 17:34:13 +0000 [thread overview]
Message-ID: <20160130173413.GE17997@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CA+D=wkjuAq-krCKPMFJ6M4iik4Cz=WLS1KE=pQQGSWpz07q6Rw@mail.gmail.com>
On Tue, Jan 26, 2016 at 02:52:23PM -0500, Martin Brandenburg wrote:
> On 1/23/16, Al Viro <viro@zeniv.linux.org.uk> wrote:
> > We'll just decrement the refcount of bufmap, do nothing since it hasn't
> > reached zero, proceed to mark all ops as purged, wake each service_operation()
> > up and sod off. Now, the holders of those slots will call
> > orangefs_get_bufmap_init(), get 1 (since we hadn't dropped the last reference
> > yet - can it *ever* see 0 there, actually?) and return -EAGAIN. With
> > wait_for_direct_io() noticing that, freeing the slot and going into restart.
> > And if there was the only one, we are fine, but what if there were several?
>
> The answer here is yes. Otherwise a malicious client could not set up
> the bufmap then crash the kernel by attempting to use it.
Umm... The question was "what happens if there was more than one slot
in use when we hit
if (ret == -EAGAIN && op_state_purged(new_op)) {
orangefs_bufmap_put(bufmap, buffer_index);
gossip_debug(GOSSIP_FILE_DEBUG,
"%s:going to repopulate_shared_memory.\n",
__func__);
goto populate_shared_memory;
}
in wait_for_direct_io()?" If the answer is "yes", I'd like to see more
detailed version, if possible...
Note that __orangefs_bufmap won't become NULL until all slots are freed,
so getting to that place with more than one slot in use will have us
go to populate_shared_memory, where we'll grab a new reference to the
same old bufmap and allocate a slot _there_...
And again, how could
/* op uses shared memory */
if (orangefs_get_bufmap_init() == 0) {
in service_operation() possibly be true, when we have
* op->uses_shared_memory just checked to be set
* all callers that set it (orangefs_readdir() and wait_for_direct_io()
having allocated a slot before calling service_operation() and not releasing
it until service_operation() returns
* __orangefs_bufmap not becoming NULL until all slots are freed and
* orangefs_get_bufmap_init() returning 1 unless __orangefs_bufmap is
NULL?
AFAICS, that code (waiting for daemon to be restarted) is provably never
executed. What am I missing?
next prev parent reply other threads:[~2016-01-30 17:34 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-15 21:46 Orangefs ABI documentation Mike Marshall
2016-01-22 7:11 ` Al Viro
2016-01-22 11:09 ` Mike Marshall
2016-01-22 16:59 ` Mike Marshall
2016-01-22 17:08 ` Al Viro
2016-01-22 17:40 ` Mike Marshall
2016-01-22 17:43 ` Al Viro
2016-01-22 18:17 ` Mike Marshall
2016-01-22 18:37 ` Al Viro
2016-01-22 19:07 ` Mike Marshall
2016-01-22 19:21 ` Mike Marshall
2016-01-22 20:04 ` Al Viro
2016-01-22 20:30 ` Mike Marshall
2016-01-23 0:12 ` Al Viro
2016-01-23 1:28 ` Al Viro
2016-01-23 2:54 ` Mike Marshall
2016-01-23 19:10 ` Al Viro
2016-01-23 19:24 ` Mike Marshall
2016-01-23 21:35 ` Mike Marshall
2016-01-23 22:05 ` Al Viro
2016-01-23 21:40 ` Al Viro
2016-01-23 22:36 ` Mike Marshall
2016-01-24 0:16 ` Al Viro
2016-01-24 4:05 ` Al Viro
2016-01-24 22:12 ` Mike Marshall
2016-01-30 17:22 ` Al Viro
2016-01-26 19:52 ` Martin Brandenburg
2016-01-30 17:34 ` Al Viro [this message]
2016-01-30 18:27 ` Al Viro
2016-02-04 23:30 ` Mike Marshall
2016-02-06 19:42 ` Al Viro
2016-02-07 1:38 ` Al Viro
2016-02-07 3:53 ` Al Viro
2016-02-07 20:01 ` [RFC] bufmap-related wait logics (Re: Orangefs ABI documentation) Al Viro
2016-02-08 22:26 ` Orangefs ABI documentation Mike Marshall
2016-02-08 23:35 ` Al Viro
2016-02-09 3:32 ` Al Viro
2016-02-09 14:34 ` Mike Marshall
2016-02-09 17:40 ` Al Viro
2016-02-09 21:06 ` Al Viro
2016-02-09 22:25 ` Mike Marshall
2016-02-11 23:36 ` Mike Marshall
2016-02-09 22:02 ` Mike Marshall
2016-02-09 22:16 ` Al Viro
2016-02-09 22:40 ` Al Viro
2016-02-09 23:13 ` Al Viro
2016-02-10 16:44 ` Al Viro
2016-02-10 21:26 ` Al Viro
2016-02-11 23:54 ` Mike Marshall
2016-02-12 0:55 ` Al Viro
2016-02-12 12:13 ` Mike Marshall
2016-02-11 0:44 ` Al Viro
2016-02-11 3:22 ` Mike Marshall
2016-02-12 4:27 ` Al Viro
2016-02-12 12:26 ` Mike Marshall
2016-02-12 18:00 ` Martin Brandenburg
2016-02-13 17:18 ` Mike Marshall
2016-02-13 17:47 ` Al Viro
2016-02-14 2:56 ` Al Viro
2016-02-14 3:46 ` [RFC] slot allocator - waitqueue use review needed (Re: Orangefs ABI documentation) Al Viro
2016-02-14 4:06 ` Al Viro
2016-02-16 2:12 ` Al Viro
2016-02-16 19:28 ` Al Viro
2016-02-14 22:31 ` Orangefs ABI documentation Mike Marshall
2016-02-14 23:43 ` Al Viro
2016-02-15 17:46 ` Mike Marshall
2016-02-15 18:45 ` Al Viro
2016-02-15 22:32 ` Martin Brandenburg
2016-02-15 23:04 ` Al Viro
2016-02-16 23:15 ` Mike Marshall
2016-02-16 23:36 ` Al Viro
2016-02-16 23:54 ` Al Viro
2016-02-17 19:24 ` Mike Marshall
2016-02-17 20:11 ` Al Viro
2016-02-17 21:17 ` Al Viro
2016-02-17 22:24 ` Mike Marshall
2016-02-17 22:40 ` Martin Brandenburg
2016-02-17 23:09 ` Al Viro
2016-02-17 23:15 ` Al Viro
2016-02-18 0:04 ` Al Viro
2016-02-18 11:11 ` Al Viro
2016-02-18 18:58 ` Mike Marshall
2016-02-18 19:20 ` Al Viro
2016-02-18 19:49 ` Martin Brandenburg
2016-02-18 20:08 ` Mike Marshall
2016-02-18 20:22 ` Mike Marshall
2016-02-18 20:38 ` Mike Marshall
2016-02-18 20:52 ` Al Viro
2016-02-18 21:50 ` Mike Marshall
2016-02-19 0:25 ` Al Viro
2016-02-19 22:11 ` Mike Marshall
2016-02-19 22:22 ` Al Viro
2016-02-20 12:14 ` Mike Marshall
2016-02-20 13:36 ` Al Viro
2016-02-22 16:20 ` Mike Marshall
2016-02-22 21:22 ` Mike Marshall
2016-02-23 21:58 ` Mike Marshall
2016-02-26 20:21 ` Mike Marshall
2016-02-19 22:32 ` Al Viro
2016-02-19 22:45 ` Martin Brandenburg
2016-02-19 22:50 ` Martin Brandenburg
2016-02-18 20:49 ` Al Viro
2016-02-15 22:47 ` Mike Marshall
2016-01-23 22:46 ` write() semantics (Re: Orangefs ABI documentation) Al Viro
2016-01-23 23:35 ` Linus Torvalds
2016-03-03 22:25 ` Mike Marshall
2016-03-04 20:55 ` Mike Marshall
2016-01-22 20:51 ` Orangefs ABI documentation Mike Marshall
2016-01-22 23:53 ` Mike Marshall
2016-01-22 19:54 ` Al Viro
2016-01-22 19:50 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160130173413.GE17997@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=hubcap@omnibond.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=martin@omnibond.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.