All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: axboe@kernel.dk, syzkaller-bugs@googlegroups.com,
	linux-block@vger.kernel.org
Subject: Re: [PATCH] loop: add recursion validation to LOOP_CHANGE_FD
Date: Tue, 08 May 2018 09:28:17 +0900	[thread overview]
Message-ID: <201805080028.w480SH3m013943@www262.sakura.ne.jp> (raw)
In-Reply-To: <20180507235142.GC999@thunk.org>

> On Tue, May 08, 2018 at 05:45:21AM +0900, Tetsuo Handa wrote:
> > > 
> > > > By the way, are you aware that current "/* Avoid recursion */" loop is not thread safe?
> > > 
> > > Actually, it is safe.  While the child loop device has an open file on
> > > the parent, lo_refcnt is elevated, which prevents loop_clr_fd from
> > > actually set setting lo_state to Lo_rundown and clearing
> > > lo_backing_file
> > 
> > If you think it is safe, please explain that the crash referenced in a patch
> > at https://groups.google.com/d/msg/syzkaller-bugs/2Rw8-OM6IbM/PzdobV8kAgAJ is
> > no longer possible. syzbot is hitting crashes there.
> 
> Huh?  You were worried about a race where loop_change_fd could race
> with loop_clr_fd causing a NULL dereference of lo_backing_file.
> 
> The mail thread you are referencing is a deadlock problem with
> loop_reread_partitions() and lo_release().  This is unreleated to the
> possible race you were concerned about in loop_change_fd().

The thread I mean is:

  general protection fault in lo_ioctl (2)
  https://syzkaller.appspot.com/bug?id=f3cfe26e785d85f9ee259f385515291d21bd80a3

Are you sure that your patch solves this problem as well?

  reply	other threads:[~2018-05-08  0:28 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-04  2:17 [PATCH] loop: add recursion validation to LOOP_CHANGE_FD Theodore Ts'o
2018-05-07 11:16 ` Tetsuo Handa
2018-05-07 13:10   ` Theodore Y. Ts'o
2018-05-07 13:21     ` Tetsuo Handa
2018-05-07 15:33       ` Theodore Y. Ts'o
2018-05-07 15:37         ` [PATCH -v2] " Theodore Ts'o
2018-06-05 13:04           ` Tetsuo Handa
2018-06-05 14:51             ` Theodore Y. Ts'o
2018-06-05 15:07               ` Jens Axboe
2018-05-07 20:45         ` [PATCH] " Tetsuo Handa
2018-05-07 23:51           ` Theodore Y. Ts'o
2018-05-08  0:28             ` Tetsuo Handa [this message]
2018-05-08  3:56               ` Theodore Y. Ts'o
2018-05-08  4:23                 ` Tetsuo Handa
2018-05-09  8:49                 ` Dmitry Vyukov
2018-05-09 14:02                   ` Theodore Y. Ts'o
2018-05-14  7:41                     ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201805080028.w480SH3m013943@www262.sakura.ne.jp \
    --to=penguin-kernel@i-love.sakura.ne.jp \
    --cc=axboe@kernel.dk \
    --cc=linux-block@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.