From: Al Viro <viro@zeniv.linux.org.uk>
To: Yu Kuai <yukuai1@huaweicloud.com>
Cc: Christoph Hellwig <hch@lst.de>,
jack@suse.cz, brauner@kernel.org, axboe@kernel.dk,
linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
yi.zhang@huawei.com, yangerkun@huawei.com,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [RFC v4 linux-next 19/19] fs & block: remove bdev->bd_inode
Date: Fri, 22 Mar 2024 06:33:46 +0000 [thread overview]
Message-ID: <20240322063346.GB3404528@ZenIV> (raw)
In-Reply-To: <c62dac0e-666f-9cc9-cffe-f3d985029d6a@huaweicloud.com>
On Tue, Mar 19, 2024 at 04:26:19PM +0800, Yu Kuai wrote:
> +void put_bdev_file(struct block_device *bdev)
> +{
> + struct file *file = NULL;
> + struct inode *bd_inode = bdev_inode(bdev);
> +
> + mutex_lock(&bdev->bd_disk->open_mutex);
> + file = bd_inode->i_private;
> +
> + if (!atomic_read(&bdev->bd_openers))
> + bd_inode->i_private = NULL;
> +
> + mutex_unlock(&bdev->bd_disk->open_mutex);
> +
> + fput(file);
> +}
Locking is completely wrong here. The only thing that protects
->bd_openers is ->open_mutex. atomic_read() is obviously a red
herring.
Suppose another thread has already opened the same sucker
with bdev_file_open_by_dev().
Now you are doing the same thing, just as the other guy is
getting to bdev_release() call.
The thing is, between your get_bdev_file() and increment of ->bd_openers
(in bdev_open()) there's a window when bdev_release() of the old file
could've gotten all the way through the decrement of ->bd_openers
(to 0, since our increment has not happened yet) and through the
call of put_bdev_file(), which ends up clearing ->i_private.
End result:
* old ->i_private leaked (already grabbed by your get_bdev_file())
* ->bd_openers at 1 (after your bdev_open() gets through)
* ->i_private left NULL.
Christoph, could we please get rid of that atomic_t nonsense?
It only confuses people into brainos like that. It really
needs ->open_mutex for any kind of atomicity.
next prev parent reply other threads:[~2024-03-22 6:33 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-22 12:45 [RFC v4 linux-next 00/19] fs & block: remove bdev->bd_inode Yu Kuai
2024-02-22 12:45 ` [RFC v4 linux-next 01/19] block: move two helpers into bdev.c Yu Kuai
2024-03-15 14:31 ` Jan Kara
2024-03-17 21:19 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 02/19] block: remove sync_blockdev_nowait() Yu Kuai
2024-03-15 14:34 ` Jan Kara
2024-03-17 21:19 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 03/19] block: remove sync_blockdev_range() Yu Kuai
2024-03-15 14:37 ` Jan Kara
2024-03-17 21:21 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 04/19] block: prevent direct access of bd_inode Yu Kuai
2024-03-15 14:44 ` Jan Kara
2024-03-17 21:23 ` Christoph Hellwig
2024-03-22 5:44 ` Al Viro
2024-02-22 12:45 ` [RFC v4 linux-next 05/19] bcachefs: remove dead function bdev_sectors() Yu Kuai
2024-03-15 14:42 ` Jan Kara
2024-03-17 21:23 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 06/19] cramfs: prevent direct access of bd_inode Yu Kuai
2024-03-15 14:44 ` Jan Kara
2024-03-17 21:23 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 07/19] erofs: " Yu Kuai
2024-03-15 14:45 ` Jan Kara
2024-03-17 21:24 ` Christoph Hellwig
2024-03-18 2:39 ` Gao Xiang
2024-02-22 12:45 ` [RFC v4 linux-next 08/19] nilfs2: " Yu Kuai
2024-03-15 14:49 ` Jan Kara
2024-03-17 21:24 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 09/19] gfs2: " Yu Kuai
2024-03-15 14:54 ` Jan Kara
2024-03-17 21:24 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 10/19] s390/dasd: use bdev api in dasd_format() Yu Kuai
2024-03-15 14:55 ` Jan Kara
2024-03-17 21:25 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 11/19] btrfs: prevent direct access of bd_inode Yu Kuai
2024-03-15 15:09 ` Jan Kara
2024-03-17 21:25 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 12/19] ext4: remove block_device_ejected() Yu Kuai
2024-02-22 12:45 ` [RFC v4 linux-next 13/19] ext4: prevent direct access of bd_inode Yu Kuai
2024-03-15 14:58 ` Jan Kara
2024-03-17 21:25 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 14/19] jbd2: " Yu Kuai
2024-03-15 15:06 ` Jan Kara
2024-03-17 21:26 ` Christoph Hellwig
2024-03-18 1:10 ` Yu Kuai
2024-02-22 12:45 ` [RFC v4 linux-next 15/19] bcache: " Yu Kuai
2024-03-15 15:11 ` Jan Kara
2024-03-17 21:34 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 16/19] block2mtd: " Yu Kuai
2024-03-15 15:12 ` Jan Kara
2024-03-17 21:36 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 17/19] dm-vdo: " Yu Kuai
2024-02-28 13:41 ` Christoph Hellwig
2024-03-18 9:11 ` Jan Kara
2024-03-18 9:19 ` Jan Kara
2024-03-18 13:38 ` Yu Kuai
2024-03-19 2:00 ` Matthew Sakai
2024-02-22 12:45 ` [RFC v4 linux-next 18/19] scsi: factor out a helper bdev_read_folio() from scsi_bios_ptable() Yu Kuai
2024-03-17 21:36 ` Christoph Hellwig
2024-03-18 1:12 ` Yu Kuai
2024-03-18 9:22 ` Jan Kara
2024-02-22 12:45 ` [RFC v4 linux-next 19/19] fs & block: remove bdev->bd_inode Yu Kuai
2024-02-25 0:06 ` kernel test robot
2024-03-17 21:38 ` Christoph Hellwig
2024-03-18 1:26 ` Yu Kuai
2024-03-18 1:32 ` Christoph Hellwig
2024-03-18 1:51 ` Yu Kuai
2024-03-18 7:19 ` Yu Kuai
2024-03-18 10:07 ` Christian Brauner
2024-03-18 10:29 ` Christian Brauner
2024-03-18 10:46 ` Christian Brauner
2024-03-18 11:57 ` Yu Kuai
2024-03-18 23:35 ` Christoph Hellwig
2024-03-18 23:22 ` Christoph Hellwig
2024-03-19 8:26 ` Yu Kuai
2024-03-21 11:27 ` Jan Kara
2024-03-21 12:15 ` Yu Kuai
2024-03-22 6:37 ` Al Viro
2024-03-22 6:39 ` Al Viro
2024-03-22 6:52 ` Yu Kuai
2024-03-22 12:57 ` Jan Kara
2024-03-22 13:57 ` Christian Brauner
2024-03-22 15:43 ` Al Viro
2024-03-22 16:16 ` Al Viro
2024-03-22 6:33 ` Al Viro [this message]
2024-03-22 7:09 ` Yu Kuai
2024-03-22 16:01 ` Al Viro
2024-03-22 13:10 ` Jan Kara
2024-03-22 14:57 ` Al Viro
2024-03-25 1:06 ` Christoph Hellwig
2024-02-28 13:42 ` [RFC v4 linux-next 00/19] " Christoph Hellwig
2024-03-15 12:08 ` Yu Kuai
2024-03-15 13:54 ` Christian Brauner
2024-03-16 2:49 ` Yu Kuai
2024-03-18 9:39 ` Christian Brauner
2024-03-19 1:18 ` Yu Kuai
2024-03-19 1:43 ` Yu Kuai
2024-03-19 2:13 ` Matthew Sakai
2024-03-19 2:27 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240322063346.GB3404528@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.