From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f45.google.com ([209.85.218.45]:32872 "EHLO mail-oi0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751022AbcAZTwY (ORCPT ); Tue, 26 Jan 2016 14:52:24 -0500 Received: by mail-oi0-f45.google.com with SMTP id r14so8871771oie.0 for ; Tue, 26 Jan 2016 11:52:23 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20160124040529.GX17997@ZenIV.linux.org.uk> References: <20160122200442.GF17997@ZenIV.linux.org.uk> <20160123001202.GJ17997@ZenIV.linux.org.uk> <20160123012808.GK17997@ZenIV.linux.org.uk> <20160123191055.GN17997@ZenIV.linux.org.uk> <20160123214006.GO17997@ZenIV.linux.org.uk> <20160124001615.GT17997@ZenIV.linux.org.uk> <20160124040529.GX17997@ZenIV.linux.org.uk> Date: Tue, 26 Jan 2016 14:52:23 -0500 Message-ID: Subject: Re: Orangefs ABI documentation From: Martin Brandenburg To: Al Viro Cc: Mike Marshall , Linus Torvalds , linux-fsdevel Content-Type: text/plain; charset=UTF-8 Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On 1/23/16, Al Viro wrote: > We'll just decrement the refcount of bufmap, do nothing since it hasn't > reached zero, proceed to mark all ops as purged, wake each service_operation() > up and sod off. Now, the holders of those slots will call > orangefs_get_bufmap_init(), get 1 (since we hadn't dropped the last reference > yet - can it *ever* see 0 there, actually?) and return -EAGAIN. With > wait_for_direct_io() noticing that, freeing the slot and going into restart. > And if there was the only one, we are fine, but what if there were several? The answer here is yes. Otherwise a malicious client could not set up the bufmap then crash the kernel by attempting to use it. -- Martin