From: Linus Torvalds <torvalds@linux-foundation.org>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [GIT PULL] vfs fixes
Date: Thu, 19 Oct 2023 09:37:24 -0700 [thread overview]
Message-ID: <CAHk-=whBXdLJ=QDpYmDEH-Tn71dXasGJSX4Jz4qMo8V4-7vYkg@mail.gmail.com> (raw)
In-Reply-To: <20231019-kampfsport-metapher-e5211d7be247@brauner>
On Thu, 19 Oct 2023 at 03:09, Christian Brauner <brauner@kernel.org> wrote:
>
> An openat() call from io_uring triggering an audit call can apparently
> cause the refcount of struct filename to be incremented from multiple
> threads concurrently during async execution, triggering a refcount
> underflow and hitting a BUG_ON(). That bug has been lurking around since
> at least v5.16 apparently.
Ouch. That filename ref by audit was always supposed to be
thread-local in a "for this system call" kind of sense.
But yes, looks like the io_uring stuff ended up making it no longer
thread-local.
That said, using atomics for reference counting is our default
behavior and should be normal, so the patch isn't wrong, it's just
annoying since getname/putname is very much in the critical path of
filename handling.
That said, the extra atomics are hopefully not really noticeable.
Some people might want to use the non-refcounted version (ie we have
getname/putname used by ksmbd too, for example), if they really care.
It already exists, as __getname/__putname.
But the normal open/stat/etc system call paths are obviously now going
to hit those extra atomics. Not lovely, but I guess it's the best we
can do.
> Switch to an atomic counter to fix that. The underflow check is
> downgraded from a BUG_ON() to a WARN_ON_ONCE() but we could easily
> remove that check altogether tbh and not waste an additional atomic. So
> if you feel that extra check isn't needed you could just remove in case
> you're pulling.
Well, the atomic *read* is cheap - the expensive part is the
atomic_dec_and_test() (and the atomic_inc in the audit code.
I'm not sure why you made it check just for zero in the WARN_ON_ONCE,
rather than <= 0 as it used to, but that check is racy regardless, so
it doesn't matter. It would miss two concurrent decrements coming in
with a count of 1.
We don't have the ternary test of atomic decrement results (positive,
zero or negative), so it is what it is.
Linus
next prev parent reply other threads:[~2023-10-19 16:37 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-19 10:07 [GIT PULL] vfs fixes Christian Brauner
2023-10-19 16:37 ` Linus Torvalds [this message]
2023-10-20 11:14 ` Christian Brauner
2023-10-19 18:36 ` pr-tracker-bot
-- strict thread matches above, loose matches on Subject: below --
2024-05-27 11:55 Christian Brauner
2024-05-27 15:30 ` pr-tracker-bot
2024-04-26 14:59 Christian Brauner
2024-04-26 18:09 ` pr-tracker-bot
2024-04-05 11:22 Christian Brauner
2024-04-05 17:09 ` pr-tracker-bot
2024-03-18 12:19 Christian Brauner
2024-03-18 16:48 ` pr-tracker-bot
2024-03-18 19:14 ` Linus Torvalds
2024-03-18 19:41 ` Linus Torvalds
2024-03-19 6:58 ` Christian Brauner
2024-03-20 10:21 ` Christian Brauner
2024-03-06 15:45 Christian Brauner
2024-03-06 16:33 ` pr-tracker-bot
2024-03-01 12:45 Christian Brauner
2024-03-01 20:37 ` pr-tracker-bot
2024-02-22 14:03 Christian Brauner
2024-02-22 18:18 ` pr-tracker-bot
2024-02-12 13:00 Christian Brauner
2024-02-12 17:03 ` pr-tracker-bot
2024-01-13 12:31 Christian Brauner
2024-01-17 20:03 ` pr-tracker-bot
2023-11-24 10:27 Christian Brauner
2023-11-24 18:25 ` Linus Torvalds
2023-11-24 18:52 ` Linus Torvalds
2023-11-24 20:12 ` Linus Torvalds
2023-11-25 13:05 ` Christian Brauner
2023-11-25 13:10 ` Christian Brauner
2023-11-25 13:28 ` Omar Sandoval
2023-11-25 14:04 ` Christian Brauner
2023-11-24 18:26 ` pr-tracker-bot
2023-09-26 10:39 Christian Brauner
2023-09-26 16:14 ` pr-tracker-bot
2023-07-06 11:52 Christian Brauner
2023-07-07 2:27 ` pr-tracker-bot
2023-07-02 11:28 Christian Brauner
2023-07-02 18:53 ` pr-tracker-bot
2023-05-25 12:22 Christian Brauner
2023-05-25 18:18 ` pr-tracker-bot
2023-05-12 15:31 Christian Brauner
2023-05-12 22:14 ` pr-tracker-bot
2023-04-03 11:04 Christian Brauner
2023-04-03 16:51 ` pr-tracker-bot
2023-03-12 12:18 Christian Brauner
2023-03-12 16:20 ` pr-tracker-bot
2020-09-22 21:29 [git pull] " Al Viro
2020-09-22 22:15 ` pr-tracker-bot
[not found] <CAHk-=wgdsv1UA+QtgiJM8KQAG7N7_9iK_edchnzZYyj+nxmfLA@mail.gmail.com>
[not found] ` <20200113195448.GT8904@ZenIV.linux.org.uk>
[not found] ` <CAHk-=whn5qk-e-KnYr6HNe5hp45v+XyDbsA2+szXvK3gC06A2w@mail.gmail.com>
2020-01-15 6:41 ` Al Viro
2020-01-15 19:35 ` pr-tracker-bot
2018-07-01 12:31 Al Viro
2018-07-01 19:36 ` Linus Torvalds
2018-07-01 20:05 ` Al Viro
2018-07-01 20:25 ` Linus Torvalds
2018-04-20 15:58 Al Viro
2018-04-20 18:29 ` Andrew Morton
2018-04-20 19:09 ` Al Viro
2018-04-20 19:57 ` Andrew Morton
2017-06-17 2:56 Al Viro
2017-04-09 5:40 Al Viro
2017-04-11 6:10 ` Linus Torvalds
2017-04-11 6:48 ` Al Viro
2017-04-11 21:02 ` Andreas Dilger
2017-04-12 7:00 ` Linus Torvalds
2017-04-15 6:41 ` Vegard Nossum
2017-04-15 16:51 ` Linus Torvalds
2017-04-15 17:08 ` Al Viro
2017-04-02 17:01 Al Viro
2017-04-02 23:59 ` Linus Torvalds
2017-04-03 0:10 ` Linus Torvalds
2017-04-03 0:30 ` Al Viro
2017-04-03 0:43 ` Al Viro
2017-04-03 0:58 ` Linus Torvalds
2017-04-03 2:21 ` Al Viro
2017-04-03 6:00 ` Eric W. Biederman
2017-04-03 7:46 ` Al Viro
2017-04-04 0:22 ` Ian Kent
2017-04-04 0:47 ` Ian Kent
2017-04-03 0:20 ` Al Viro
2016-06-17 20:50 Q. hlist_bl_add_head_rcu() in d_alloc_parallel() J. R. Okajima
2016-06-17 22:16 ` Al Viro
2016-06-19 5:24 ` J. R. Okajima
2016-06-19 16:55 ` Al Viro
2016-06-20 4:34 ` J. R. Okajima
2016-06-20 5:35 ` Al Viro
2016-06-20 14:51 ` Al Viro
2016-06-20 17:14 ` [git pull] vfs fixes Al Viro
2016-06-08 2:12 Al Viro
2016-05-28 0:10 Al Viro
2016-02-28 1:09 Al Viro
2014-09-14 19:47 Al Viro
2014-09-26 20:38 ` Joachim Eastwood
2014-09-26 20:46 ` Joachim Eastwood
2014-09-26 20:58 ` Al Viro
2014-09-26 21:28 ` Joachim Eastwood
2014-09-26 21:52 ` Joachim Eastwood
2014-03-24 22:58 Imre Deak
2014-03-25 7:21 ` Sedat Dilek
2014-03-23 7:16 Al Viro
2014-03-23 10:57 ` Sedat Dilek
2014-03-23 15:35 ` Al Viro
2014-03-23 16:56 ` Al Viro
2014-03-23 16:36 ` Linus Torvalds
2014-03-23 16:45 ` Al Viro
2014-03-23 17:01 ` Linus Torvalds
2014-03-24 8:52 ` Sedat Dilek
2014-03-25 0:46 ` Linus Torvalds
2014-03-26 16:36 ` Sedat Dilek
2014-03-26 20:55 ` Linus Torvalds
2014-03-27 6:14 ` Sedat Dilek
2014-03-30 20:33 ` Al Viro
2014-03-30 20:55 ` Al Viro
2014-03-30 22:39 ` Linus Torvalds
2014-03-30 23:21 ` Al Viro
2013-06-22 7:16 Al Viro
2013-03-27 0:36 Al Viro
2012-03-10 21:30 Al Viro
2012-03-10 21:49 ` Linus Torvalds
2012-03-10 22:14 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whBXdLJ=QDpYmDEH-Tn71dXasGJSX4Jz4qMo8V4-7vYkg@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).