From: Al Viro <viro@ZenIV.linux.org.uk>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] mnt: Fix a memory stomp in umount
Date: Thu, 18 Dec 2014 21:05:54 +0000 [thread overview]
Message-ID: <20141218210553.GQ22149@ZenIV.linux.org.uk> (raw)
In-Reply-To: <87h9wsiwwl.fsf@x220.int.ebiederm.org>
On Thu, Dec 18, 2014 at 01:24:26PM -0600, Eric W. Biederman wrote:
> Linus Torvalds <torvalds@linux-foundation.org> writes:
>
> > On Thu, Dec 18, 2014 at 9:07 AM, Linus Torvalds
> > <torvalds@linux-foundation.org> wrote:
> >> Why is this piece of code using its own made up and buggy list handling in
> >> the first place? We have list functions for these things, exactly so that
> >> people shouldn't write buggy stuff by hand.
> >
> > Oh. Ok, I see what's going on. We have "list_splice()", but we don't
> > have the equivalent "hlist_splice()". So it's doing that by hand, and
> > did it badly.
> >
> > Al, this is your bug. I guess I can take the "manual hlist_splice" fix
> > from Eric, but I'm not really happy with it. There's a few other
> > places in that same commit where the list splice operation has been
> > open-coded.
> >
> > Mind taking a look?
>
> It looks like we can pretty easily use mnt_list instead of mnt_hash,
> see below (note: the code is only compile tested).
>
> While converting this to ordinary list helpers I found something
> strange.
>
> In __propagate_umount we currently add the child to be unmounted in a
> different location in the list then we did before the conversion of
> mnt_hash to a hlist for rcu's accesses benefit.
>
> Now maybe propagate_next handles this (I still need to read and
> understand that code) if not it looks like I may have found another bug,
> as it looks like today we can add a node to our list without propogating
> the unmount from the node.
Er... Why would we want to reprocess it? The loop goes through all nodes
getting events from ours; everything that gets events from _them_ included
at the same time they are.
next prev parent reply other threads:[~2014-12-18 21:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-18 16:57 [PATCH] mnt: Fix a memory stomp in umount Eric W. Biederman
[not found] ` <CA+55aFz6grtss0SXqOizXMOOF4sxT3FC4GC4NCiMF2Huy1vE4A@mail.gmail.com>
2014-12-18 18:41 ` Linus Torvalds
2014-12-18 19:24 ` Eric W. Biederman
2014-12-18 19:34 ` Linus Torvalds
2014-12-18 21:05 ` Al Viro [this message]
2014-12-18 21:18 ` Eric W. Biederman
2014-12-19 0:02 ` Al Viro
2014-12-19 0:03 ` Al Viro
2015-01-02 21:06 ` Eric W. Biederman
2015-01-02 21:13 ` Al Viro
2015-01-02 21:56 ` Eric W. Biederman
2014-12-18 20:01 ` Al Viro
2014-12-18 20:15 ` Al Viro
2014-12-18 20:40 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141218210553.GQ22149@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.