From: Jason Gunthorpe <jgg@nvidia.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: iommu@lists.linux.dev, Joerg Roedel <joro@8bytes.org>,
Kevin Tian <kevin.tian@intel.com>,
linux-kselftest@vger.kernel.org,
Robin Murphy <robin.murphy@arm.com>,
Shuah Khan <shuah@kernel.org>, Will Deacon <will@kernel.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
patches@lists.linux.dev,
syzbot+80620e2d0d0a33b09f93@syzkaller.appspotmail.com
Subject: Re: [PATCH 1/3] iommufd: Fix race during abort for file descriptors
Date: Thu, 18 Sep 2025 11:43:35 -0300 [thread overview]
Message-ID: <20250918144335.GM1391379@nvidia.com> (raw)
In-Reply-To: <aMuTmuBKd9aU7ngO@Asurada-Nvidia>
On Wed, Sep 17, 2025 at 10:07:38PM -0700, Nicolin Chen wrote:
> On Wed, Sep 17, 2025 at 05:01:47PM -0300, Jason Gunthorpe wrote:
> > Fix this by putting the core code in charge of the file lifetime, and call
> > __fput_sync() during abort to ensure that release() is called before
> > kfree. __fput_sync() is a bit too tricky to open code in all the object
> > implementations
>
> Mind elaborating this "too tricky"? I thought that we're supposed
> to use __fput_sync(), instead of fput(), in the alloc function in
> the first place?
I don't think anything should be widely using __fput_sync(), that's
really weird and special. Our strange refcounting cycle is what
motivates this.
Drivers should be using normal fput().
> > + /*
> > + * files should hold a users refcount while the file is open and
> > + * put it back in their release. They should hold a pointer to
> > + * obj in their private data. Normal fput() is deferred to a
>
> Nit: there is only one file_offset per obj, so it should be "file"
> and "it/its"?
Ok
Thanks,
Jason
next prev parent reply other threads:[~2025-09-18 14:43 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-17 20:01 [PATCH 0/3] Fix a race with fput during eventq abort Jason Gunthorpe
2025-09-17 20:01 ` [PATCH 1/3] iommufd: Fix race during abort for file descriptors Jason Gunthorpe
2025-09-18 5:07 ` Nicolin Chen
2025-09-18 14:43 ` Jason Gunthorpe [this message]
2025-09-18 12:37 ` Nirmoy Das
2025-09-19 8:16 ` Tian, Kevin
2025-09-17 20:01 ` [PATCH 2/3] iommufd: WARN if an object is aborted with an elevated refcount Jason Gunthorpe
2025-09-18 6:10 ` Nicolin Chen
2025-09-18 14:47 ` Jason Gunthorpe
2025-09-18 20:49 ` Nicolin Chen
2025-09-18 20:50 ` Nicolin Chen
2025-09-19 8:16 ` Tian, Kevin
2025-09-17 20:01 ` [PATCH 3/3] iommufd/selftest: Update the fail_nth limit Jason Gunthorpe
2025-09-18 5:28 ` Nicolin Chen
2025-09-19 8:17 ` Tian, Kevin
2025-09-18 20:52 ` [PATCH 0/3] Fix a race with fput during eventq abort Nicolin Chen
2025-09-19 13:43 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250918144335.GM1391379@nvidia.com \
--to=jgg@nvidia.com \
--cc=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kselftest@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=syzbot+80620e2d0d0a33b09f93@syzkaller.appspotmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.