From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: linux-kselftest@vger.kernel.org, rppt@kernel.org,
shuah@kernel.org, akpm@linux-foundation.org, linux-mm@kvack.org,
skhan@linuxfoundation.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, corbet@lwn.net,
pasha.tatashin@soleen.com, dmatlack@google.com,
kexec@lists.infradead.org, pratyush@kernel.org,
skhawaja@google.com, graf@amazon.com
Subject: Re: [PATCH v4 02/13] liveupdate: avoid mixing cleanup guards with goto in luo_session_retrieve_fd
Date: Sun, 31 May 2026 12:52:39 +0000 [thread overview]
Message-ID: <ahwuA1tYmM0LZt0d@plex> (raw)
In-Reply-To: <20260530221938.115978-3-pasha.tatashin@soleen.com>
On 05-30 22:19, Pasha Tatashin wrote:
> Refactoring luo_session_retrieve_fd() to avoid mixing automated
> cleanup-style guards with goto-based resource release, which is not
> recommended under the Linux kernel coding style.
>
> Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> ---
> kernel/liveupdate/luo_session.c | 25 ++++++++++++-------------
> 1 file changed, 12 insertions(+), 13 deletions(-)
>
> diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_session.c
> index 146414933977..8d9201c25412 100644
> --- a/kernel/liveupdate/luo_session.c
> +++ b/kernel/liveupdate/luo_session.c
> @@ -291,25 +291,24 @@ static int luo_session_retrieve_fd(struct luo_session *session,
> if (argp->fd < 0)
> return argp->fd;
>
> - guard(mutex)(&session->mutex);
> - err = luo_retrieve_file(&session->file_set, argp->token, &file);
> - if (err < 0)
> - goto err_put_fd;
> + scoped_guard(mutex, &session->mutex) {
> + err = luo_retrieve_file(&session->file_set, argp->token, &file);
> + if (err < 0) {
> + put_unused_fd(argp->fd);
> + return err;
> + }
> + }
>
> err = luo_ucmd_respond(ucmd, sizeof(*argp));
> - if (err)
> - goto err_put_file;
> + if (err) {
> + fput(file);
> + put_unused_fd(argp->fd);
> + return err;
> + }
>
> fd_install(argp->fd, file);
From Sashiko:
This is a pre-existing issue, but could this error path allow userspace
to hijack a recycled file descriptor?
...
Answer: No.
get_unused_fd_flags allocates an unused file descriptor (FD) that
initially points to NULL. It is not associated with any "struct file";
this association occurs only during fd_install(), which is the final
function called before returning to userspace.
>
> return 0;
> -
> -err_put_file:
> - fput(file);
> -err_put_fd:
> - put_unused_fd(argp->fd);
> -
> - return err;
> }
>
> static int luo_session_finish(struct luo_session *session,
> --
> 2.53.0
>
next prev parent reply other threads:[~2026-05-31 12:52 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-30 22:19 [PATCH v4 00/13] liveupdate: Remove limits on sessions and files Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 01/13] liveupdate: change file_set->count type to u64 for type safety Pasha Tatashin
2026-05-31 13:35 ` Pasha Tatashin
2026-06-01 12:08 ` Pratyush Yadav
2026-06-02 8:13 ` Mike Rapoport
2026-05-30 22:19 ` [PATCH v4 02/13] liveupdate: avoid mixing cleanup guards with goto in luo_session_retrieve_fd Pasha Tatashin
2026-05-31 12:52 ` Pasha Tatashin [this message]
2026-06-01 12:15 ` Pratyush Yadav
2026-06-02 8:13 ` Mike Rapoport
2026-06-03 3:10 ` Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 03/13] liveupdate: centralize state management into struct luo_ser Pasha Tatashin
2026-06-01 12:19 ` Pratyush Yadav
2026-06-02 8:13 ` Mike Rapoport
2026-06-03 2:57 ` Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 04/13] liveupdate: register luo_ser as KHO subtree Pasha Tatashin
2026-05-31 13:44 ` Pasha Tatashin
2026-06-01 12:39 ` Pratyush Yadav
2026-06-01 13:50 ` Pasha Tatashin
2026-06-01 14:27 ` Pratyush Yadav
2026-05-30 22:19 ` [PATCH v4 05/13] liveupdate: Extract luo_file_deserialize_one helper Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 06/13] liveupdate: Extract luo_session_deserialize_one helper Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 07/13] kho: add support for linked-block serialization Pasha Tatashin
2026-06-01 13:38 ` Pratyush Yadav
2026-06-01 14:37 ` Pasha Tatashin
2026-06-02 16:43 ` Pratyush Yadav
2026-06-03 2:44 ` Pasha Tatashin
2026-06-02 8:13 ` Mike Rapoport
2026-06-02 9:04 ` Mike Rapoport
2026-06-03 2:21 ` Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 08/13] liveupdate: defer session block allocation and PA setting Pasha Tatashin
2026-06-01 13:47 ` Pratyush Yadav
2026-06-02 8:13 ` Mike Rapoport
2026-06-03 2:50 ` Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 09/13] liveupdate: Remove limit on the number of sessions Pasha Tatashin
2026-06-01 14:03 ` Pratyush Yadav
2026-06-01 14:44 ` Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 10/13] liveupdate: Remove limit on the number of files per session Pasha Tatashin
2026-06-01 14:16 ` Pratyush Yadav
2026-06-01 14:40 ` Pasha Tatashin
2026-05-30 22:19 ` [PATCH v4 11/13] selftests/liveupdate: Test session and file limit removal Pasha Tatashin
2026-06-01 14:17 ` Pratyush Yadav
2026-05-30 22:19 ` [PATCH v4 12/13] selftests/liveupdate: Add stress-sessions kexec test Pasha Tatashin
2026-06-01 14:19 ` Pratyush Yadav
2026-05-30 22:19 ` [PATCH v4 13/13] selftests/liveupdate: Add stress-files " Pasha Tatashin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ahwuA1tYmM0LZt0d@plex \
--to=pasha.tatashin@soleen.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=dmatlack@google.com \
--cc=graf@amazon.com \
--cc=kexec@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=skhawaja@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.