From: Al Viro <viro@zeniv.linux.org.uk>
To: Yu Kuai <yukuai1@huaweicloud.com>
Cc: Christoph Hellwig <hch@lst.de>,
jack@suse.cz, brauner@kernel.org, axboe@kernel.dk,
linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
yi.zhang@huawei.com, yangerkun@huawei.com,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [RFC v4 linux-next 19/19] fs & block: remove bdev->bd_inode
Date: Fri, 22 Mar 2024 06:33:46 +0000 [thread overview]
Message-ID: <20240322063346.GB3404528@ZenIV> (raw)
In-Reply-To: <c62dac0e-666f-9cc9-cffe-f3d985029d6a@huaweicloud.com>
On Tue, Mar 19, 2024 at 04:26:19PM +0800, Yu Kuai wrote:
> +void put_bdev_file(struct block_device *bdev)
> +{
> + struct file *file = NULL;
> + struct inode *bd_inode = bdev_inode(bdev);
> +
> + mutex_lock(&bdev->bd_disk->open_mutex);
> + file = bd_inode->i_private;
> +
> + if (!atomic_read(&bdev->bd_openers))
> + bd_inode->i_private = NULL;
> +
> + mutex_unlock(&bdev->bd_disk->open_mutex);
> +
> + fput(file);
> +}
Locking is completely wrong here. The only thing that protects
->bd_openers is ->open_mutex. atomic_read() is obviously a red
herring.
Suppose another thread has already opened the same sucker
with bdev_file_open_by_dev().
Now you are doing the same thing, just as the other guy is
getting to bdev_release() call.
The thing is, between your get_bdev_file() and increment of ->bd_openers
(in bdev_open()) there's a window when bdev_release() of the old file
could've gotten all the way through the decrement of ->bd_openers
(to 0, since our increment has not happened yet) and through the
call of put_bdev_file(), which ends up clearing ->i_private.
End result:
* old ->i_private leaked (already grabbed by your get_bdev_file())
* ->bd_openers at 1 (after your bdev_open() gets through)
* ->i_private left NULL.
Christoph, could we please get rid of that atomic_t nonsense?
It only confuses people into brainos like that. It really
needs ->open_mutex for any kind of atomicity.
next prev parent reply other threads:[~2024-03-22 6:33 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-22 12:45 [RFC v4 linux-next 00/19] fs & block: remove bdev->bd_inode Yu Kuai
2024-02-22 12:45 ` [RFC v4 linux-next 01/19] block: move two helpers into bdev.c Yu Kuai
2024-03-15 14:31 ` Jan Kara
2024-03-17 21:19 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 02/19] block: remove sync_blockdev_nowait() Yu Kuai
2024-03-15 14:34 ` Jan Kara
2024-03-17 21:19 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 03/19] block: remove sync_blockdev_range() Yu Kuai
2024-03-15 14:37 ` Jan Kara
2024-03-17 21:21 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 04/19] block: prevent direct access of bd_inode Yu Kuai
2024-03-15 14:44 ` Jan Kara
2024-03-17 21:23 ` Christoph Hellwig
2024-03-22 5:44 ` Al Viro
2024-02-22 12:45 ` [RFC v4 linux-next 05/19] bcachefs: remove dead function bdev_sectors() Yu Kuai
2024-03-15 14:42 ` Jan Kara
2024-03-17 21:23 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 06/19] cramfs: prevent direct access of bd_inode Yu Kuai
2024-03-15 14:44 ` Jan Kara
2024-03-17 21:23 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 07/19] erofs: " Yu Kuai
2024-03-15 14:45 ` Jan Kara
2024-03-17 21:24 ` Christoph Hellwig
2024-03-18 2:39 ` Gao Xiang
2024-02-22 12:45 ` [RFC v4 linux-next 08/19] nilfs2: " Yu Kuai
2024-03-15 14:49 ` Jan Kara
2024-03-17 21:24 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 09/19] gfs2: " Yu Kuai
2024-03-15 14:54 ` Jan Kara
2024-03-17 21:24 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 10/19] s390/dasd: use bdev api in dasd_format() Yu Kuai
2024-03-15 14:55 ` Jan Kara
2024-03-17 21:25 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 11/19] btrfs: prevent direct access of bd_inode Yu Kuai
2024-03-15 15:09 ` Jan Kara
2024-03-17 21:25 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 12/19] ext4: remove block_device_ejected() Yu Kuai
2024-02-22 12:45 ` [RFC v4 linux-next 13/19] ext4: prevent direct access of bd_inode Yu Kuai
2024-03-15 14:58 ` Jan Kara
2024-03-17 21:25 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 14/19] jbd2: " Yu Kuai
2024-03-15 15:06 ` Jan Kara
2024-03-17 21:26 ` Christoph Hellwig
2024-03-18 1:10 ` Yu Kuai
2024-02-22 12:45 ` [RFC v4 linux-next 15/19] bcache: " Yu Kuai
2024-03-15 15:11 ` Jan Kara
2024-03-17 21:34 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 16/19] block2mtd: " Yu Kuai
2024-03-15 15:12 ` Jan Kara
2024-03-17 21:36 ` Christoph Hellwig
2024-02-22 12:45 ` [RFC v4 linux-next 17/19] dm-vdo: " Yu Kuai
2024-02-28 13:41 ` Christoph Hellwig
2024-03-18 9:11 ` Jan Kara
2024-03-18 9:19 ` Jan Kara
2024-03-18 13:38 ` Yu Kuai
2024-03-19 2:00 ` Matthew Sakai
2024-02-22 12:45 ` [RFC v4 linux-next 18/19] scsi: factor out a helper bdev_read_folio() from scsi_bios_ptable() Yu Kuai
2024-03-17 21:36 ` Christoph Hellwig
2024-03-18 1:12 ` Yu Kuai
2024-03-18 9:22 ` Jan Kara
2024-02-22 12:45 ` [RFC v4 linux-next 19/19] fs & block: remove bdev->bd_inode Yu Kuai
2024-03-17 21:38 ` Christoph Hellwig
2024-03-18 1:26 ` Yu Kuai
2024-03-18 1:32 ` Christoph Hellwig
2024-03-18 1:51 ` Yu Kuai
2024-03-18 7:19 ` Yu Kuai
2024-03-18 10:07 ` Christian Brauner
2024-03-18 10:29 ` Christian Brauner
2024-03-18 10:46 ` Christian Brauner
2024-03-18 11:57 ` Yu Kuai
2024-03-18 23:35 ` Christoph Hellwig
2024-03-18 23:22 ` Christoph Hellwig
2024-03-19 8:26 ` Yu Kuai
2024-03-21 11:27 ` Jan Kara
2024-03-21 12:15 ` Yu Kuai
2024-03-22 6:37 ` Al Viro
2024-03-22 6:39 ` Al Viro
2024-03-22 6:52 ` Yu Kuai
2024-03-22 12:57 ` Jan Kara
2024-03-22 13:57 ` Christian Brauner
2024-03-22 15:43 ` Al Viro
2024-03-22 16:16 ` Al Viro
2024-03-22 6:33 ` Al Viro [this message]
2024-03-22 7:09 ` Yu Kuai
2024-03-22 16:01 ` Al Viro
2024-03-22 13:10 ` Jan Kara
2024-03-22 14:57 ` Al Viro
2024-03-25 1:06 ` Christoph Hellwig
2024-02-28 13:42 ` [RFC v4 linux-next 00/19] " Christoph Hellwig
2024-03-15 12:08 ` Yu Kuai
2024-03-15 13:54 ` Christian Brauner
2024-03-16 2:49 ` Yu Kuai
2024-03-18 9:39 ` Christian Brauner
2024-03-19 1:18 ` Yu Kuai
2024-03-19 1:43 ` Yu Kuai
2024-03-19 2:13 ` Matthew Sakai
2024-03-19 2:27 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240322063346.GB3404528@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).