From: Al Viro <viro@zeniv.linux.org.uk>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-fsdevel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [RFC] more close_range() fun
Date: Fri, 16 Aug 2024 12:49:35 +0100 [thread overview]
Message-ID: <20240816114935.GA519295@ZenIV> (raw)
In-Reply-To: <20240816111512.GA504335@ZenIV>
On Fri, Aug 16, 2024 at 12:15:12PM +0100, Al Viro wrote:
> On Fri, Aug 16, 2024 at 10:25:52AM +0200, Christian Brauner wrote:
>
> > I don't think so. It is clear that the file descriptor table is unshared
> > and that fds are closed afterwards and that this can race with file
> > descriptors being inserted into the currently shared fdtable. Imho,
> > there's nothing to fix here.
> >
> > I also question whether any userspace out there has any such ordering
> > expectations between the two dup2()s and the close_range() call and
> > specifically whether we should even bother giving any such guarantees.
>
> Huh?
>
> It's not those dup2() vs unsharing; it's relative order of those dup2().
>
> Hell, make that
>
> dup2(0, 1023);
> dup2(1023, 10);
>
> Do you agree that asynchronous code observing 10 already open, but 1023
> still not open would be unexpected?
FWIW, for descriptor table unsharing we do (except for that odd case) have
the following:
* the effect of operations not ordered wrt unshare (i.e. done
by another thread with no userland serialization) may or may not be
visible in the unshared copy; however, if two operations are ordered
wrt to each other, we won't see the effect of the later one without the
effect of the earlier.
Here neither of those dup2() is ordered wrt unsharing close_range();
we might see the effect of both or none or only the first one, but
seeing the effect of the second _without_ the effect of the first is
very odd, especially since the effect of the second does depend upon
just the state change we do *NOT* see.
Actual closing done by unsharing close_range() is not an issue - none
of the affected descriptors are getting closed. It's the unshare
part that is deeply odd here. And yes, unshare(2) (or clone(2) without
CLONE_FILES) would have the ordering warranties I'm talking about.
next prev parent reply other threads:[~2024-08-16 11:49 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-16 3:03 [RFC] more close_range() fun Al Viro
2024-08-16 3:07 ` Al Viro
2024-08-16 8:25 ` Christian Brauner
2024-08-16 11:15 ` Al Viro
2024-08-16 11:49 ` Al Viro [this message]
2024-08-16 16:26 ` Linus Torvalds
2024-08-16 17:19 ` Al Viro
2024-08-16 17:22 ` Al Viro
2024-08-16 17:55 ` Linus Torvalds
2024-08-16 17:58 ` Linus Torvalds
2024-08-16 18:15 ` Al Viro
2024-08-16 18:26 ` Linus Torvalds
2024-08-16 20:26 ` Al Viro
2024-08-16 23:35 ` Al Viro
2024-08-22 0:00 ` Al Viro
2024-10-04 4:52 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240816114935.GA519295@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).