From: Jeff Layton <jlayton@kernel.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Van Hensbergen <ericvh@gmail.com>,
Latchesar Ionkov <lucho@ionkov.net>,
Dominique Martinet <asmadeus@codewreck.org>,
Christian Schoenebeck <linux_oss@crudebyte.com>,
David Howells <dhowells@redhat.com>,
Marc Dionne <marc.dionne@auristor.com>,
Xiubo Li <xiubli@redhat.com>, Ilya Dryomov <idryomov@gmail.com>,
Steve French <sfrench@samba.org>, Paulo Alcantara <pc@cjr.nz>,
Ronnie Sahlberg <lsahlber@redhat.com>,
Shyam Prasad N <sprasad@microsoft.com>,
Tom Talpey <tom@talpey.com>,
Christine Caulfield <ccaulfie@redhat.com>,
David Teigland <teigland@redhat.com>,
Chuck Lever <chuck.lever@oracle.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Bob Peterson <rpeterso@redhat.com>,
Andreas Gruenbacher <agruenba@redhat.com>,
Namjae Jeon <linkinjeon@kernel.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna@kernel.org>, Mark Fasheh <mark@fasheh.com>,
Joel Becker <jlbec@evilplan.org>,
Joseph Qi <joseph.qi@linux.alibaba.com>,
Mike Marshall <hubcap@omnibond.com>,
Martin Brandenburg <martin@omnibond.com>,
"Darrick J. Wong" <djwong@kernel.org>,
hch@lst.de, linux-kernel@vger.kernel.org,
v9fs-developer@lists.sourceforge.net,
linux-afs@lists.infradead.org, linux-fsdevel@vger.kernel.org,
ceph-devel@vger.kernel.org, linux-cifs@vger.kernel.org,
samba-technical@lists.samba.org, cluster-devel@redhat.com,
linux-nfs@vger.kernel.org, ocfs2-devel@oss.oracle.com,
devel@lists.orangefs.org, linux-xfs@vger.kernel.org
Subject: Re: [PATCH] filelock: move file locking definitions to separate header file
Date: Mon, 28 Nov 2022 05:53:54 -0500 [thread overview]
Message-ID: <6a093484bb977355db40c70ffa51386f3d4ed57b.camel@kernel.org> (raw)
In-Reply-To: <Y4Dw65Nzt4bX9esd@ZenIV>
On Fri, 2022-11-25 at 16:44 +0000, Al Viro wrote:
> On Fri, Nov 25, 2022 at 08:23:45AM -0500, Jeff Layton wrote:
>
> > I left it in fs.h for now. Some of the file_operations prototypes need
> > that typedef, and I figure that anyone who is including filelock.h will
> > almost certainly need to include fs.h anyway. We could move it into a
> > separate header too, but it's probably not worth it.
> >
> > HCH mentioned years ago though that we should just get rid of fl_owner_t
> > altogether and just use 'void *'. I didn't do it at the time because I
> > was focused on other changes, but this might be a good time to change
> > it.
>
> Might be...
>
> > > > +extern void show_fd_locks(struct seq_file *f,
> > > > + struct file *filp, struct files_struct *files);
> > >
> > > If anything, that would be better off as fl_owner_t... Again, a separate
> > > patch.
> >
> > I'm not sure what you mean here. This prototype hasn't changed, and is
> > only called from procfs.
>
> Take a look at that function and its caller. The use of 'files' argument there
> is (and can be) only as an opaque pointer to be compared to ->fl_owner; at that
> point it might be pointing to freed memory, for all we know (and give false
> positives if already reused).
Ok. What we want this function to do is show any traditional POSIX or
OFD locks that were set on a particular file. The logic in
__show_fd_locks looks right, but you're correct that we don't want
anyone dereferencing those pointers in that codepath.
Note too that this info is not wholly reliable. POSIX locks can merge
with other locks that were set within the same process (same
files_struct) but on different fds.
I think we want to get rid of fl_owner_t anyway. Maybe we should replace
it with an unsigned long instead of void * to discourage anyone from
trying to dereference those pointers?
> TBH, I'd never been able to finish the audit of files_struct pointers passed
> into locks subsystem; there definitely are moments when code from fs/locks.c
> is dealing with pointers to already freed instances - show_fd_locks() at the
> very least. They are not dereferenced, but beyond that...
Yeah. In general, we try to ensure that locks are torn down before the
file with which it is associated, but with some of the delayed freeing,
they can outlive the file at times. For example:
https://tracker.ceph.com/issues/57986
--
Jeff Layton <jlayton@kernel.org>
prev parent reply other threads:[~2022-11-28 10:54 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-20 20:59 [PATCH] filelock: move file locking definitions to separate header file Jeff Layton
2022-11-21 1:26 ` Xiubo Li
2022-11-22 3:44 ` Matthew Wilcox
2022-11-21 7:59 ` Christoph Hellwig
2022-11-21 9:19 ` Christian Brauner
2022-11-21 14:40 ` Chuck Lever III
2022-11-21 15:31 ` David Howells
2022-11-21 16:21 ` Steve French
2022-11-21 16:53 ` Darrick J. Wong
2022-11-21 17:16 ` Jeff Layton
2022-11-21 17:27 ` Darrick J. Wong
2022-11-21 19:06 ` Jeff Layton
2022-11-22 1:51 ` Joseph Qi
2022-11-22 12:20 ` Jeff Layton
2022-11-22 13:54 ` Joseph Qi
2022-11-22 3:51 ` Matthew Wilcox
2022-11-22 6:06 ` Christoph Hellwig
2022-11-22 11:13 ` Jeff Layton
2022-11-25 3:34 ` Al Viro
2022-11-25 3:48 ` Al Viro
2022-11-25 13:23 ` Jeff Layton
2022-11-25 16:44 ` Al Viro
2022-11-28 10:53 ` Jeff Layton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a093484bb977355db40c70ffa51386f3d4ed57b.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=agruenba@redhat.com \
--cc=anna@kernel.org \
--cc=asmadeus@codewreck.org \
--cc=ccaulfie@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=chuck.lever@oracle.com \
--cc=cluster-devel@redhat.com \
--cc=devel@lists.orangefs.org \
--cc=dhowells@redhat.com \
--cc=djwong@kernel.org \
--cc=ericvh@gmail.com \
--cc=hch@lst.de \
--cc=hubcap@omnibond.com \
--cc=idryomov@gmail.com \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=linkinjeon@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux_oss@crudebyte.com \
--cc=lsahlber@redhat.com \
--cc=lucho@ionkov.net \
--cc=marc.dionne@auristor.com \
--cc=mark@fasheh.com \
--cc=martin@omnibond.com \
--cc=miklos@szeredi.hu \
--cc=ocfs2-devel@oss.oracle.com \
--cc=pc@cjr.nz \
--cc=rpeterso@redhat.com \
--cc=samba-technical@lists.samba.org \
--cc=senozhatsky@chromium.org \
--cc=sfrench@samba.org \
--cc=sprasad@microsoft.com \
--cc=teigland@redhat.com \
--cc=tom@talpey.com \
--cc=trond.myklebust@hammerspace.com \
--cc=v9fs-developer@lists.sourceforge.net \
--cc=viro@zeniv.linux.org.uk \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).