From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1001D3A9D95 for ; Thu, 5 Feb 2026 11:42:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770291771; cv=none; b=nAwrgTgagXbstca4n47mepzxC7pU25EVA2GpkoiyO4IryX5XQ94NAR6C3RbLVWRSIfLZ0eAdg436Djl9eVx0JbT6IQbdlyanFYWdZebD1cAn9KyrjAqSU1ya3uuzgos8tK0Ip0c0rAg6Xj7AIHuk02skypTsI8TwwHl73nhQC0U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770291771; c=relaxed/simple; bh=Bt+fYzKw8AlmPnNaqzpY8FozNkNgG19Kj3CbOJxPGns=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AGRE+b8JycCiuEvjeHQffxDnOF2DVwmqRI8bIonwdRLIkPM++ju34Rt1DU8knxgWcrNoDKZbBR+P+X88QdE9vxubIW1Mx4UgIgfGom9M+cMkcd7IzIPibNwkhA7uWsoSrZG5OfMUILNp9I/QgWx6k/l36vTu43tJylfiNx5FsAI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=weY/gQ12; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="weY/gQ12" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4831192e66aso8284665e9.2 for ; Thu, 05 Feb 2026 03:42:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1770291769; x=1770896569; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=c9zFwpzMf0m7VjNRoMa+VYvPnrR6qveuvQACHy4StpI=; b=weY/gQ12fRnpI2UF09WK12cMwD65jwI3areoDjG8gF96hZ9AZXdjSXkNdbu3Kk3xJL OyOrGuLqA1u3SWSnSvq3tW/ry/tz/91ji87pFAHfjmMAqaBWe6KnxUrFS7fKfJ257elZ qYjEr6oM1g35GeqPpHAW29KW/DIEcZfCFjxgAyXQNfzlGrZjW2VU84ntDC7924AH7g8s zP/55XwpoDbZ5ddgXaPqnkFhHlvb0p61apNy0Ob52xhdKaqByrrP0omF0uiNOZwjlCgw Tt7B/tkIO/m7KiYx+RtAMdvA6OOsgpTWa6rRMNRV6M3k28b58zlYiZzSSQiweLhdwzvH Rmkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770291769; x=1770896569; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c9zFwpzMf0m7VjNRoMa+VYvPnrR6qveuvQACHy4StpI=; b=pW12N6XB8yalYI5CkYxWwwlmO/lb702gec4KFBSJ65FfgLwUKykcZxLcca9/eJTzI0 qAN4DtGsaSbbzUDVfs/j75C00RQ45/LUQC7zza9FuZTV9sz2L7y7iqnBvb8be/4hI46z uNpt+xH/Ay1ppIVs4RVx4zWV1bmSo0cAV7hUk5Tpp/R915OIVj4xkz9UeA6FPpoCyRws tduQ9lX9rCiRSZDBLN9rEclOFEMQdLWvEHEQC10lDJQ2/5b9loP06AYQdGT6bJTGG4GX t/JYPDPyehC5WAWnMb5ToccTqVN7374mzepdD2/LkZXMGVIpUXZ5efbUIkRiFKE+alEy 0DBA== X-Forwarded-Encrypted: i=1; AJvYcCXvrCvxodj8CjyR5drgbYarshgbyxJx2nq4MZA1qmten5sKVGsjGsK8VbvmCNUlo0cUYKzW9k908CNElh5V@vger.kernel.org X-Gm-Message-State: AOJu0YxfvSMOHnGuw2PIw2Idy8J9+9v9IdrRkg0zhdIwCez7e2JquDdn bnbQjebYRQ/fprll1GLdL3u9NAYY3smGfsK9qDeZHTdIDEwyDegAC/8QNLZzYd41yVclO5cryQM xMGjlWC1DZxjDArl3Hg== X-Received: from wmbz6.prod.google.com ([2002:a05:600c:c086:b0:480:4a03:7b6c]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:530f:b0:47a:935f:618e with SMTP id 5b1f17b1804b1-4830e9552a2mr89288445e9.15.1770291769579; Thu, 05 Feb 2026 03:42:49 -0800 (PST) Date: Thu, 5 Feb 2026 11:42:46 +0000 In-Reply-To: <9d0d6edd-eab4-4f31-9691-78ed48e7ad5b@lucifer.local> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260205-binder-tristate-v1-0-dfc947c35d35@google.com> <20260205-binder-tristate-v1-1-dfc947c35d35@google.com> <9d0d6edd-eab4-4f31-9691-78ed48e7ad5b@lucifer.local> Message-ID: Subject: Re: [PATCH 1/5] export file_close_fd and task_work_add From: Alice Ryhl To: Lorenzo Stoakes Cc: Greg Kroah-Hartman , Carlos Llamas , Alexander Viro , Christian Brauner , Jan Kara , Paul Moore , James Morris , "Serge E. Hallyn" , Andrew Morton , Dave Chinner , Qi Zheng , Roman Gushchin , Muchun Song , David Hildenbrand , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Miguel Ojeda , Boqun Feng , Gary Guo , "=?utf-8?B?QmrDtnJu?= Roy Baron" , Benno Lossin , Andreas Hindborg , Trevor Gross , Danilo Krummrich , kernel-team@android.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org Content-Type: text/plain; charset="utf-8" On Thu, Feb 05, 2026 at 11:20:33AM +0000, Lorenzo Stoakes wrote: > On Thu, Feb 05, 2026 at 10:51:26AM +0000, Alice Ryhl wrote: > > This exports the functionality needed by Binder to close file > > descriptors. > > > > When you send a fd over Binder, what happens is this: > > > > 1. The sending process turns the fd into a struct file and stores it in > > the transaction object. > > 2. When the receiving process gets the message, the fd is installed as a > > fd into the current process. > > 3. When the receiving process is done handling the message, it tells > > Binder to clean up the transaction. As part of this, fds embedded in > > the transaction are closed. > > > > Note that it was not always implemented like this. Previously the > > sending process would install the fd directly into the receiving proc in > > step 1, but as discussed previously [1] this is not ideal and has since > > been changed so that fd install happens during receive. > > > > The functions being exported here are for closing the fd in step 3. They > > are required because closing a fd from an ioctl is in general not safe. > > This is to meet the requirements for using fdget(), which is used by the > > ioctl framework code before calling into the driver's implementation of > > the ioctl. Binder works around this with this sequence of operations: > > > > 1. file_close_fd() > > 2. get_file() > > 3. filp_close() > > 4. task_work_add(current, TWA_RESUME) > > 5. > > 6. fput() > > > > This ensures that when fput() is called in the task work, the fdget() > > that the ioctl framework code uses has already been fdput(), so if the > > fd being closed happens to be the same fd, then the fd is not closed > > in violation of the fdget() rules. > > I'm not really familiar with this mechanism but you're already talking about > this being a workaround so strikes me the correct thing to do is to find a way > to do this in the kernel sensibly rather than exporting internal implementation > details and doing it in binder. I did previously submit a patch that implemented this logic outside of Binder, but I was advised to move it into Binder. But I'm happy to submit a patch to extract this logic into some sort of close_fd_safe() method that can be called even if said fd is currently held using fdget(). > > Link: https://lore.kernel.org/all/20180730203633.GC12962@bombadil.infradead.org/ [1] > > Signed-off-by: Alice Ryhl > > --- > > fs/file.c | 1 + > > kernel/task_work.c | 1 + > > 2 files changed, 2 insertions(+) > > > > diff --git a/fs/file.c b/fs/file.c > > index 0a4f3bdb2dec6284a0c7b9687213137f2eecb250..0046d0034bf16270cdea7e30a86866ebea3a5a81 100644 > > --- a/fs/file.c > > +++ b/fs/file.c > > @@ -881,6 +881,7 @@ struct file *file_close_fd(unsigned int fd) > > > > return file; > > } > > +EXPORT_SYMBOL(file_close_fd); > > As a matter of policy we generally don't like to export without GPL like this > unless there's a _really_ good reason. > > Christian or Al may have a different viewpoint but generally this should be an > EXPORT_SYMBOL_GPL() and also - there has to be a _really_ good reason to export > it. Sorry I should just have done _GPL from the beginning. My mistake. Alice