Re: [3.10] Oopses in kmem_cache_allocate() via prepare_creds()

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Linus Torvalds <torvalds@linux-foundation.org>
To: Simon Kirby <sim@hostway.ca>
Cc: Ian Applegate <ia@cloudflare.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Christoph Lameter <cl@gentwo.org>,
	Pekka Enberg <penberg@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Chris Mason <chris.mason@fusionio.com>
Subject: Re: [3.10] Oopses in kmem_cache_allocate() via prepare_creds()
Date: Tue, 26 Nov 2013 15:44:26 -0800	[thread overview]
Message-ID: <CA+55aFx8U4R9+wefpStwgXjTY+LoP0LJUa3eVCV2PK6MJWKBUw@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFxmVteJApiC5e=d9NmYO6PSbNertq5ipLpunmVreCTYUQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1397 bytes --]

On Tue, Nov 26, 2013 at 3:16 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> I'm really not very happy with the whole pipe locking logic (or the
> refcounting we do, separately from the "struct inode"), and in that
> sense I'm perfectly willing to blame that code for doing bad things.
> But the fact that it all goes away with debugging makes me very very
> unhappy.

Al, I really hate the "pipe_lock()" function that tests for
"pipe->files" being non-zero. I don't think there are any valid cases
where pipe->file ever *could* be zero, and if there are, they are
fundamentally racy.

Is there really any reason for that test? It used to test for
"pipe->inode" and that kind of made sense as the pipe didn't even have
a lock (it re-used the inode one). But these days that test makes zero
sense, except as a "don't even bother locking if this is some fake
internal pipe", but is that even valid?

Also, why does "pipe_release()" still use i_pipe. I'd much rather it
used "file->private_data" like everything else (and then it
unconditionally clear it). We are, after all, talking about releasing
the *file*, and we shouldn't be mixing up that inode in there.

IOW, what is wrong with the attached patch? Then we could/should

 - make the free_pipe_info() happen from the drop_inode()

 - delete pipe->files counter entirely because it has no valid use

Hmm?

                 Linus

[-- Attachment #2: patch.diff --]
[-- Type: text/plain, Size: 1113 bytes --]

 fs/pipe.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/fs/pipe.c b/fs/pipe.c
index d2c45e14e6d8..719214ed5e5e 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -56,8 +56,8 @@ unsigned int pipe_min_size = PAGE_SIZE;
 
 static void pipe_lock_nested(struct pipe_inode_info *pipe, int subclass)
 {
-	if (pipe->files)
-		mutex_lock_nested(&pipe->mutex, subclass);
+	WARN_ON_ONCE(!pipe->files);
+	mutex_lock_nested(&pipe->mutex, subclass);
 }
 
 void pipe_lock(struct pipe_inode_info *pipe)
@@ -71,8 +71,8 @@ EXPORT_SYMBOL(pipe_lock);
 
 void pipe_unlock(struct pipe_inode_info *pipe)
 {
-	if (pipe->files)
-		mutex_unlock(&pipe->mutex);
+	WARN_ON_ONCE(!pipe->files);
+	mutex_unlock(&pipe->mutex);
 }
 EXPORT_SYMBOL(pipe_unlock);
 
@@ -729,9 +729,10 @@ pipe_poll(struct file *filp, poll_table *wait)
 static int
 pipe_release(struct inode *inode, struct file *file)
 {
-	struct pipe_inode_info *pipe = inode->i_pipe;
+	struct pipe_inode_info *pipe = file->private_data;
 	int kill = 0;
 
+	file->private_data = NULL;
 	__pipe_lock(pipe);
 	if (file->f_mode & FMODE_READ)
 		pipe->readers--;

next prev parent reply	other threads:[~2013-11-26 23:44 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-06  0:09 [3.10] Oopses in kmem_cache_allocate() via prepare_creds() Simon Kirby
2013-07-06  8:27 ` Pekka Enberg
2013-08-19 20:17   ` Simon Kirby
2013-08-19 20:29     ` Christoph Lameter
2013-08-19 21:16       ` Linus Torvalds
2013-08-19 21:24         ` Chris Mason
2013-08-19 23:31           ` Simon Kirby
2013-09-03 20:43             ` Simon Kirby
2013-08-20  4:06         ` Al Viro
2013-08-20  7:17           ` Ian Applegate
2013-08-20  7:21             ` Al Viro
2013-08-20  7:51               ` Ian Applegate
2013-11-26  0:44                 ` Simon Kirby
2013-11-26 23:16                   ` Linus Torvalds
2013-11-26 23:44                     ` Linus Torvalds [this message]
2013-11-30  9:43                     ` Simon Kirby
2013-11-30 17:25                       ` Linus Torvalds
2013-11-30 21:04                         ` Simon Kirby
2013-11-30 21:08                       ` Linus Torvalds

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d2c45e14e6d dfblob:719214ed5e5 )
 OR (
bs:"Re: [3.10] Oopses in kmem_cache_allocate() via prepare_creds()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+55aFx8U4R9+wefpStwgXjTY+LoP0LJUa3eVCV2PK6MJWKBUw@mail.gmail.com \
    --to=torvalds@linux-foundation.org \
    --cc=chris.mason@fusionio.com \
    --cc=cl@gentwo.org \
    --cc=ia@cloudflare.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=penberg@kernel.org \
    --cc=sim@hostway.ca \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).