From patchwork Mon Oct 31 17:52:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 13375 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2456293wru; Mon, 31 Oct 2022 10:56:33 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4iR9bvpm7FBCtXfBMJRK3jX+MO3pnQxt5VKEJBaF1KhJ7SabVGYhB+5EjgsmACYv9yJ7ig X-Received: by 2002:a17:906:844b:b0:7a9:f67e:a5d4 with SMTP id e11-20020a170906844b00b007a9f67ea5d4mr13899843ejy.136.1667238992935; Mon, 31 Oct 2022 10:56:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667238992; cv=none; d=google.com; s=arc-20160816; b=JwS0Nh+tkzMwBVUfHOvJ4xjovobxg3UdVaRKdBW0wSz36ZjKMXlAfcf7N0p0EUqPBi 8Bb0qU4iiS4ehx2Gqiyu5t6Q0m07T1H9JbV+zHdpLUO/cWDSxlrmBJigZ3hh8Ilm7mB8 cTYJZTYt8hIkqjWSVwulMFsSz2IsiKc1jyZybSgxtAWLbX3oWCqR86yvt/BOrBUWwZ7e ZuGKcu2kgywgQY7h4xFXytVgCpN+mmgcMNCHzER7i10pPvQE653bLXej15orAKkck0jx VoYlqcGorbo7l4XOd2S2WbN2EkhhGTxOFOEdQOACicQZomZJgmpY8+C+XER3SxPHKtcY b6Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=U7UbF4nZPug8lSmlrO1tsRcqhQZwCNdlA+12Y/ynwzs=; b=bK1XWLvDqik1JNFbmghGctD5fYDd0I7voK7W1Q5pMSQFtRLvqZCP3Lnq4XSDvKCMg4 jTOCVAsdrly6ig6c7GqROh7QkD7O/8ds8u0lKFKJn2fLRoY35/Jr76OAuL+hSLyaMo6y KcBHF1nP9ICkfhFXxsB0aq/ZCMJzEGEkH5CQsnh15/ZChJJV0oqZdYwRZBSnqpCoZlwQ LNS6gDBIz5BqYPmbYuyakiS053sk5dWBeu5kSq4jLEjd21DLPc/wUDOiEyXpG/6/UEGH q4Bj0CNvUU2LFbMQnC59DCD5Joa1XkqW9SHJlPxL8AeBXDHvKVrebSVrpE7JVLO+c2wc noQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Y097of5r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m11-20020aa7c2cb000000b00461a3438b24si6660869edp.182.2022.10.31.10.56.08; Mon, 31 Oct 2022 10:56:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Y097of5r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230099AbiJaRxN (ORCPT + 99 others); Mon, 31 Oct 2022 13:53:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231302AbiJaRxF (ORCPT ); Mon, 31 Oct 2022 13:53:05 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD17913D60 for ; Mon, 31 Oct 2022 10:53:03 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id z14so17031842wrn.7 for ; Mon, 31 Oct 2022 10:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=U7UbF4nZPug8lSmlrO1tsRcqhQZwCNdlA+12Y/ynwzs=; b=Y097of5rV70g0ZvYp+B8s8y1ErB3xlFNDaYW6ykJJYNatkuqJlr+z+CyX0O3OdoplY 3mu+Og8NL2wgCY/UedkxZg/63j/icDlf6ELFCdMtov2T/caOd8nStl63B1f6Ng8tcU1M 5hgV7wZQwyNOFnJIJGLc7IfcKpyE6ArcZAM/dMQojkvPcXsLX6wzBQ4wxV0vVsqUBgQo nlt47HP/JLDJZw1BxKGWt8/cguUb1ck9UcwvtLChSK4ybEORV7tsGUXsaKD8Z+PJmzIw A5XIJIsaFJUKt+TXFuyjzrL8cPOIZQL4DK4C9/b8ysCbhMYRzIA+6uJ2wpervRsmuhoV ljgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=U7UbF4nZPug8lSmlrO1tsRcqhQZwCNdlA+12Y/ynwzs=; b=k24gl1V8bmboiqveqEeYBnZidfI7ZLPqQoUfCJgTVrS2DxyODSQuqoOPRMn2kpFRJY nzgc4rgD+J7+O6WAYjpGtJCS/8C2LWkZOJ+jJMV4aoEHkTVefnSHnmAOG5AvUHMRuw2r lR/J2naSgGocpRMpPAfh4X43WhR84Xg9J5NfOI6fBPf9rmOpyNeIeCXhO7VE/IZN4AvM mOd9bxEGr5blg8vSC1QK2II/Ww9VP6Ucik5IXPPwIGohsfuG8OPm+zMlRW4p4mFV+nrq YYJJU+30Sf1v9d8DW84TdCW4Rcmv8KP+NLo4EkLli2Q8GO6E2g4OYLg/4iy+PLviQDGc f4Kg== X-Gm-Message-State: ACrzQf0HTzcmTFVW3+CDjmU0DzxZjbtrTO6yJT3L5HaoCirCseUvnlox S+alLm6uZ77e145RgJTlY8UV8g== X-Received: by 2002:a05:6000:1841:b0:236:70dc:1a6f with SMTP id c1-20020a056000184100b0023670dc1a6fmr9096259wri.464.1667238782105; Mon, 31 Oct 2022 10:53:02 -0700 (PDT) Received: from localhost ([2a00:79e0:9d:4:f03a:db2e:7a5c:b47c]) by smtp.gmail.com with ESMTPSA id w12-20020a5d404c000000b002365254ea42sm7937270wrp.1.2022.10.31.10.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Oct 2022 10:53:01 -0700 (PDT) From: Jann Horn To: Al Viro Cc: Linus Torvalds , Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Will Deacon Subject: [PATCH v2] fs: use acquire ordering in __fget_light() Date: Mon, 31 Oct 2022 18:52:56 +0100 Message-Id: <20221031175256.2813280-1-jannh@google.com> X-Mailer: git-send-email 2.38.1.273.g43a17bfeac-goog MIME-Version: 1.0 X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748226794609760978?= X-GMAIL-MSGID: =?utf-8?q?1748226794609760978?= We must prevent the CPU from reordering the files->count read with the FD table access like this, on architectures where read-read reordering is possible: files_lookup_fd_raw() close_fd() put_files_struct() atomic_read(&files->count) I would like to mark this for stable, but the stable rules explicitly say "no theoretical races", and given that the FD table pointer and files->count are explicitly stored in the same cacheline, this sort of reordering seems quite unlikely in practice... Signed-off-by: Jann Horn --- fs/file.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) base-commit: 30a0b95b1335e12efef89dd78518ed3e4a71a763 diff --git a/fs/file.c b/fs/file.c index 5f9c802a5d8d3..c942c89ca4cda 100644 --- a/fs/file.c +++ b/fs/file.c @@ -1003,7 +1003,16 @@ static unsigned long __fget_light(unsigned int fd, fmode_t mask) struct files_struct *files = current->files; struct file *file; - if (atomic_read(&files->count) == 1) { + /* + * If another thread is concurrently calling close_fd() followed + * by put_files_struct(), we must not observe the old table + * entry combined with the new refcount - otherwise we could + * return a file that is concurrently being freed. + * + * atomic_read_acquire() pairs with atomic_dec_and_test() in + * put_files_struct(). + */ + if (atomic_read_acquire(&files->count) == 1) { file = files_lookup_fd_raw(files, fd); if (!file || unlikely(file->f_mode & mask)) return 0;