| Message ID | 20241116064128.280870-1-mjguzik@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fs: delay sysctl_nr_open check in expand_files() | expand |
On Sat, Nov 16, 2024 at 07:41:28AM +0100, Mateusz Guzik wrote: > Suppose a thread sharing the table started a resize, while > sysctl_nr_open got lowered to a value which prohibits it. This is still > going to go through with and without the patch, which is fine. > > Further suppose another thread shows up to do a matching expansion while > resize_in_progress == true. It is going to error out since it performs > the sysctl_nr_open check *before* finding out if there is an expansion > in progress. But the aformentioned thread is going to succeded, so the > error is spurious (and it would not happen if the thread showed up a > little bit later). > > Checking the sysctl *after* we know there are no pending updates sorts > it out. What for? No, seriously - what's the point? What could possibly observe an inconsistent situation? How would that look like?
On Sat, Nov 16, 2024 at 07:36:26AM +0000, Al Viro wrote: > On Sat, Nov 16, 2024 at 07:41:28AM +0100, Mateusz Guzik wrote: > > Suppose a thread sharing the table started a resize, while > > sysctl_nr_open got lowered to a value which prohibits it. This is still > > going to go through with and without the patch, which is fine. > > > > Further suppose another thread shows up to do a matching expansion while > > resize_in_progress == true. It is going to error out since it performs > > the sysctl_nr_open check *before* finding out if there is an expansion > > in progress. But the aformentioned thread is going to succeded, so the > > error is spurious (and it would not happen if the thread showed up a > > little bit later). > > > > Checking the sysctl *after* we know there are no pending updates sorts > > it out. > > What for? No, seriously - what's the point? What could possibly > observe an inconsistent situation? How would that look like? PS: I'm not saying I hate that patch; I just don't understand the point...
On Sat, Nov 16, 2024 at 8:42 AM Al Viro <viro@zeniv.linux.org.uk> wrote: > > On Sat, Nov 16, 2024 at 07:36:26AM +0000, Al Viro wrote: > > On Sat, Nov 16, 2024 at 07:41:28AM +0100, Mateusz Guzik wrote: > > > Suppose a thread sharing the table started a resize, while > > > sysctl_nr_open got lowered to a value which prohibits it. This is still > > > going to go through with and without the patch, which is fine. > > > > > > Further suppose another thread shows up to do a matching expansion while > > > resize_in_progress == true. It is going to error out since it performs > > > the sysctl_nr_open check *before* finding out if there is an expansion > > > in progress. But the aformentioned thread is going to succeded, so the > > > error is spurious (and it would not happen if the thread showed up a > > > little bit later). > > > > > > Checking the sysctl *after* we know there are no pending updates sorts > > > it out. > > > > What for? No, seriously - what's the point? What could possibly > > observe an inconsistent situation? How would that look like? > > PS: I'm not saying I hate that patch; I just don't understand the point... Per the description, if you get unlucky enough one thread is going to spuriously error out. So basically any multithreaded program which ends up trying to expand the fd table while racing against sysctl_nr_open going down can in principle run into it. Except people normally don't mess with sysctl_nr_open, so I don't think this shows up during normal operation. I explicitly noted this is not a serious problem, just a thing I noticed while poking around. If you want to NAK this that's fine with me, it's not worth arguing over.
diff --git a/fs/file.c b/fs/file.c index fb1011cf6b4a..019fb9acf91b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -278,10 +278,6 @@ static int expand_files(struct files_struct *files, unsigned int nr) if (nr < fdt->max_fds) return 0; - /* Can we expand? */ - if (nr >= sysctl_nr_open) - return -EMFILE; - if (unlikely(files->resize_in_progress)) { spin_unlock(&files->file_lock); wait_event(files->resize_wait, !files->resize_in_progress); @@ -289,6 +285,10 @@ static int expand_files(struct files_struct *files, unsigned int nr) goto repeat; } + /* Can we expand? */ + if (unlikely(nr >= sysctl_nr_open)) + return -EMFILE; + /* All good, so we try */ files->resize_in_progress = true; error = expand_fdtable(files, nr);
Suppose a thread sharing the table started a resize, while sysctl_nr_open got lowered to a value which prohibits it. This is still going to go through with and without the patch, which is fine. Further suppose another thread shows up to do a matching expansion while resize_in_progress == true. It is going to error out since it performs the sysctl_nr_open check *before* finding out if there is an expansion in progress. But the aformentioned thread is going to succeded, so the error is spurious (and it would not happen if the thread showed up a little bit later). Checking the sysctl *after* we know there are no pending updates sorts it out. While here annotate the thing as unlikely. Signed-off-by: Mateusz Guzik <mjguzik@gmail.com> --- This is a random tidbit I found while looking at the code, I don't think this is a particularly impactful problem but definitely worth sorting out in master. I doubt it warrants backports to stable so I'm not cc-ing it. fs/file.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)