Page MenuHomeFreeBSD
Differential D31672

LinuxKPI: Implement get_file_rcu()
ClosedPublic
Actions

Authored by wulf on Aug 24 2021, 11:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 17, 11:04 AM
Unknown Object (File)
Mon, Jan 13, 10:36 PM
Unknown Object (File)
Thu, Jan 2, 2:17 AM
Unknown Object (File)
Wed, Jan 1, 4:40 PM
Unknown Object (File)
Dec 27 2024, 11:22 PM
Unknown Object (File)
Dec 15 2024, 12:48 AM
Unknown Object (File)
Dec 12 2024, 2:24 AM
Unknown Object (File)
Dec 9 2024, 9:45 PM
View All 95 Files
Subscribers
emaste
imp
linuxkpi

Details

Reviewers
hselasky
manu
markj
Commits
rGa02996804609: LinuxKPI: Implement get_file_rcu()
rGa81b36c6d35d: LinuxKPI: Implement get_file_rcu()
Summary

get_file_rcu() grabs a file if the file->f_count is not zero[1].

[1] https://elixir.bootlin.com/linux/v5.14-rc1/source/include/linux/fs.h#L968

Required by drm-kmod 5.6

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41201
Build 38090: arc lint + arc unit

Event Timeline

wulf created this revision.Aug 24 2021, 11:48 PM
Herald added subscribers: linuxkpi, emaste, imp. · View Herald TranscriptAug 24 2021, 11:48 PM
wulf requested review of this revision.Aug 24 2021, 11:48 PM
Harbormaster completed remote builds in B41193: Diff 94151.Aug 24 2021, 11:48 PM
manu accepted this revision.Aug 25 2021, 9:20 AM
This revision is now accepted and ready to land.Aug 25 2021, 9:20 AM
hselasky requested changes to this revision.Aug 25 2021, 9:41 AM
hselasky added inline comments.
sys/compat/linuxkpi/common/include/linux/fs.h
257

This change alone is incorrect! Please ensure that all structures being accessed by this function is freed by kfree_rcu()!

f_count being zero only happens when the Linux file is freed.

But neither "struct linux_file" nor "struct file" is currently freed by RCU.

That means this function will introduce use-after-free! And is not safe to use.

This revision now requires changes to proceed.Aug 25 2021, 9:41 AM
hselasky added a reviewer: markj.Aug 25 2021, 9:44 AM

markj@ How can we solve this w/o sleepable EPOCH in the kernel?

hselasky added a comment.Aug 25 2021, 10:47 AM

Maybe we need a custom "free" file operation?

wulf added inline comments.Aug 25 2021, 12:41 PM
sys/compat/linuxkpi/common/include/linux/fs.h
257

This change alone is incorrect! Please ensure that all structures being accessed by this function is freed by kfree_rcu()!

As I see, release handler of this file uses ordinary kfree(), not kfree_rcu()

f_count being zero only happens when the Linux file is freed.

But neither "struct linux_file" nor "struct file" is currently freed by RCU.

That means this function will introduce use-after-free! And is not safe to use.

Do you mean that linux_file_close() content should be replaced with single call_rcu() with current it's content moved to call_rcu's callback?

wulf updated this revision to Diff 94167.Aug 25 2021, 2:32 PM

add rcu_barrier()-s to file close handler to wait for RCU callbacks
scheduled earlier by other file operations.

Harbormaster completed remote builds in B41201: Diff 94167.Aug 25 2021, 2:32 PM
hselasky added inline comments.Aug 25 2021, 2:43 PM
sys/compat/linuxkpi/common/src/linux_compat.c
1545

I think the right place to put the barrier is right before kfree(), because the release function is important removing the file entry from the list which the DRM driver is iterating.

Also you don't need a barrier on the SLEEPABLE type.

wulf updated this revision to Diff 94171.Aug 25 2021, 3:25 PM

Place barrier right before kfree().
Remove barrier of the SLEEPABLE type.

Harbormaster completed remote builds in B41202: Diff 94171.Aug 25 2021, 3:26 PM
hselasky added inline comments.Aug 25 2021, 4:11 PM
sys/compat/linuxkpi/common/src/linux_compat.c
1545

Looking closer at this you need to call:

synchronize_rcu()

because the protection given by rcu_barrier is not strong enough.

wulf added a comment.Aug 25 2021, 4:36 PM

May be call kfree_rcu() with struct rcu_head embedded into struct linux_file?

sys/compat/linuxkpi/common/include/linux/fs.h
257

This change alone is incorrect! Please ensure that all structures being accessed by this function is freed by kfree_rcu()!

As I see, release handler of this file uses ordinary kfree(), not kfree_rcu()

f_count being zero only happens when the Linux file is freed.

But neither "struct linux_file" nor "struct file" is currently freed by RCU.

That means this function will introduce use-after-free! And is not safe to use.

Do you mean that linux_file_close() content should be replaced with single call_rcu() with current it's content moved to call_rcu's callback?

wulf updated this revision to Diff 94185.Aug 25 2021, 7:23 PM

Replace rcu_barrier() with synchronize_rcu()

Harbormaster completed remote builds in B41208: Diff 94185.Aug 25 2021, 7:23 PM
hselasky accepted this revision.Aug 25 2021, 8:25 PM

Looks good.

Please test that the code works before submitting.

This revision is now accepted and ready to land.Aug 25 2021, 8:25 PM
wulf added a comment.Aug 25 2021, 8:38 PM
In D31672#714703, @hselasky wrote:

Looks good.

Please test that the code works before submitting.

It works for me both ways: with and without the barrier.
Some sort of stress test is required to test the code for races.

wulf updated this revision to Diff 95539.Sep 23 2021, 12:52 AM

Wait for a grace period when anonymous file is closed with fput().

As this case happens in drm-kmod very frequently, free memory allocated
by struct file asynchronously with kfree_rcu().

This revision now requires review to proceed.Sep 23 2021, 12:52 AM
Harbormaster completed remote builds in B41657: Diff 95539.Sep 23 2021, 12:52 AM
hselasky added a comment.Sep 23 2021, 7:29 AM

Are you sure this works, that other structure pointers inside the Linux file structure won't be accessed and will also need to be freed by RCU?

wulf added a comment.Sep 23 2021, 9:00 AM
In D31672#723772, @hselasky wrote:

Are you sure this works, that other structure pointers inside the Linux file structure won't be accessed and will also need to be freed by RCU?

If I understand Linux code correctly, one must execute get_file_rcu() with RCU read lock taken[1] before access to any other structure member.
In that case success of get_file_rcu() prevents execution of kfree(struct *file)

[1] https://elixir.bootlin.com/linux/v5.15-rc2/source/drivers/gpu/drm/i915/gem/i915_gem_mman.c#L874

hselasky added a comment.Sep 23 2021, 1:09 PM

Hi,

The problem is that the refcount mechanism access f->_file->f_count . You need to free both "f" and "_file" using kfree_rcu() for this to work.
"f" is the Linux file structure and "_file" is the FreeBSD kernel's file structure.

What was the problem with the previous version of this patch? Performance?

--HPS

wulf updated this revision to Diff 95562.Sep 23 2021, 1:42 PM

Revert close() handler to previous state

Harbormaster completed remote builds in B41668: Diff 95562.Sep 23 2021, 1:42 PM
wulf added a comment.Sep 23 2021, 1:46 PM
In D31672#723880, @hselasky wrote:

The problem is that the refcount mechanism access f->_file->f_count . You need to free both "f" and "_file" using kfree_rcu() for this to work.
"f" is the Linux file structure and "_file" is the FreeBSD kernel's file structure.

Somehow I overlooked that. Reverted.

What was the problem with the previous version of this patch? Performance?

It missed support for files allocated with shmem_file_setup() and anon_inode_getfile(). They both have filp->_file equal to NULL, so I left kfree_rcu here.

hselasky added a comment.Sep 23 2021, 1:46 PM

I only see a partial patch revert.

hselasky accepted this revision.Sep 23 2021, 1:48 PM

Looks good.

This revision is now accepted and ready to land.Sep 23 2021, 1:48 PM
wulf added a comment.Sep 23 2021, 1:49 PM

Yes, it is partial. kfree_rcu in linux_file_free() is new as compared with old version.

wulf mentioned this in D32090: LinuxKPI: Allow cdev_pager prefault handler to steal pages from other vm_objects.Sep 24 2021, 1:09 AM
Closed by commit rGa81b36c6d35d: LinuxKPI: Implement get_file_rcu() (authored by wulf). · Explain WhySep 29 2021, 8:28 PM
This revision was automatically updated to reflect the committed changes.
wulf added a commit: rGa81b36c6d35d: LinuxKPI: Implement get_file_rcu().
wulf added a commit: rGa02996804609: LinuxKPI: Implement get_file_rcu().Oct 13 2021, 9:19 AM

Revision Contents
Changeset List

PathSize
sys/
compat/
linuxkpi/
common/
include/
linux/
7 lines
src/
4 lines

Diff 94167

View Options

sys/compat/linuxkpi/common/include/linux/fs.h

Loading...
View Options

sys/compat/linuxkpi/common/src/linux_compat.c

Loading...