From: Christian Brauner
Sent: 26 July 2023 09:37
...
Yes, and to summarize which I tried in my description for the commit. The getdents support patchset would have introduced a bug because the patchset copied the fdget_pos() file_count(file) > 1 optimization into io_uring.
That works fine as long as the original file descriptor used to register the fixed file is kept. The locking will work correctly as file_count(file) > 1 and no races are possible neither via getdent calls using the original file descriptor nor via io_uring using the fixed file or even mixing both.
But as soon as the original file descriptor is closed the f_count for the file drops back to 1 but continues to be usable from io_uring via the fixed file. Now the optimization that the patchset wanted to copy over would cause bugs as multiple racing getdent requests would be possible using the fixed file.
Could the io_uring code grab two references? That would stop the optimisation without affecting any normal code paths?
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)