On Tue, 8 Aug 2023 at 10:36, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> @Linus, you ok with the appended thing?
Yes.
I do think that the CHECK_DATA_CORRUPTION() case (used to be in
filp_close, now in filp_flush) is now very questionable since we'll
end up doing an "fput()" on it anyway.
But I think that's actually not a new thing - it was always in the
wrong place, and only caught the "filp_close()" cases. Which -
considering that it would only happen with people using 'fput()'
incorrectly - was always quite suspicious.
The actual "CHECK_DATA_CORRUPTION()" part of the check is new, but the
check itself predates not just the git tree, but the BK history too.
Google does find that we had it trigger back in 1998, apparently.
I think we should probably remove it entirely - and just depend on all
our modern use-after-free infrastructure.
Or we could move it into __fput() itself - the ordering wrt any
flushing is immaterial, because it's no different from using read or
write or whatever on a stale file descriptor - and at least get much
better coverage of the situation where it would happen.
But that is, I think, a completely separate issue - this is all just
made more obvious by the reorganization.
Linus
