On Fri, Aug 9, 2024 at 3:37 PM Mickaël Salaün [off-list ref] wrote:

On Fri, Aug 09, 2024 at 02:44:06PM +0200, Jann Horn wrote:

quoted

On Fri, Aug 9, 2024 at 12:59 PM Mickaël Salaün [off-list ref] wrote:

quoted

On Thu, Aug 08, 2024 at 04:42:23PM +0200, Jann Horn wrote:

[...]

quoted

quoted

quoted

So if you want to use RCU lifetime for this, I think you'll have to
turn landlock_put_ruleset() and landlock_put_ruleset_deferred() into
one common function that always, when reaching refcount 0, schedules
an RCU callback which then schedules a work_struct which then does
free_ruleset().

I think that would be a little ugly, and it would look nicer to just
use normal locking in the file_send_sigiotask hook?

I don't see how we can do that without delaying the free_ruleset() call
to after the RCU read-side critical section in f_setown().

It should work if you used landlock_put_ruleset_deferred() instead of
landlock_put_ruleset().

Calling landlock_put_ruleset_deferred() in hook_file_set_fowner() or
replacing all landlock_put_ruleset() calls?

Calling landlock_put_ruleset_deferred() in hook_file_set_fowner().

The deferred work queue is not guarantee to run after all concurrent RCU
read-side critical sections right?

Yes, I was talking about my "it would look nicer to just use normal
locking in the file_send_sigiotask hook" suggestion - don't use any
RCU stuff, just use the same lock in file_set_fowner and
file_send_sigiotask.