From patchwork Wed Dec 4 15:52:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13893971 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1741520B817; Wed, 4 Dec 2024 15:53:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327584; cv=none; b=ndFtqQDEXy4EaY/j3rWFGxSOdrKCvQJ0+ce+4+kMt1E+aTH0o5dyajPt0OM6vEm0Y+06RzXn3TjxY+Bl/tVIpDxYIlx41U9FVK5yp1daYTbWSKDMV/cfNt5G4sX+YRWnf1k2vt+9lJiYKuHM0LrFoD84e33BFRbBjJQyCVF7WBU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327584; c=relaxed/simple; bh=NPVXYksZkbK7cP6WTdZWPp256P2B4FMiN2imk2oaSkg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Qpt4uUDYYCeedVPcdAtdVVu8SGC+twvD5Pm2l+TdoRA0RMBXe7DP/eUcVwpMhVRXvUbyrDumJPrcTy94hyKk4Q1zgClUafs2kuccPuJZvLh+/XISLN66kqZp+4q93citJUJMTCbr84dkMeLNVrDnthDrog19sQzY7FnoGKHyUNo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RwglIqew; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RwglIqew" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B27D4C4CED2; Wed, 4 Dec 2024 15:53:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733327583; bh=NPVXYksZkbK7cP6WTdZWPp256P2B4FMiN2imk2oaSkg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RwglIqew+kC64HhmNeKRZMoydHTLxQALFth57WAXtBp6byNwVy91qJItQVVVwojSA OkH5/L9gFNYk/6f41QdqZVsf1I2GmIUsX/4V31OwNPFvaJMr9SwVKkROAY+FZFJze/ sL6tPNFlm19SV83JQXjaj+kPOEpM9/DycJQGqlRjtPJoey30zf9xUANBSL4qJbGTsm ql3tCoKZMlCrvZi0a1d2Z0oYByif2FG4pmAFUVUn+0J2Sjxv7GbWrkmPErKaHMypJC RFm8Yrwrio2mbZMJVEfnv8HExzhNKe4ZzOhXk3nxN7ocFTlW6sNuRZQYmSubZyHZ+h xfYcWMt80NU3A== From: cel@kernel.org To: Hugh Dickens , Christian Brauner , Al Viro Cc: , , yukuai3@huawei.com, yangerkun@huaweicloud.com, Chuck Lever , stable@vger.kernel.org, Jeff Layton , Yang Erkun Subject: [PATCH v4 1/5] libfs: Return ENOSPC when the directory offset range is exhausted Date: Wed, 4 Dec 2024 10:52:52 -0500 Message-ID: <20241204155257.1110338-2-cel@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241204155257.1110338-1-cel@kernel.org> References: <20241204155257.1110338-1-cel@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever Testing shows that the EBUSY error return from mtree_alloc_cyclic() leaks into user space. The ERRORS section of "man creat(2)" says: > EBUSY O_EXCL was specified in flags and pathname refers > to a block device that is in use by the system > (e.g., it is mounted). ENOSPC is closer to what applications expect in this situation. Note that the normal range of simple directory offset values is 2..2^63, so hitting this error is going to be rare to impossible. Fixes: 6faddda69f62 ("libfs: Add directory operations for stable offsets") Cc: # v6.9+ Reviewed-by: Jeff Layton Reviewed-by: Yang Erkun Signed-off-by: Chuck Lever --- fs/libfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/libfs.c b/fs/libfs.c index 46966fd8bcf9..bf67954b525b 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -288,7 +288,9 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry) ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN, LONG_MAX, &octx->next_offset, GFP_KERNEL); - if (ret < 0) + if (unlikely(ret == -EBUSY)) + return -ENOSPC; + if (unlikely(ret < 0)) return ret; offset_set(dentry, offset); From patchwork Wed Dec 4 15:52:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13893972 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2971520C499 for ; Wed, 4 Dec 2024 15:53:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327585; cv=none; b=X0N3gCHGmd4nVSnTNdzOrUA5NyoK04nXDpymceudBg/1Rlu1gsRGXqJEg0C0KXwtLKBXJmpsuPsVDgATfXcROV2ntAidapNACJBVaJ5BgjIrF1/lbTYkHQft8fCiokvlABQJUWEsq9S/9j9lKJb2BLx8H4EFlbpm3Eg8scVLKBE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327585; c=relaxed/simple; bh=N2kJlcrn9JOTM3KVLvrbjdtgeqhmJMuG2Y/zQp2C8sU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mum5aKBq/NcP9Og4JW9ibGE26yXpUWLvuZTe3FMrSGEuG7Rynhkjo7NvNGTY26wDEyDQuSLmXghCxTkucMNqcA1Aj+ICwpsEJwoHkHXAQA7V51dXwL7RnIZPLhUvClJrdxvt4htm7QxUftYEbbJLqzizHN9QaWUE7dOKIse7KCQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=A8mUmlEm; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="A8mUmlEm" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3432C4CED1; Wed, 4 Dec 2024 15:53:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733327584; bh=N2kJlcrn9JOTM3KVLvrbjdtgeqhmJMuG2Y/zQp2C8sU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=A8mUmlEmi1YX9VJXiiGL6ot4MnLU+An2YSxggSZVPZtdpsB9RZ4PPgT8dKAJKyMk9 QQGgo56Hqy0Yv8NjuXQckIsZRYBRaETkYPR+bNx90Zbp2M5xDQP2qBOn9NlK047AIt f2QtumEWqXAqPc3Ge1dUSHbJsXja/zQwjrMf6RzAAEGI6p0PMM1JJxUc9kh2ARHLiR sm73FgFFJ6rks2aNBTaq3oPFifhtWX5Rf5P65oyWaeNEwjlkYrwxRcT7+kKcTxgbce Wa9A+h2fYaKZ1oGXrXywzv0oGHgOQEbneNLsBYhFXbKSHl0fucmCyWQl/0AECa920h IYDC41rC1xyDA== From: cel@kernel.org To: Hugh Dickens , Christian Brauner , Al Viro Cc: , , yukuai3@huawei.com, yangerkun@huaweicloud.com, Chuck Lever Subject: [PATCH v4 2/5] Revert "libfs: Add simple_offset_empty()" Date: Wed, 4 Dec 2024 10:52:53 -0500 Message-ID: <20241204155257.1110338-3-cel@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241204155257.1110338-1-cel@kernel.org> References: <20241204155257.1110338-1-cel@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever simple_empty() and simple_offset_empty() perform the same task. The latter's use as a canary to find bugs has not found any new issues. A subsequent patch will remove the use of the mtree for iterating directory contents, so revert back to using a similar mechanism for determining whether a directory is indeed empty. Only one such mechanism is ever needed. Signed-off-by: Chuck Lever --- fs/libfs.c | 32 -------------------------------- include/linux/fs.h | 1 - mm/shmem.c | 4 ++-- 3 files changed, 2 insertions(+), 35 deletions(-) diff --git a/fs/libfs.c b/fs/libfs.c index bf67954b525b..b668a4f5bbc9 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -327,38 +327,6 @@ void simple_offset_remove(struct offset_ctx *octx, struct dentry *dentry) offset_set(dentry, 0); } -/** - * simple_offset_empty - Check if a dentry can be unlinked - * @dentry: dentry to be tested - * - * Returns 0 if @dentry is a non-empty directory; otherwise returns 1. - */ -int simple_offset_empty(struct dentry *dentry) -{ - struct inode *inode = d_inode(dentry); - struct offset_ctx *octx; - struct dentry *child; - unsigned long index; - int ret = 1; - - if (!inode || !S_ISDIR(inode->i_mode)) - return ret; - - index = DIR_OFFSET_MIN; - octx = inode->i_op->get_offset_ctx(inode); - mt_for_each(&octx->mt, child, index, LONG_MAX) { - spin_lock(&child->d_lock); - if (simple_positive(child)) { - spin_unlock(&child->d_lock); - ret = 0; - break; - } - spin_unlock(&child->d_lock); - } - - return ret; -} - /** * simple_offset_rename - handle directory offsets for rename * @old_dir: parent directory of source entry diff --git a/include/linux/fs.h b/include/linux/fs.h index 3559446279c1..0698cf63346c 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3434,7 +3434,6 @@ struct offset_ctx { void simple_offset_init(struct offset_ctx *octx); int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry); void simple_offset_remove(struct offset_ctx *octx, struct dentry *dentry); -int simple_offset_empty(struct dentry *dentry); int simple_offset_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry); int simple_offset_rename_exchange(struct inode *old_dir, diff --git a/mm/shmem.c b/mm/shmem.c index 568bb290bdce..6ae963d42dbe 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -3697,7 +3697,7 @@ static int shmem_unlink(struct inode *dir, struct dentry *dentry) static int shmem_rmdir(struct inode *dir, struct dentry *dentry) { - if (!simple_offset_empty(dentry)) + if (!simple_empty(dentry)) return -ENOTEMPTY; drop_nlink(d_inode(dentry)); @@ -3754,7 +3754,7 @@ static int shmem_rename2(struct mnt_idmap *idmap, return simple_offset_rename_exchange(old_dir, old_dentry, new_dir, new_dentry); - if (!simple_offset_empty(new_dentry)) + if (!simple_empty(new_dentry)) return -ENOTEMPTY; if (flags & RENAME_WHITEOUT) { From patchwork Wed Dec 4 15:52:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13893973 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 002C620C480 for ; Wed, 4 Dec 2024 15:53:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327587; cv=none; b=ux0vmCkzvmssOFutz5ngX7BApYWRfQ/QDMuP3owUe4lhFfgkHJDTg9OEtn+yNNWLVFRZUGeZLfrlY/i1WH97CDP7PBvZMy8ZB1I7N+GbRA0b6yIgEFupVgZpEfkg2JjccpKpfRWEZZWN8gwE1Ts85242tSkUCb72NMc9HlEX1xw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327587; c=relaxed/simple; bh=TsKe5WX9BiwgOVGJ1aGUhOHwVeN/D0/6ISUO68pxyBY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KCSkeoL0pmv2M1yz6QUvpYUYOr3qm95/Re0xiIBh9zX+Bqu0LoHuWdOJJSkDTc8Nzr8bI+7L6hhdWVtRioGcwsmIw3GLPler6vi6jdciwN1g7LYxUU1AoJvVZiLU/i8ZECCPKHhw3HwvvulndGdUOIu2WEgJQ257t140n3XjIQE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MzTVy/46; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MzTVy/46" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DCC74C4CEDD; Wed, 4 Dec 2024 15:53:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733327585; bh=TsKe5WX9BiwgOVGJ1aGUhOHwVeN/D0/6ISUO68pxyBY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MzTVy/46mX0vtQ9cmM5USXoMMooJ1KLKQZkpf3oLyao/4qdPVY/7rtwZenbA2YDAY cX3TmG1nK4kY/xoSzqinYQ6TuE15iSm3PgFaFd0TNCbvFlErHAnNUQC5+da3lQvmR5 ANPRdGieOzXdv0BbgQU2g2rLaaccGk3PzVKuP203sRD9qmkuQiU4WNeU3goWstnVW+ 1TxqyAkImDkfOZa3eYwK6CROcOsupgBrH1o626gO/rs2rN3a4qF2fO0y3F0RaIE0SH +A4IeFU6F/XXfj70g/EzeqRNer66Ue79gfyuW1Cs2vIFg0B/H1l6X2ovepb5Yb1eJC Vn3ikyW1bNE6A== From: cel@kernel.org To: Hugh Dickens , Christian Brauner , Al Viro Cc: , , yukuai3@huawei.com, yangerkun@huaweicloud.com, Chuck Lever Subject: [PATCH v4 3/5] Revert "libfs: fix infinite directory reads for offset dir" Date: Wed, 4 Dec 2024 10:52:54 -0500 Message-ID: <20241204155257.1110338-4-cel@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241204155257.1110338-1-cel@kernel.org> References: <20241204155257.1110338-1-cel@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever The current directory offset allocator (based on mtree_alloc_cyclic) stores the next offset value to return in octx->next_offset. This mechanism typically returns values that increase monotonically over time. Eventually, though, the newly allocated offset value wraps back to a low number (say, 2) which is smaller than other already- allocated offset values. Yu Kuai reports that, after commit 64a7ce76fb90 ("libfs: fix infinite directory reads for offset dir"), if a directory's offset allocator wraps, existing entries are no longer visible via readdir/getdents because offset_readdir() stops listing entries once an entry's offset is larger than octx->next_offset. These entries vanish persistently -- they can be looked up, but will never again appear in readdir(3) output. The reason for this is that the commit treats directory offsets as monotonically increasing integer values rather than opaque cookies, and introduces this comparison: if (dentry2offset(dentry) >= last_index) { On 64-bit platforms, the directory offset value upper bound is 2^63 - 1. Directory offsets will monotonically increase for millions of years without wrapping. On 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator can wrap after only a few weeks (at worst). Revert commit 64a7ce76fb90 ("libfs: fix infinite directory reads for offset dir") to prepare for a fix that can work properly on 32-bit systems and might apply to recent LTS kernels where shmem employs the simple_offset mechanism. Reported-by: Yu Kuai Signed-off-by: Chuck Lever --- fs/libfs.c | 35 +++++++++++------------------------ 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/fs/libfs.c b/fs/libfs.c index b668a4f5bbc9..461384fb6119 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -420,14 +420,6 @@ void simple_offset_destroy(struct offset_ctx *octx) mtree_destroy(&octx->mt); } -static int offset_dir_open(struct inode *inode, struct file *file) -{ - struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode); - - file->private_data = (void *)ctx->next_offset; - return 0; -} - /** * offset_dir_llseek - Advance the read position of a directory descriptor * @file: an open directory whose position is to be updated @@ -441,9 +433,6 @@ static int offset_dir_open(struct inode *inode, struct file *file) */ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence) { - struct inode *inode = file->f_inode; - struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode); - switch (whence) { case SEEK_CUR: offset += file->f_pos; @@ -457,8 +446,7 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence) } /* In this case, ->private_data is protected by f_pos_lock */ - if (!offset) - file->private_data = (void *)ctx->next_offset; + file->private_data = NULL; return vfs_setpos(file, offset, LONG_MAX); } @@ -489,7 +477,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry) inode->i_ino, fs_umode_to_dtype(inode->i_mode)); } -static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, long last_index) +static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx) { struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode); struct dentry *dentry; @@ -497,21 +485,17 @@ static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, lon while (true) { dentry = offset_find_next(octx, ctx->pos); if (!dentry) - return; - - if (dentry2offset(dentry) >= last_index) { - dput(dentry); - return; - } + return ERR_PTR(-ENOENT); if (!offset_dir_emit(ctx, dentry)) { dput(dentry); - return; + break; } ctx->pos = dentry2offset(dentry) + 1; dput(dentry); } + return NULL; } /** @@ -538,19 +522,22 @@ static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, lon static int offset_readdir(struct file *file, struct dir_context *ctx) { struct dentry *dir = file->f_path.dentry; - long last_index = (long)file->private_data; lockdep_assert_held(&d_inode(dir)->i_rwsem); if (!dir_emit_dots(file, ctx)) return 0; - offset_iterate_dir(d_inode(dir), ctx, last_index); + /* In this case, ->private_data is protected by f_pos_lock */ + if (ctx->pos == DIR_OFFSET_MIN) + file->private_data = NULL; + else if (file->private_data == ERR_PTR(-ENOENT)) + return 0; + file->private_data = offset_iterate_dir(d_inode(dir), ctx); return 0; } const struct file_operations simple_offset_dir_operations = { - .open = offset_dir_open, .llseek = offset_dir_llseek, .iterate_shared = offset_readdir, .read = generic_read_dir, From patchwork Wed Dec 4 15:52:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13893974 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0026C20C47E for ; Wed, 4 Dec 2024 15:53:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327587; cv=none; b=V+XRwS+Zz0JJ4eIfPtqLK5Ly+amM16rcOk3SqNV469N0fTFMeip+qb5VQGXSnQMcUZR6n4/jMk7sAN813y+qrM9Af7GsWLRfrH3iT7u7/ycpFyzJtOdrcuZK1SWsL4eun08/TdY+K4bH5JSqpeEUYI2nOT8R6ATipPMBt5Ah4QM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327587; c=relaxed/simple; bh=fRN9vGJ7LROdP4ek3V8O3+9HR95gl8BzVkAX4o0+JlY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JLKaG2nIUlgifO1FGqA9CRX7OxKT6s1HxioC4tAt3HDurY1mtNyunC7eL7ETSsYzBYLuzYLqCXcKlMbe/9BpEh6xAjU0d2wEj1j36rGjLp2Kxdghqt0yjhCn88PecXut0nSPYC+8rdBeiR00MVkENuCNLK1QJPq8PU4XOzVpzrY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Q0AZ2/Kj; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Q0AZ2/Kj" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6D28C4CED1; Wed, 4 Dec 2024 15:53:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733327586; bh=fRN9vGJ7LROdP4ek3V8O3+9HR95gl8BzVkAX4o0+JlY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Q0AZ2/KjCsuROd6V7x56n3hoEBUBchfYFAuCF0++umRnEOWMv1+sbIet4cMY14itF CkKZCOq38eR6EpzttfTgzJxVeu4h+0skR0eQYD8Uy9XDds3uM7zFubgpceYxrri4FQ pgaSr49+I+W9cbchnRNbxPOGAPx6VvfzQ9NcuOqaZ2Wu5dZrTtfAjCgDvd7jMj0vE4 kFHhIY3GM7CKMEvGUB+D7RZpa0hvZ1UekvVZJMU5Qcp6tOyr9CqbqwhUpYKSepqKw1 5vtvTPM/y5JDwPHkU9ZMMxg0leBr/36t8gvxufaTUrzb+tbrDvButD4IMg3wmrbo4K M/7DW3b5h+rUw== From: cel@kernel.org To: Hugh Dickens , Christian Brauner , Al Viro Cc: , , yukuai3@huawei.com, yangerkun@huaweicloud.com, Chuck Lever Subject: [PATCH v4 4/5] libfs: Replace simple_offset end-of-directory detection Date: Wed, 4 Dec 2024 10:52:55 -0500 Message-ID: <20241204155257.1110338-5-cel@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241204155257.1110338-1-cel@kernel.org> References: <20241204155257.1110338-1-cel@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever According to getdents(3), the d_off field in each returned directory entry points to the next entry in the directory. The d_off field in the last returned entry in the readdir buffer must contain a valid offset value, but if it points to an actual directory entry, then readdir/getdents can loop. This patch introduces a specific fixed offset value that is placed in the d_off field of the last entry in a directory. Some user space applications assume that the EOD offset value is larger than the offsets of real directory entries, so the largest possible offset value is reserved for this purpose. This new value is never allocated by simple_offset_add(). When ->iterate_dir() returns, getdents{64} inserts the ctx->pos value into the d_off field of the last valid entry in the readdir buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD offset value so the last entry is updated to point to the EOD marker. When trying to read the entry at the EOD offset, offset_readdir() terminates immediately. It is worth noting that using a Maple tree for directory offset value allocation does not guarantee a 63-bit range of values -- on platforms where "long" is a 32-bit type, the directory offset value range is still 0..(2^31 - 1). Fixes: 796432efab1e ("libfs: getdents() should return 0 after reaching EOD") Signed-off-by: Chuck Lever --- fs/libfs.c | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/fs/libfs.c b/fs/libfs.c index 461384fb6119..fcb2cdf6e3f3 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -241,9 +241,16 @@ const struct inode_operations simple_dir_inode_operations = { }; EXPORT_SYMBOL(simple_dir_inode_operations); -/* 0 is '.', 1 is '..', so always start with offset 2 or more */ +/* simple_offset_add() allocation range */ enum { - DIR_OFFSET_MIN = 2, + DIR_OFFSET_MIN = 2, + DIR_OFFSET_MAX = LONG_MAX - 1, +}; + +/* simple_offset_add() never assigns these to a dentry */ +enum { + DIR_OFFSET_EOD = LONG_MAX, /* Marks EOD */ + }; static void offset_set(struct dentry *dentry, long offset) @@ -287,7 +294,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry) return -EBUSY; ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN, - LONG_MAX, &octx->next_offset, GFP_KERNEL); + DIR_OFFSET_MAX, &octx->next_offset, + GFP_KERNEL); if (unlikely(ret == -EBUSY)) return -ENOSPC; if (unlikely(ret < 0)) @@ -445,8 +453,6 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence) return -EINVAL; } - /* In this case, ->private_data is protected by f_pos_lock */ - file->private_data = NULL; return vfs_setpos(file, offset, LONG_MAX); } @@ -456,7 +462,7 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset) struct dentry *child, *found = NULL; rcu_read_lock(); - child = mas_find(&mas, LONG_MAX); + child = mas_find(&mas, DIR_OFFSET_MAX); if (!child) goto out; spin_lock(&child->d_lock); @@ -477,7 +483,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry) inode->i_ino, fs_umode_to_dtype(inode->i_mode)); } -static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx) +static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx) { struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode); struct dentry *dentry; @@ -485,7 +491,7 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx) while (true) { dentry = offset_find_next(octx, ctx->pos); if (!dentry) - return ERR_PTR(-ENOENT); + goto out_eod; if (!offset_dir_emit(ctx, dentry)) { dput(dentry); @@ -495,7 +501,10 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx) ctx->pos = dentry2offset(dentry) + 1; dput(dentry); } - return NULL; + return; + +out_eod: + ctx->pos = DIR_OFFSET_EOD; } /** @@ -515,6 +524,8 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx) * * On return, @ctx->pos contains an offset that will read the next entry * in this directory when offset_readdir() is called again with @ctx. + * Caller places this value in the d_off field of the last entry in the + * user's buffer. * * Return values: * %0 - Complete @@ -527,13 +538,8 @@ static int offset_readdir(struct file *file, struct dir_context *ctx) if (!dir_emit_dots(file, ctx)) return 0; - - /* In this case, ->private_data is protected by f_pos_lock */ - if (ctx->pos == DIR_OFFSET_MIN) - file->private_data = NULL; - else if (file->private_data == ERR_PTR(-ENOENT)) - return 0; - file->private_data = offset_iterate_dir(d_inode(dir), ctx); + if (ctx->pos != DIR_OFFSET_EOD) + offset_iterate_dir(d_inode(dir), ctx); return 0; } From patchwork Wed Dec 4 15:52:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13893975 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5EAF20CCF5 for ; Wed, 4 Dec 2024 15:53:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327588; cv=none; b=bY79VeniSROqntzzJcKB4uaVBsSctEUf+w1P806rZz5Hakz7nUcKCJItidexGaRN0AIbqkRj4TEzXKF7L7Mr4iv5IBAsJgQZchBAbiel0sm47mYM0O7PME66dF3x/FXfNGhlZRdIQ/0li7KdCMYbwYUw/iehRXg1PAoEQSr5xVQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733327588; c=relaxed/simple; bh=uvo1HVcXQPvOFc+Tys1OpqZ+zabfYR8WnzY6RxmyeLw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dzRtvvZJu13T5zInoiHnG/iicish37KxwJBFX4ZbycOOdlUUr/QFrQJmLmyzCOD0TbwNjIzSKoANZDOF0z8kSg6ddF2ADlfeZR7J9Qf3INFDY589Rb7FbtgVyWxCOw7ax4h/rxSWgxyHKveXlsR11gJUKTaQOG9TquoCZnW/YCg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FfMP5EMF; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FfMP5EMF" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CF0DFC4CEDF; Wed, 4 Dec 2024 15:53:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733327587; bh=uvo1HVcXQPvOFc+Tys1OpqZ+zabfYR8WnzY6RxmyeLw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FfMP5EMFpAz6PQ9Cece/cfrswMGjeexM20kMaqoYqE76POVWpZCG0qVk7E/WxkBUW qYytJOTAKTZwUXhNfqVNydYqn+YQYz/30IALiV0Lm71vw5Ngfl5tvh8YpsMFRDcBck S4Ju5KlZSgq6lQAevI0+FLKrOCQk5Lx9W0WZyQMOHWS7abB729iS/H7JU1epZE9xQ5 RnzkOykEvT+xUv3uAQoZLDWXIZ+SZrF0EDdrWDThwntBXSaw6gccKJzT/rAW1KVVwV 6EDlv7bivXJ3bqgDZ3eFB02qvqc9+kT0g0OUff0la0HYoGAUObBmoUv5iqB0EDB044 5I6Jf7s9pIxDA== From: cel@kernel.org To: Hugh Dickens , Christian Brauner , Al Viro Cc: , , yukuai3@huawei.com, yangerkun@huaweicloud.com, Chuck Lever Subject: [PATCH v4 5/5] libfs: Use d_children list to iterate simple_offset directories Date: Wed, 4 Dec 2024 10:52:56 -0500 Message-ID: <20241204155257.1110338-6-cel@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241204155257.1110338-1-cel@kernel.org> References: <20241204155257.1110338-1-cel@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever The mtree mechanism has been effective at creating directory offsets that are stable over multiple opendir instances. However, it has not been able to handle the subtleties of renames that are concurrent with readdir. Instead of using the mtree to emit entries in the order of their offset values, use it only to map incoming ctx->pos to a starting entry. Then use the directory's d_children list, which is already maintained properly by the dcache, to find the next child to emit. One of the sneaky things about this is that when the mtree-allocated offset value wraps (which is very rare), looking up ctx->pos++ is not going to find the next entry; it will return NULL. Instead, by following the d_children list, the offset values can appear in any order but all of the entries in the directory will be visited eventually. Note also that the readdir() is guaranteed to reach the tail of this list. Entries are added only at the head of d_children, and readdir walks from its current position in that list towards its tail. Signed-off-by: Chuck Lever --- fs/libfs.c | 77 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 20 deletions(-) diff --git a/fs/libfs.c b/fs/libfs.c index fcb2cdf6e3f3..398eac385094 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -243,12 +243,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations); /* simple_offset_add() allocation range */ enum { - DIR_OFFSET_MIN = 2, + DIR_OFFSET_MIN = 3, DIR_OFFSET_MAX = LONG_MAX - 1, }; /* simple_offset_add() never assigns these to a dentry */ enum { + DIR_OFFSET_FIRST = 2, /* Find first real entry */ DIR_OFFSET_EOD = LONG_MAX, /* Marks EOD */ }; @@ -456,19 +457,43 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence) return vfs_setpos(file, offset, LONG_MAX); } -static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset) +/* Cf. find_next_child() */ +static struct dentry *find_next_sibling_locked(struct dentry *parent, + struct dentry *dentry) { - MA_STATE(mas, &octx->mt, offset, offset); + struct dentry *found = NULL; + + hlist_for_each_entry_from(dentry, d_sib) { + if (!simple_positive(dentry)) + continue; + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); + if (simple_positive(dentry)) + found = dget_dlock(dentry); + spin_unlock(&dentry->d_lock); + if (likely(found)) + break; + } + return found; +} + +static noinline_for_stack struct dentry * +offset_dir_lookup(struct file *file, loff_t offset) +{ + struct dentry *parent = file->f_path.dentry; struct dentry *child, *found = NULL; + struct inode *inode = d_inode(parent); + struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode); + + MA_STATE(mas, &octx->mt, offset, offset); rcu_read_lock(); child = mas_find(&mas, DIR_OFFSET_MAX); if (!child) goto out; - spin_lock(&child->d_lock); - if (simple_positive(child)) - found = dget_dlock(child); - spin_unlock(&child->d_lock); + + spin_lock(&parent->d_lock); + found = find_next_sibling_locked(parent, child); + spin_unlock(&parent->d_lock); out: rcu_read_unlock(); return found; @@ -477,30 +502,42 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset) static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry) { struct inode *inode = d_inode(dentry); - long offset = dentry2offset(dentry); - return ctx->actor(ctx, dentry->d_name.name, dentry->d_name.len, offset, - inode->i_ino, fs_umode_to_dtype(inode->i_mode)); + return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len, + inode->i_ino, fs_umode_to_dtype(inode->i_mode)); } -static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx) +static void offset_iterate_dir(struct file *file, struct dir_context *ctx) { - struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode); + struct dentry *dir = file->f_path.dentry; struct dentry *dentry; + if (ctx->pos == DIR_OFFSET_FIRST) { + spin_lock(&dir->d_lock); + dentry = find_next_sibling_locked(dir, d_first_child(dir)); + spin_unlock(&dir->d_lock); + } else + dentry = offset_dir_lookup(file, ctx->pos); + if (!dentry) + goto out_eod; + while (true) { - dentry = offset_find_next(octx, ctx->pos); - if (!dentry) - goto out_eod; + struct dentry *next; - if (!offset_dir_emit(ctx, dentry)) { - dput(dentry); + ctx->pos = dentry2offset(dentry); + if (!offset_dir_emit(ctx, dentry)) break; - } - ctx->pos = dentry2offset(dentry) + 1; + spin_lock(&dir->d_lock); + next = find_next_sibling_locked(dir, d_next_sibling(dentry)); + spin_unlock(&dir->d_lock); dput(dentry); + + if (!next) + goto out_eod; + dentry = next; } + dput(dentry); return; out_eod: @@ -539,7 +576,7 @@ static int offset_readdir(struct file *file, struct dir_context *ctx) if (!dir_emit_dots(file, ctx)) return 0; if (ctx->pos != DIR_OFFSET_EOD) - offset_iterate_dir(d_inode(dir), ctx); + offset_iterate_dir(file, ctx); return 0; }