| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250919154905.2592318-2-mjguzik@gmail.com>
Date: Fri, 19 Sep 2025 17:49:01 +0200
From: Mateusz Guzik <mjguzik@...il.com>
To: brauner@...nel.org
Cc: viro@...iv.linux.org.uk,
jack@...e.cz,
linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
josef@...icpanda.com,
kernel-team@...com,
amir73il@...il.com,
linux-btrfs@...r.kernel.org,
linux-ext4@...r.kernel.org,
linux-xfs@...r.kernel.org,
ceph-devel@...r.kernel.org,
linux-unionfs@...r.kernel.org,
Mateusz Guzik <mjguzik@...il.com>
Subject: [PATCH v5 1/4] fs: provide accessors for ->i_state
Open-coded accesses prevent asserting they are done correctly. One
obvious aspect is locking, but significantly more can checked. For
example it can be detected when the code is clearing flags which are
already missing, or is setting flags when it is illegal (e.g., I_FREEING
when ->i_count > 0).
Given the late stage of the release cycle this patchset only aims to
hide access, it does not provide any of the checks.
Consumers can be trivially converted. Suppose flags I_A and I_B are to
be handled, then:
state = inode->i_state => state = inode_state_read(inode)
inode->i_state |= (I_A | I_B) => inode_state_add(inode, I_A | I_B)
inode->i_state &= ~(I_A | I_B) => inode_state_del(inode, I_A | I_B)
inode->i_state = I_A | I_B => inode_state_set(inode, I_A | I_B)
Note open-coded access compiles just fine until the last patch in the
series.
Signed-off-by: Mateusz Guzik <mjguzik@...il.com>
---
include/linux/fs.h | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c4fd010cf5bf..a4e93fcd4b44 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -756,7 +756,7 @@ enum inode_state_bits {
/* reserved wait address bit 3 */
};
-enum inode_state_flags_t {
+enum inode_state_flags_enum {
I_NEW = (1U << __I_NEW),
I_SYNC = (1U << __I_SYNC),
I_LRU_ISOLATING = (1U << __I_LRU_ISOLATING),
@@ -840,7 +840,7 @@ struct inode {
#endif
/* Misc */
- enum inode_state_flags_t i_state;
+ enum inode_state_flags_enum i_state;
/* 32-bit hole */
struct rw_semaphore i_rwsem;
@@ -899,6 +899,35 @@ struct inode {
void *i_private; /* fs or device private pointer */
} __randomize_layout;
+/*
+ * i_state handling
+ *
+ * We hide all of it behind helpers so that we can validate consumers.
+ */
+static inline enum inode_state_flags_enum inode_state_read(struct inode *inode)
+{
+ return READ_ONCE(inode->i_state);
+}
+
+static inline void inode_state_add(struct inode *inode,
+ enum inode_state_flags_enum addflags)
+{
+ WRITE_ONCE(inode->i_state, inode->i_state | addflags);
+}
+
+static inline void inode_state_del(struct inode *inode,
+ enum inode_state_flags_enum delflags)
+{
+ WRITE_ONCE(inode->i_state, inode->i_state & ~delflags);
+
+}
+
+static inline void inode_state_set(struct inode *inode,
+ enum inode_state_flags_enum setflags)
+{
+ WRITE_ONCE(inode->i_state, setflags);
+}
+
static inline void inode_set_cached_link(struct inode *inode, char *link, int linklen)
{
VFS_WARN_ON_INODE(strlen(link) != linklen, inode);
--
2.43.0
Powered by blists - more mailing lists