| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251009075929.1203950-1-mjguzik@gmail.com>
Date: Thu, 9 Oct 2025 09:59:14 +0200
From: Mateusz Guzik <mjguzik@...il.com>
To: brauner@...nel.org
Cc: viro@...iv.linux.org.uk,
jack@...e.cz,
linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
josef@...icpanda.com,
kernel-team@...com,
amir73il@...il.com,
linux-btrfs@...r.kernel.org,
linux-ext4@...r.kernel.org,
linux-xfs@...r.kernel.org,
ceph-devel@...r.kernel.org,
linux-unionfs@...r.kernel.org,
Mateusz Guzik <mjguzik@...il.com>
Subject: [PATCH v7 00/14] hide ->i_state behind accessors
Commit message from the patch adding helpers quoted verbatim with rationable + API:
[quote]
Open-coded accesses prevent asserting they are done correctly. One
obvious aspect is locking, but significantly more can checked. For
example it can be detected when the code is clearing flags which are
already missing, or is setting flags when it is illegal (e.g., I_FREEING
when ->i_count > 0).
In order to keep things manageable this patchset merely gets the thing
off the ground with only lockdep checks baked in.
Current consumers can be trivially converted.
Suppose flags I_A and I_B are to be handled.
If ->i_lock is held, then:
state = inode->i_state => state = inode_state_read(inode)
inode->i_state |= (I_A | I_B) => inode_state_set(inode, I_A | I_B)
inode->i_state &= ~(I_A | I_B) => inode_state_clear(inode, I_A | I_B)
inode->i_state = I_A | I_B => inode_state_assign(inode, I_A | I_B)
If ->i_lock is not held or only held conditionally:
state = inode->i_state => state = inode_state_read_once(inode)
inode->i_state |= (I_A | I_B) => inode_state_set_raw(inode, I_A | I_B)
inode->i_state &= ~(I_A | I_B) => inode_state_clear_raw(inode, I_A | I_B)
inode->i_state = I_A | I_B => inode_state_assign_raw(inode, I_A | I_B)
The "_once" vs "_raw" discrepancy stems from the read variant differing
by READ_ONCE as opposed to just lockdep checks.
Finally, if you want to atomically clear flags and set new ones, the
following:
state = inode->i_state;
state &= ~I_A;
state |= I_B;
inode->i_state = state;
turns into:
inode_state_replace(inode, I_A, I_B);
[/quote]
In order to manage bisectability vs total patch count, I decided to only
split out fs conversion if manual intervention went beyond altering
inode_state_read into inode_state_read_once in a place or two.
Almost all places were patched by coccinelle generating a variant
requesting a lock, then patched up to use variants which don't expect
one as needed. Or to put it differently, if there is fallout, it should
be just lockdep complaining.
NOTES ON MERGING:
v6 got acked by Jan Kara and Dave Chinner. Given the extent of changes
made in v7 I decided to *not* add their ACKs.
More importantly though, this is generated against:
https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git/log/?h=vfs-6.19.inode
but that branch happens to be significantly lagging behind master,
notably it does not include some writeback changes and bcachefs removal.
Thus before generating the patchset I did a rebase on master.
Top commit at the time:
commit ec714e371f22f716a04e6ecb2a24988c92b26911 (origin/master, origin/HEAD, master)
Merge: 37bfdbc11b24 f3b601f90090
Author: Linus Torvalds <torvalds@...ux-foundation.org>
Date: Wed Oct 8 19:24:24 2025 -0700
Merge tag 'perf-tools-for-v6.18-1-2025-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools
v7:
- move wait_on_inode() to fs.h
- restructure the patchset a little bit
- add inode_state_replace()
- bring back lockdep now that the merge window was missed
v6:
- rename routines:
set -> assign; add -> set; del -> clear
- update commentary in patch 3 replacing smp_store/load with smp_wmb/rmb
v5:
- drop lockdep for the time being
v4:
https://lore.kernel.org/linux-fsdevel/CAGudoHFViBUZ4TPNuLWC7qyK0v8LRwxbpZd9Mx3rHdh5GW9CrQ@mail.gmail.com/T/#m866b3b5740691de9b4008184a9a3f922dfa8e439
Mateusz Guzik (14):
fs: move wait_on_inode() from writeback.h to fs.h
fs: spell out fenced ->i_state accesses with explicit smp_wmb/smp_rmb
fs: provide accessors for ->i_state
Coccinelle-based conversion to use ->i_state accessors
Manual conversion to use ->i_state accessors of all places not covered
by coccinelle
btrfs: use the new ->i_state accessors
ceph: use the new ->i_state accessors
smb: use the new ->i_state accessors
f2fs: use the new ->i_state accessors
gfs2: use the new ->i_state accessors
overlayfs: use the new ->i_state accessors
nilfs2: use the new ->i_state accessors
xfs: use the new ->i_state accessors
fs: make plain ->i_state access fail to compile
Documentation/filesystems/porting.rst | 2 +-
block/bdev.c | 4 +-
drivers/dax/super.c | 2 +-
fs/9p/vfs_inode.c | 2 +-
fs/9p/vfs_inode_dotl.c | 2 +-
fs/affs/inode.c | 2 +-
fs/afs/dynroot.c | 6 +-
fs/afs/inode.c | 8 +-
fs/befs/linuxvfs.c | 2 +-
fs/bfs/inode.c | 2 +-
fs/btrfs/inode.c | 10 +--
fs/buffer.c | 4 +-
fs/ceph/cache.c | 2 +-
fs/ceph/crypto.c | 4 +-
fs/ceph/file.c | 4 +-
fs/ceph/inode.c | 28 +++---
fs/coda/cnode.c | 4 +-
fs/cramfs/inode.c | 2 +-
fs/crypto/keyring.c | 2 +-
fs/crypto/keysetup.c | 2 +-
fs/dcache.c | 8 +-
fs/drop_caches.c | 2 +-
fs/ecryptfs/inode.c | 6 +-
fs/efs/inode.c | 2 +-
fs/erofs/inode.c | 2 +-
fs/ext2/inode.c | 2 +-
fs/ext4/inode.c | 10 +--
fs/ext4/orphan.c | 4 +-
fs/f2fs/data.c | 2 +-
fs/f2fs/inode.c | 2 +-
fs/f2fs/namei.c | 4 +-
fs/f2fs/super.c | 2 +-
fs/freevxfs/vxfs_inode.c | 2 +-
fs/fs-writeback.c | 123 +++++++++++++-------------
fs/fuse/inode.c | 4 +-
fs/gfs2/file.c | 2 +-
fs/gfs2/glops.c | 2 +-
fs/gfs2/inode.c | 4 +-
fs/gfs2/ops_fstype.c | 2 +-
fs/hfs/btree.c | 2 +-
fs/hfs/inode.c | 2 +-
fs/hfsplus/super.c | 2 +-
fs/hostfs/hostfs_kern.c | 2 +-
fs/hpfs/dir.c | 2 +-
fs/hpfs/inode.c | 2 +-
fs/inode.c | 106 +++++++++++-----------
fs/isofs/inode.c | 2 +-
fs/jffs2/fs.c | 4 +-
fs/jfs/file.c | 4 +-
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_txnmgr.c | 2 +-
fs/kernfs/inode.c | 2 +-
fs/libfs.c | 6 +-
fs/minix/inode.c | 2 +-
fs/namei.c | 8 +-
fs/netfs/misc.c | 8 +-
fs/netfs/read_single.c | 6 +-
fs/nfs/inode.c | 2 +-
fs/nfs/pnfs.c | 2 +-
fs/nfsd/vfs.c | 2 +-
fs/nilfs2/cpfile.c | 2 +-
fs/nilfs2/dat.c | 2 +-
fs/nilfs2/ifile.c | 2 +-
fs/nilfs2/inode.c | 10 +--
fs/nilfs2/sufile.c | 2 +-
fs/notify/fsnotify.c | 2 +-
fs/ntfs3/inode.c | 2 +-
fs/ocfs2/dlmglue.c | 2 +-
fs/ocfs2/inode.c | 4 +-
fs/omfs/inode.c | 2 +-
fs/openpromfs/inode.c | 2 +-
fs/orangefs/inode.c | 2 +-
fs/orangefs/orangefs-utils.c | 6 +-
fs/overlayfs/dir.c | 2 +-
fs/overlayfs/inode.c | 6 +-
fs/overlayfs/util.c | 10 +--
fs/pipe.c | 2 +-
fs/qnx4/inode.c | 2 +-
fs/qnx6/inode.c | 2 +-
fs/quota/dquot.c | 2 +-
fs/romfs/super.c | 2 +-
fs/smb/client/cifsfs.c | 2 +-
fs/smb/client/inode.c | 14 +--
fs/squashfs/inode.c | 2 +-
fs/sync.c | 2 +-
fs/ubifs/file.c | 2 +-
fs/ubifs/super.c | 2 +-
fs/udf/inode.c | 2 +-
fs/ufs/inode.c | 2 +-
fs/xfs/scrub/common.c | 2 +-
fs/xfs/scrub/inode_repair.c | 2 +-
fs/xfs/scrub/parent.c | 2 +-
fs/xfs/xfs_bmap_util.c | 2 +-
fs/xfs/xfs_health.c | 4 +-
fs/xfs/xfs_icache.c | 6 +-
fs/xfs/xfs_inode.c | 6 +-
fs/xfs/xfs_inode_item.c | 4 +-
fs/xfs/xfs_iops.c | 2 +-
fs/xfs/xfs_reflink.h | 2 +-
fs/zonefs/super.c | 4 +-
include/linux/backing-dev.h | 5 +-
include/linux/fs.h | 99 ++++++++++++++++++++-
include/linux/writeback.h | 13 +--
include/trace/events/writeback.h | 8 +-
mm/backing-dev.c | 2 +-
security/landlock/fs.c | 2 +-
106 files changed, 395 insertions(+), 315 deletions(-)
--
2.34.1
Powered by blists - more mailing lists