Merge tag 'vfs-6.16-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull vfs fixes from Christian Brauner:

- Fix a regression caused by the anonymous inode rework. Making them
regular files causes various places in the kernel to tip over
starting with io_uring.

Revert to the former status quo and port our assertion to be based on
checking the inode so we don't lose the valuable VFS_*_ON_*()
assertions that have already helped discover weird behavior our
outright bugs.

- Fix the the upper bound calculation in fuse_fill_write_pages()

- Fix priority inversion issues in the eventpoll code

- Make secretmen use anon_inode_make_secure_inode() to avoid bypassing
the LSM layer

- Fix a netfs hang due to missing case in final DIO read result
collection

- Fix a double put of the netfs_io_request struct

- Provide some helpers to abstract out NETFS_RREQ_IN_PROGRESS flag
wrangling

- Fix infinite looping in netfs_wait_for_pause/request()

- Fix a netfs ref leak on an extra subrequest inserted into a request's
list of subreqs

- Fix various cifs RPC callbacks to set NETFS_SREQ_NEED_RETRY if a
subrequest fails retriably

- Fix a cifs warning in the workqueue code when reconnecting a channel

- Fix the updating of i_size in netfs to avoid a race between testing
if we should have extended the file with a DIO write and changing
i_size

- Merge the places in netfs that update i_size on write

- Fix coredump socket selftests

* tag 'vfs-6.16-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
anon_inode: rework assertions
netfs: Update tracepoints in a number of ways
netfs: Renumber the NETFS_RREQ_* flags to make traces easier to read
netfs: Merge i_size update functions
netfs: Fix i_size updating
smb: client: set missing retry flag in cifs_writev_callback()
smb: client: set missing retry flag in cifs_readv_callback()
smb: client: set missing retry flag in smb2_writev_callback()
netfs: Fix ref leak on inserted extra subreq in write retry
netfs: Fix looping in wait functions
netfs: Provide helpers to perform NETFS_RREQ_IN_PROGRESS flag wangling
netfs: Fix double put of request
netfs: Fix hang due to missing case in final DIO read result collection
eventpoll: Fix priority inversion problem
fuse: fix fuse_fill_write_pages() upper bound calculation
fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
selftests/coredump: Fix "socket_detect_userspace_client" test failure

Linus Torvalds 11 months ago 2eb7f03a 4c06e63b

+354 -441

21 changed files

expand all

anon_inodes.c

eventpoll.c

exec.c

fuse

file.c

libfs.c

namei.c

netfs

buffered_write.c

direct_write.c

internal.h

main.c

misc.c

read_collect.c

write_collect.c

write_retry.c

smb

client

cifssmb.c

smb2pdu.c

include

linux

fs.h

netfs.h

trace

events

netfs.h

secretmem.c

tools

testing

selftests

coredump

stackdump_test.c

+18 -5

fs/anon_inodes.c

··· 98 98 .kill_sb = kill_anon_super, 99 99 }; 100 100 101 - static struct inode *anon_inode_make_secure_inode( 102 - const char *name, 103 - const struct inode *context_inode) 101 + /** 102 + * anon_inode_make_secure_inode - allocate an anonymous inode with security context 103 + * @sb: [in] Superblock to allocate from 104 + * @name: [in] Name of the class of the newfile (e.g., "secretmem") 105 + * @context_inode: 106 + * [in] Optional parent inode for security inheritance 107 + * 108 + * The function ensures proper security initialization through the LSM hook 109 + * security_inode_init_security_anon(). 110 + * 111 + * Return: Pointer to new inode on success, ERR_PTR on failure. 112 + */ 113 + struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name, 114 + const struct inode *context_inode) 104 115 { 105 116 struct inode *inode; 106 117 int error; 107 118 108 - inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); 119 + inode = alloc_anon_inode(sb); 109 120 if (IS_ERR(inode)) 110 121 return inode; 111 122 inode->i_flags &= ~S_PRIVATE; ··· 129 118 } 130 119 return inode; 131 120 } 121 + EXPORT_SYMBOL_GPL_FOR_MODULES(anon_inode_make_secure_inode, "kvm"); 132 122 133 123 static struct file *__anon_inode_getfile(const char *name, 134 124 const struct file_operations *fops, ··· 144 132 return ERR_PTR(-ENOENT); 145 133 146 134 if (make_inode) { 147 - inode = anon_inode_make_secure_inode(name, context_inode); 135 + inode = anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb, 136 + name, context_inode); 148 137 if (IS_ERR(inode)) { 149 138 file = ERR_CAST(inode); 150 139 goto err;

+134 -324

fs/eventpoll.c

··· 137 137 }; 138 138 139 139 /* List header used to link this structure to the eventpoll ready list */ 140 - struct list_head rdllink; 141 - 142 - /* 143 - * Works together "struct eventpoll"->ovflist in keeping the 144 - * single linked chain of items. 145 - */ 146 - struct epitem *next; 140 + struct llist_node rdllink; 147 141 148 142 /* The file descriptor information this item refers to */ 149 143 struct epoll_filefd ffd; ··· 185 191 /* Wait queue used by file->poll() */ 186 192 wait_queue_head_t poll_wait; 187 193 188 - /* List of ready file descriptors */ 189 - struct list_head rdllist; 190 - 191 - /* Lock which protects rdllist and ovflist */ 192 - rwlock_t lock; 194 + /* 195 + * List of ready file descriptors. Adding to this list is lockless. Items can be removed 196 + * only with eventpoll::mtx 197 + */ 198 + struct llist_head rdllist; 193 199 194 200 /* RB tree root used to store monitored fd structs */ 195 201 struct rb_root_cached rbr; 196 - 197 - /* 198 - * This is a single linked list that chains all the "struct epitem" that 199 - * happened while transferring ready events to userspace w/out 200 - * holding ->lock. 201 - */ 202 - struct epitem *ovflist; 203 202 204 203 /* wakeup_source used when ep_send_events or __ep_eventpoll_poll is running */ 205 204 struct wakeup_source *ws; ··· 348 361 (p1->file < p2->file ? -1 : p1->fd - p2->fd)); 349 362 } 350 363 351 - /* Tells us if the item is currently linked */ 352 - static inline int ep_is_linked(struct epitem *epi) 364 + /* 365 + * Add the item to its container eventpoll's rdllist; do nothing if the item is already on rdllist. 366 + */ 367 + static void epitem_ready(struct epitem *epi) 353 368 { 354 - return !list_empty(&epi->rdllink); 369 + if (&epi->rdllink == cmpxchg(&epi->rdllink.next, &epi->rdllink, NULL)) 370 + llist_add(&epi->rdllink, &epi->ep->rdllist); 371 + 355 372 } 356 373 357 374 static inline struct eppoll_entry *ep_pwq_from_wait(wait_queue_entry_t *p) ··· 374 383 * 375 384 * @ep: Pointer to the eventpoll context. 376 385 * 377 - * Return: a value different than %zero if ready events are available, 378 - * or %zero otherwise. 386 + * Return: true if ready events might be available, false otherwise. 379 387 */ 380 - static inline int ep_events_available(struct eventpoll *ep) 388 + static inline bool ep_events_available(struct eventpoll *ep) 381 389 { 382 - return !list_empty_careful(&ep->rdllist) || 383 - READ_ONCE(ep->ovflist) != EP_UNACTIVE_PTR; 390 + bool available; 391 + int locked; 392 + 393 + locked = mutex_trylock(&ep->mtx); 394 + if (!locked) { 395 + /* 396 + * The lock held and someone might have removed all items while inspecting it. The 397 + * llist_empty() check in this case is futile. Assume that something is enqueued and 398 + * let ep_try_send_events() figure it out. 399 + */ 400 + return true; 401 + } 402 + 403 + available = !llist_empty(&ep->rdllist); 404 + mutex_unlock(&ep->mtx); 405 + return available; 384 406 } 385 407 386 408 #ifdef CONFIG_NET_RX_BUSY_POLL ··· 728 724 rcu_read_unlock(); 729 725 } 730 726 731 - 732 - /* 733 - * ep->mutex needs to be held because we could be hit by 734 - * eventpoll_release_file() and epoll_ctl(). 735 - */ 736 - static void ep_start_scan(struct eventpoll *ep, struct list_head *txlist) 737 - { 738 - /* 739 - * Steal the ready list, and re-init the original one to the 740 - * empty list. Also, set ep->ovflist to NULL so that events 741 - * happening while looping w/out locks, are not lost. We cannot 742 - * have the poll callback to queue directly on ep->rdllist, 743 - * because we want the "sproc" callback to be able to do it 744 - * in a lockless way. 745 - */ 746 - lockdep_assert_irqs_enabled(); 747 - write_lock_irq(&ep->lock); 748 - list_splice_init(&ep->rdllist, txlist); 749 - WRITE_ONCE(ep->ovflist, NULL); 750 - write_unlock_irq(&ep->lock); 751 - } 752 - 753 - static void ep_done_scan(struct eventpoll *ep, 754 - struct list_head *txlist) 755 - { 756 - struct epitem *epi, *nepi; 757 - 758 - write_lock_irq(&ep->lock); 759 - /* 760 - * During the time we spent inside the "sproc" callback, some 761 - * other events might have been queued by the poll callback. 762 - * We re-insert them inside the main ready-list here. 763 - */ 764 - for (nepi = READ_ONCE(ep->ovflist); (epi = nepi) != NULL; 765 - nepi = epi->next, epi->next = EP_UNACTIVE_PTR) { 766 - /* 767 - * We need to check if the item is already in the list. 768 - * During the "sproc" callback execution time, items are 769 - * queued into ->ovflist but the "txlist" might already 770 - * contain them, and the list_splice() below takes care of them. 771 - */ 772 - if (!ep_is_linked(epi)) { 773 - /* 774 - * ->ovflist is LIFO, so we have to reverse it in order 775 - * to keep in FIFO. 776 - */ 777 - list_add(&epi->rdllink, &ep->rdllist); 778 - ep_pm_stay_awake(epi); 779 - } 780 - } 781 - /* 782 - * We need to set back ep->ovflist to EP_UNACTIVE_PTR, so that after 783 - * releasing the lock, events will be queued in the normal way inside 784 - * ep->rdllist. 785 - */ 786 - WRITE_ONCE(ep->ovflist, EP_UNACTIVE_PTR); 787 - 788 - /* 789 - * Quickly re-inject items left on "txlist". 790 - */ 791 - list_splice(txlist, &ep->rdllist); 792 - __pm_relax(ep->ws); 793 - 794 - if (!list_empty(&ep->rdllist)) { 795 - if (waitqueue_active(&ep->wq)) 796 - wake_up(&ep->wq); 797 - } 798 - 799 - write_unlock_irq(&ep->lock); 800 - } 801 - 802 727 static void ep_get(struct eventpoll *ep) 803 728 { 804 729 refcount_inc(&ep->refcount); ··· 765 832 static bool __ep_remove(struct eventpoll *ep, struct epitem *epi, bool force) 766 833 { 767 834 struct file *file = epi->ffd.file; 835 + struct llist_node *put_back_last; 768 836 struct epitems_head *to_free; 769 837 struct hlist_head *head; 838 + LLIST_HEAD(put_back); 770 839 771 - lockdep_assert_irqs_enabled(); 840 + lockdep_assert_held(&ep->mtx); 772 841 773 842 /* 774 843 * Removes poll wait queue hooks. ··· 802 867 803 868 rb_erase_cached(&epi->rbn, &ep->rbr); 804 869 805 - write_lock_irq(&ep->lock); 806 - if (ep_is_linked(epi)) 807 - list_del_init(&epi->rdllink); 808 - write_unlock_irq(&ep->lock); 870 + if (llist_on_list(&epi->rdllink)) { 871 + put_back_last = NULL; 872 + while (true) { 873 + struct llist_node *n = llist_del_first(&ep->rdllist); 874 + 875 + if (&epi->rdllink == n || WARN_ON(!n)) 876 + break; 877 + if (!put_back_last) 878 + put_back_last = n; 879 + __llist_add(n, &put_back); 880 + } 881 + if (put_back_last) 882 + llist_add_batch(put_back.first, put_back_last, &ep->rdllist); 883 + } 809 884 810 885 wakeup_source_unregister(ep_wakeup_source(epi)); 811 886 /* ··· 919 974 static __poll_t __ep_eventpoll_poll(struct file *file, poll_table *wait, int depth) 920 975 { 921 976 struct eventpoll *ep = file->private_data; 922 - LIST_HEAD(txlist); 923 - struct epitem *epi, *tmp; 977 + struct wakeup_source *ws; 978 + struct llist_node *n; 979 + struct epitem *epi; 924 980 poll_table pt; 925 981 __poll_t res = 0; 926 982 ··· 935 989 * the ready list. 936 990 */ 937 991 mutex_lock_nested(&ep->mtx, depth); 938 - ep_start_scan(ep, &txlist); 939 - list_for_each_entry_safe(epi, tmp, &txlist, rdllink) { 992 + while (true) { 993 + n = llist_del_first_init(&ep->rdllist); 994 + if (!n) 995 + break; 996 + 997 + epi = llist_entry(n, struct epitem, rdllink); 998 + 940 999 if (ep_item_poll(epi, &pt, depth + 1)) { 941 1000 res = EPOLLIN | EPOLLRDNORM; 1001 + epitem_ready(epi); 942 1002 break; 943 1003 } else { 944 1004 /* 945 - * Item has been dropped into the ready list by the poll 946 - * callback, but it's not actually ready, as far as 947 - * caller requested events goes. We can remove it here. 1005 + * We need to activate ep before deactivating epi, to prevent autosuspend 1006 + * just in case epi becomes active after ep_item_poll() above. 1007 + * 1008 + * This is similar to ep_send_events(). 948 1009 */ 1010 + ws = ep_wakeup_source(epi); 1011 + if (ws) { 1012 + if (ws->active) 1013 + __pm_stay_awake(ep->ws); 1014 + __pm_relax(ws); 1015 + } 949 1016 __pm_relax(ep_wakeup_source(epi)); 950 - list_del_init(&epi->rdllink); 1017 + 1018 + /* Just in case epi becomes active right before __pm_relax() */ 1019 + if (unlikely(ep_item_poll(epi, &pt, depth + 1))) 1020 + ep_pm_stay_awake(epi); 1021 + 1022 + __pm_relax(ep->ws); 951 1023 } 952 1024 } 953 - ep_done_scan(ep, &txlist); 954 1025 mutex_unlock(&ep->mtx); 955 1026 return res; 956 1027 } ··· 1116 1153 return -ENOMEM; 1117 1154 1118 1155 mutex_init(&ep->mtx); 1119 - rwlock_init(&ep->lock); 1120 1156 init_waitqueue_head(&ep->wq); 1121 1157 init_waitqueue_head(&ep->poll_wait); 1122 - INIT_LIST_HEAD(&ep->rdllist); 1158 + init_llist_head(&ep->rdllist); 1123 1159 ep->rbr = RB_ROOT_CACHED; 1124 - ep->ovflist = EP_UNACTIVE_PTR; 1125 1160 ep->user = get_current_user(); 1126 1161 refcount_set(&ep->refcount, 1); 1127 1162 ··· 1202 1241 #endif /* CONFIG_KCMP */ 1203 1242 1204 1243 /* 1205 - * Adds a new entry to the tail of the list in a lockless way, i.e. 1206 - * multiple CPUs are allowed to call this function concurrently. 1207 - * 1208 - * Beware: it is necessary to prevent any other modifications of the 1209 - * existing list until all changes are completed, in other words 1210 - * concurrent list_add_tail_lockless() calls should be protected 1211 - * with a read lock, where write lock acts as a barrier which 1212 - * makes sure all list_add_tail_lockless() calls are fully 1213 - * completed. 1214 - * 1215 - * Also an element can be locklessly added to the list only in one 1216 - * direction i.e. either to the tail or to the head, otherwise 1217 - * concurrent access will corrupt the list. 1218 - * 1219 - * Return: %false if element has been already added to the list, %true 1220 - * otherwise. 1221 - */ 1222 - static inline bool list_add_tail_lockless(struct list_head *new, 1223 - struct list_head *head) 1224 - { 1225 - struct list_head *prev; 1226 - 1227 - /* 1228 - * This is simple 'new->next = head' operation, but cmpxchg() 1229 - * is used in order to detect that same element has been just 1230 - * added to the list from another CPU: the winner observes 1231 - * new->next == new. 1232 - */ 1233 - if (!try_cmpxchg(&new->next, &new, head)) 1234 - return false; 1235 - 1236 - /* 1237 - * Initially ->next of a new element must be updated with the head 1238 - * (we are inserting to the tail) and only then pointers are atomically 1239 - * exchanged. XCHG guarantees memory ordering, thus ->next should be 1240 - * updated before pointers are actually swapped and pointers are 1241 - * swapped before prev->next is updated. 1242 - */ 1243 - 1244 - prev = xchg(&head->prev, new); 1245 - 1246 - /* 1247 - * It is safe to modify prev->next and new->prev, because a new element 1248 - * is added only to the tail and new->next is updated before XCHG. 1249 - */ 1250 - 1251 - prev->next = new; 1252 - new->prev = prev; 1253 - 1254 - return true; 1255 - } 1256 - 1257 - /* 1258 - * Chains a new epi entry to the tail of the ep->ovflist in a lockless way, 1259 - * i.e. multiple CPUs are allowed to call this function concurrently. 1260 - * 1261 - * Return: %false if epi element has been already chained, %true otherwise. 1262 - */ 1263 - static inline bool chain_epi_lockless(struct epitem *epi) 1264 - { 1265 - struct eventpoll *ep = epi->ep; 1266 - 1267 - /* Fast preliminary check */ 1268 - if (epi->next != EP_UNACTIVE_PTR) 1269 - return false; 1270 - 1271 - /* Check that the same epi has not been just chained from another CPU */ 1272 - if (cmpxchg(&epi->next, EP_UNACTIVE_PTR, NULL) != EP_UNACTIVE_PTR) 1273 - return false; 1274 - 1275 - /* Atomically exchange tail */ 1276 - epi->next = xchg(&ep->ovflist, epi); 1277 - 1278 - return true; 1279 - } 1280 - 1281 - /* 1282 1244 * This is the callback that is passed to the wait queue wakeup 1283 1245 * mechanism. It is called by the stored file descriptors when they 1284 1246 * have events to report. 1285 - * 1286 - * This callback takes a read lock in order not to contend with concurrent 1287 - * events from another file descriptor, thus all modifications to ->rdllist 1288 - * or ->ovflist are lockless. Read lock is paired with the write lock from 1289 - * ep_start/done_scan(), which stops all list modifications and guarantees 1290 - * that lists state is seen correctly. 1291 1247 * 1292 1248 * Another thing worth to mention is that ep_poll_callback() can be called 1293 1249 * concurrently for the same @epi from different CPUs if poll table was inited ··· 1215 1337 */ 1216 1338 static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, void *key) 1217 1339 { 1218 - int pwake = 0; 1219 1340 struct epitem *epi = ep_item_from_wait(wait); 1220 1341 struct eventpoll *ep = epi->ep; 1221 1342 __poll_t pollflags = key_to_poll(key); 1222 - unsigned long flags; 1223 1343 int ewake = 0; 1224 - 1225 - read_lock_irqsave(&ep->lock, flags); 1226 1344 1227 1345 ep_set_busy_poll_napi_id(epi); 1228 1346 ··· 1229 1355 * until the next EPOLL_CTL_MOD will be issued. 1230 1356 */ 1231 1357 if (!(epi->event.events & ~EP_PRIVATE_BITS)) 1232 - goto out_unlock; 1358 + goto out; 1233 1359 1234 1360 /* 1235 1361 * Check the events coming with the callback. At this stage, not ··· 1238 1364 * test for "key" != NULL before the event match test. 1239 1365 */ 1240 1366 if (pollflags && !(pollflags & epi->event.events)) 1241 - goto out_unlock; 1367 + goto out; 1242 1368 1243 - /* 1244 - * If we are transferring events to userspace, we can hold no locks 1245 - * (because we're accessing user memory, and because of linux f_op->poll() 1246 - * semantics). All the events that happen during that period of time are 1247 - * chained in ep->ovflist and requeued later on. 1248 - */ 1249 - if (READ_ONCE(ep->ovflist) != EP_UNACTIVE_PTR) { 1250 - if (chain_epi_lockless(epi)) 1251 - ep_pm_stay_awake_rcu(epi); 1252 - } else if (!ep_is_linked(epi)) { 1253 - /* In the usual case, add event to ready list. */ 1254 - if (list_add_tail_lockless(&epi->rdllink, &ep->rdllist)) 1255 - ep_pm_stay_awake_rcu(epi); 1256 - } 1369 + ep_pm_stay_awake_rcu(epi); 1370 + epitem_ready(epi); 1257 1371 1258 1372 /* 1259 1373 * Wake up ( if active ) both the eventpoll wait list and the ->poll() ··· 1270 1408 wake_up(&ep->wq); 1271 1409 } 1272 1410 if (waitqueue_active(&ep->poll_wait)) 1273 - pwake++; 1274 - 1275 - out_unlock: 1276 - read_unlock_irqrestore(&ep->lock, flags); 1277 - 1278 - /* We have to call this outside the lock */ 1279 - if (pwake) 1280 1411 ep_poll_safewake(ep, epi, pollflags & EPOLL_URING_WAKE); 1281 1412 1413 + out: 1282 1414 if (!(epi->event.events & EPOLLEXCLUSIVE)) 1283 1415 ewake = 1; 1284 1416 ··· 1517 1661 if (is_file_epoll(tfile)) 1518 1662 tep = tfile->private_data; 1519 1663 1520 - lockdep_assert_irqs_enabled(); 1521 - 1522 1664 if (unlikely(percpu_counter_compare(&ep->user->epoll_watches, 1523 1665 max_user_watches) >= 0)) 1524 1666 return -ENOSPC; ··· 1528 1674 } 1529 1675 1530 1676 /* Item initialization follow here ... */ 1531 - INIT_LIST_HEAD(&epi->rdllink); 1677 + init_llist_node(&epi->rdllink); 1532 1678 epi->ep = ep; 1533 1679 ep_set_ffd(&epi->ffd, tfile, fd); 1534 1680 epi->event = *event; 1535 - epi->next = EP_UNACTIVE_PTR; 1536 1681 1537 1682 if (tep) 1538 1683 mutex_lock_nested(&tep->mtx, 1); ··· 1598 1745 return -ENOMEM; 1599 1746 } 1600 1747 1601 - /* We have to drop the new item inside our item list to keep track of it */ 1602 - write_lock_irq(&ep->lock); 1603 - 1604 1748 /* record NAPI ID of new item if present */ 1605 1749 ep_set_busy_poll_napi_id(epi); 1606 1750 1607 1751 /* If the file is already "ready" we drop it inside the ready list */ 1608 - if (revents && !ep_is_linked(epi)) { 1609 - list_add_tail(&epi->rdllink, &ep->rdllist); 1752 + if (revents) { 1610 1753 ep_pm_stay_awake(epi); 1754 + epitem_ready(epi); 1611 1755 1612 1756 /* Notify waiting tasks that events are available */ 1613 1757 if (waitqueue_active(&ep->wq)) ··· 1612 1762 if (waitqueue_active(&ep->poll_wait)) 1613 1763 pwake++; 1614 1764 } 1615 - 1616 - write_unlock_irq(&ep->lock); 1617 1765 1618 1766 /* We have to call this outside the lock */ 1619 1767 if (pwake) ··· 1627 1779 static int ep_modify(struct eventpoll *ep, struct epitem *epi, 1628 1780 const struct epoll_event *event) 1629 1781 { 1630 - int pwake = 0; 1631 1782 poll_table pt; 1632 - 1633 - lockdep_assert_irqs_enabled(); 1634 1783 1635 1784 init_poll_funcptr(&pt, NULL); 1636 1785 ··· 1672 1827 * list, push it inside. 1673 1828 */ 1674 1829 if (ep_item_poll(epi, &pt, 1)) { 1675 - write_lock_irq(&ep->lock); 1676 - if (!ep_is_linked(epi)) { 1677 - list_add_tail(&epi->rdllink, &ep->rdllist); 1678 - ep_pm_stay_awake(epi); 1830 + ep_pm_stay_awake(epi); 1831 + epitem_ready(epi); 1679 1832 1680 - /* Notify waiting tasks that events are available */ 1681 - if (waitqueue_active(&ep->wq)) 1682 - wake_up(&ep->wq); 1683 - if (waitqueue_active(&ep->poll_wait)) 1684 - pwake++; 1685 - } 1686 - write_unlock_irq(&ep->lock); 1833 + /* Notify waiting tasks that events are available */ 1834 + if (waitqueue_active(&ep->wq)) 1835 + wake_up(&ep->wq); 1836 + if (waitqueue_active(&ep->poll_wait)) 1837 + ep_poll_safewake(ep, NULL, 0); 1687 1838 } 1688 - 1689 - /* We have to call this outside the lock */ 1690 - if (pwake) 1691 - ep_poll_safewake(ep, NULL, 0); 1692 1839 1693 1840 return 0; 1694 1841 } ··· 1689 1852 struct epoll_event __user *events, int maxevents) 1690 1853 { 1691 1854 struct epitem *epi, *tmp; 1692 - LIST_HEAD(txlist); 1855 + LLIST_HEAD(txlist); 1693 1856 poll_table pt; 1694 1857 int res = 0; 1695 1858 ··· 1704 1867 init_poll_funcptr(&pt, NULL); 1705 1868 1706 1869 mutex_lock(&ep->mtx); 1707 - ep_start_scan(ep, &txlist); 1708 1870 1709 - /* 1710 - * We can loop without lock because we are passed a task private list. 1711 - * Items cannot vanish during the loop we are holding ep->mtx. 1712 - */ 1713 - list_for_each_entry_safe(epi, tmp, &txlist, rdllink) { 1871 + while (res < maxevents) { 1714 1872 struct wakeup_source *ws; 1873 + struct llist_node *n; 1715 1874 __poll_t revents; 1716 1875 1717 - if (res >= maxevents) 1876 + n = llist_del_first(&ep->rdllist); 1877 + if (!n) 1718 1878 break; 1879 + 1880 + epi = llist_entry(n, struct epitem, rdllink); 1719 1881 1720 1882 /* 1721 1883 * Activate ep->ws before deactivating epi->ws to prevent ··· 1732 1896 __pm_relax(ws); 1733 1897 } 1734 1898 1735 - list_del_init(&epi->rdllink); 1736 - 1737 1899 /* 1738 1900 * If the event mask intersect the caller-requested one, 1739 1901 * deliver the event to userspace. Again, we are holding ep->mtx, 1740 1902 * so no operations coming from userspace can change the item. 1741 1903 */ 1742 1904 revents = ep_item_poll(epi, &pt, 1); 1743 - if (!revents) 1905 + if (!revents) { 1906 + init_llist_node(n); 1907 + 1908 + /* 1909 + * Just in case epi becomes ready after ep_item_poll() above, but before 1910 + * init_llist_node(). Make sure to add it to the ready list, otherwise an 1911 + * event may be lost. 1912 + */ 1913 + if (unlikely(ep_item_poll(epi, &pt, 1))) { 1914 + ep_pm_stay_awake(epi); 1915 + epitem_ready(epi); 1916 + } 1744 1917 continue; 1918 + } 1745 1919 1746 1920 events = epoll_put_uevent(revents, epi->event.data, events); 1747 1921 if (!events) { 1748 - list_add(&epi->rdllink, &txlist); 1749 - ep_pm_stay_awake(epi); 1922 + llist_add(&epi->rdllink, &ep->rdllist); 1750 1923 if (!res) 1751 1924 res = -EFAULT; 1752 1925 break; ··· 1763 1918 res++; 1764 1919 if (epi->event.events & EPOLLONESHOT) 1765 1920 epi->event.events &= EP_PRIVATE_BITS; 1766 - else if (!(epi->event.events & EPOLLET)) { 1921 + __llist_add(n, &txlist); 1922 + } 1923 + 1924 + llist_for_each_entry_safe(epi, tmp, txlist.first, rdllink) { 1925 + init_llist_node(&epi->rdllink); 1926 + 1927 + if (!(epi->event.events & EPOLLET)) { 1767 1928 /* 1768 - * If this file has been added with Level 1769 - * Trigger mode, we need to insert back inside 1770 - * the ready list, so that the next call to 1771 - * epoll_wait() will check again the events 1772 - * availability. At this point, no one can insert 1773 - * into ep->rdllist besides us. The epoll_ctl() 1774 - * callers are locked out by 1775 - * ep_send_events() holding "mtx" and the 1776 - * poll callback will queue them in ep->ovflist. 1929 + * If this file has been added with Level Trigger mode, we need to insert 1930 + * back inside the ready list, so that the next call to epoll_wait() will 1931 + * check again the events availability. 1777 1932 */ 1778 - list_add_tail(&epi->rdllink, &ep->rdllist); 1779 1933 ep_pm_stay_awake(epi); 1934 + epitem_ready(epi); 1780 1935 } 1781 1936 } 1782 - ep_done_scan(ep, &txlist); 1937 + 1938 + __pm_relax(ep->ws); 1783 1939 mutex_unlock(&ep->mtx); 1940 + 1941 + if (!llist_empty(&ep->rdllist)) { 1942 + if (waitqueue_active(&ep->wq)) 1943 + wake_up(&ep->wq); 1944 + } 1784 1945 1785 1946 return res; 1786 1947 } ··· 1880 2029 wait_queue_entry_t wait; 1881 2030 ktime_t expires, *to = NULL; 1882 2031 1883 - lockdep_assert_irqs_enabled(); 1884 - 1885 2032 if (timeout && (timeout->tv_sec | timeout->tv_nsec)) { 1886 2033 slack = select_estimate_accuracy(timeout); 1887 2034 to = &expires; ··· 1939 2090 init_wait(&wait); 1940 2091 wait.func = ep_autoremove_wake_function; 1941 2092 1942 - write_lock_irq(&ep->lock); 1943 - /* 1944 - * Barrierless variant, waitqueue_active() is called under 1945 - * the same lock on wakeup ep_poll_callback() side, so it 1946 - * is safe to avoid an explicit barrier. 1947 - */ 1948 - __set_current_state(TASK_INTERRUPTIBLE); 2093 + prepare_to_wait_exclusive(&ep->wq, &wait, TASK_INTERRUPTIBLE); 1949 2094 1950 - /* 1951 - * Do the final check under the lock. ep_start/done_scan() 1952 - * plays with two lists (->rdllist and ->ovflist) and there 1953 - * is always a race when both lists are empty for short 1954 - * period of time although events are pending, so lock is 1955 - * important. 1956 - */ 1957 - eavail = ep_events_available(ep); 1958 - if (!eavail) 1959 - __add_wait_queue_exclusive(&ep->wq, &wait); 1960 - 1961 - write_unlock_irq(&ep->lock); 1962 - 1963 - if (!eavail) 2095 + if (!ep_events_available(ep)) 1964 2096 timed_out = !ep_schedule_timeout(to) || 1965 2097 !schedule_hrtimeout_range(to, slack, 1966 2098 HRTIMER_MODE_ABS); 1967 - __set_current_state(TASK_RUNNING); 1968 2099 1969 - /* 1970 - * We were woken up, thus go and try to harvest some events. 1971 - * If timed out and still on the wait queue, recheck eavail 1972 - * carefully under lock, below. 1973 - */ 1974 - eavail = 1; 1975 - 1976 - if (!list_empty_careful(&wait.entry)) { 1977 - write_lock_irq(&ep->lock); 1978 - /* 1979 - * If the thread timed out and is not on the wait queue, 1980 - * it means that the thread was woken up after its 1981 - * timeout expired before it could reacquire the lock. 1982 - * Thus, when wait.entry is empty, it needs to harvest 1983 - * events. 1984 - */ 1985 - if (timed_out) 1986 - eavail = list_empty(&wait.entry); 1987 - __remove_wait_queue(&ep->wq, &wait); 1988 - write_unlock_irq(&ep->lock); 1989 - } 2100 + finish_wait(&ep->wq, &wait); 2101 + eavail = ep_events_available(ep); 1990 2102 } 1991 2103 } 1992 2104

+7 -2

fs/exec.c

··· 114 114 115 115 bool path_noexec(const struct path *path) 116 116 { 117 + /* If it's an anonymous inode make sure that we catch any shenanigans. */ 118 + VFS_WARN_ON_ONCE(IS_ANON_FILE(d_inode(path->dentry)) && 119 + !(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC)); 117 120 return (path->mnt->mnt_flags & MNT_NOEXEC) || 118 121 (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); 119 122 } ··· 784 781 if (IS_ERR(file)) 785 782 return file; 786 783 784 + if (path_noexec(&file->f_path)) 785 + return ERR_PTR(-EACCES); 786 + 787 787 /* 788 788 * In the past the regular type check was here. It moved to may_open() in 789 789 * 633fb6ac3980 ("exec: move S_ISREG() check earlier"). Since then it is 790 790 * an invariant that all non-regular files error out before we get here. 791 791 */ 792 - if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode)) || 793 - path_noexec(&file->f_path)) 792 + if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode))) 794 793 return ERR_PTR(-EACCES); 795 794 796 795 err = exe_file_deny_write_access(file);

+2 -3

fs/fuse/file.c

··· 1147 1147 static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia, 1148 1148 struct address_space *mapping, 1149 1149 struct iov_iter *ii, loff_t pos, 1150 - unsigned int max_pages) 1150 + unsigned int max_folios) 1151 1151 { 1152 1152 struct fuse_args_pages *ap = &ia->ap; 1153 1153 struct fuse_conn *fc = get_fuse_conn(mapping->host); ··· 1157 1157 int err = 0; 1158 1158 1159 1159 num = min(iov_iter_count(ii), fc->max_write); 1160 - num = min(num, max_pages << PAGE_SHIFT); 1161 1160 1162 1161 ap->args.in_pages = true; 1163 1162 ap->descs[0].offset = offset; 1164 1163 1165 - while (num) { 1164 + while (num && ap->num_folios < max_folios) { 1166 1165 size_t tmp; 1167 1166 struct folio *folio; 1168 1167 pgoff_t index = pos >> PAGE_SHIFT;

+3 -5

fs/libfs.c

··· 1649 1649 */ 1650 1650 inode->i_state = I_DIRTY; 1651 1651 /* 1652 - * Historically anonymous inodes didn't have a type at all and 1653 - * userspace has come to rely on this. Internally they're just 1654 - * regular files but S_IFREG is masked off when reporting 1655 - * information to userspace. 1652 + * Historically anonymous inodes don't have a type at all and 1653 + * userspace has come to rely on this. 1656 1654 */ 1657 - inode->i_mode = S_IFREG | S_IRUSR | S_IWUSR; 1655 + inode->i_mode = S_IRUSR | S_IWUSR; 1658 1656 inode->i_uid = current_fsuid(); 1659 1657 inode->i_gid = current_fsgid(); 1660 1658 inode->i_flags |= S_PRIVATE | S_ANON_INODE;

+1 -1

fs/namei.c

··· 3480 3480 return -EACCES; 3481 3481 break; 3482 3482 default: 3483 - VFS_BUG_ON_INODE(1, inode); 3483 + VFS_BUG_ON_INODE(!IS_ANON_FILE(inode), inode); 3484 3484 } 3485 3485 3486 3486 error = inode_permission(idmap, inode, MAY_OPEN | acc_mode);

+23 -15

fs/netfs/buffered_write.c

··· 53 53 * data written into the pagecache until we can find out from the server what 54 54 * the values actually are. 55 55 */ 56 - static void netfs_update_i_size(struct netfs_inode *ctx, struct inode *inode, 57 - loff_t i_size, loff_t pos, size_t copied) 56 + void netfs_update_i_size(struct netfs_inode *ctx, struct inode *inode, 57 + loff_t pos, size_t copied) 58 58 { 59 + loff_t i_size, end = pos + copied; 59 60 blkcnt_t add; 60 61 size_t gap; 61 62 63 + if (end <= i_size_read(inode)) 64 + return; 65 + 62 66 if (ctx->ops->update_i_size) { 63 - ctx->ops->update_i_size(inode, pos); 67 + ctx->ops->update_i_size(inode, end); 64 68 return; 65 69 } 66 70 67 - i_size_write(inode, pos); 71 + spin_lock(&inode->i_lock); 72 + 73 + i_size = i_size_read(inode); 74 + if (end > i_size) { 75 + i_size_write(inode, end); 68 76 #if IS_ENABLED(CONFIG_FSCACHE) 69 - fscache_update_cookie(ctx->cache, NULL, &pos); 77 + fscache_update_cookie(ctx->cache, NULL, &end); 70 78 #endif 71 79 72 - gap = SECTOR_SIZE - (i_size & (SECTOR_SIZE - 1)); 73 - if (copied > gap) { 74 - add = DIV_ROUND_UP(copied - gap, SECTOR_SIZE); 80 + gap = SECTOR_SIZE - (i_size & (SECTOR_SIZE - 1)); 81 + if (copied > gap) { 82 + add = DIV_ROUND_UP(copied - gap, SECTOR_SIZE); 75 83 76 - inode->i_blocks = min_t(blkcnt_t, 77 - DIV_ROUND_UP(pos, SECTOR_SIZE), 78 - inode->i_blocks + add); 84 + inode->i_blocks = min_t(blkcnt_t, 85 + DIV_ROUND_UP(end, SECTOR_SIZE), 86 + inode->i_blocks + add); 87 + } 79 88 } 89 + spin_unlock(&inode->i_lock); 80 90 } 81 91 82 92 /** ··· 121 111 struct folio *folio = NULL, *writethrough = NULL; 122 112 unsigned int bdp_flags = (iocb->ki_flags & IOCB_NOWAIT) ? BDP_ASYNC : 0; 123 113 ssize_t written = 0, ret, ret2; 124 - loff_t i_size, pos = iocb->ki_pos; 114 + loff_t pos = iocb->ki_pos; 125 115 size_t max_chunk = mapping_max_folio_size(mapping); 126 116 bool maybe_trouble = false; 127 117 ··· 354 344 flush_dcache_folio(folio); 355 345 356 346 /* Update the inode size if we moved the EOF marker */ 347 + netfs_update_i_size(ctx, inode, pos, copied); 357 348 pos += copied; 358 - i_size = i_size_read(inode); 359 - if (pos > i_size) 360 - netfs_update_i_size(ctx, inode, i_size, pos, copied); 361 349 written += copied; 362 350 363 351 if (likely(!wreq)) {

-16

fs/netfs/direct_write.c

··· 9 9 #include <linux/uio.h> 10 10 #include "internal.h" 11 11 12 - static void netfs_cleanup_dio_write(struct netfs_io_request *wreq) 13 - { 14 - struct inode *inode = wreq->inode; 15 - unsigned long long end = wreq->start + wreq->transferred; 16 - 17 - if (!wreq->error && 18 - i_size_read(inode) < end) { 19 - if (wreq->netfs_ops->update_i_size) 20 - wreq->netfs_ops->update_i_size(inode, end); 21 - else 22 - i_size_write(inode, end); 23 - } 24 - } 25 - 26 12 /* 27 13 * Perform an unbuffered write where we may have to do an RMW operation on an 28 14 * encrypted file. This can also be used for direct I/O writes. ··· 84 98 if (async) 85 99 wreq->iocb = iocb; 86 100 wreq->len = iov_iter_count(&wreq->buffer.iter); 87 - wreq->cleanup = netfs_cleanup_dio_write; 88 101 ret = netfs_unbuffered_write(wreq, is_sync_kiocb(iocb), wreq->len); 89 102 if (ret < 0) { 90 103 _debug("begin = %zd", ret); ··· 91 106 } 92 107 93 108 if (!async) { 94 - trace_netfs_rreq(wreq, netfs_rreq_trace_wait_ip); 95 109 ret = netfs_wait_for_write(wreq); 96 110 if (ret > 0) 97 111 iocb->ki_pos += ret;

+25 -1

fs/netfs/internal.h

··· 28 28 size_t offset, size_t len); 29 29 30 30 /* 31 + * buffered_write.c 32 + */ 33 + void netfs_update_i_size(struct netfs_inode *ctx, struct inode *inode, 34 + loff_t pos, size_t copied); 35 + 36 + /* 31 37 * main.c 32 38 */ 33 39 extern unsigned int netfs_debug; ··· 273 267 enum netfs_rreq_trace trace) 274 268 { 275 269 if (test_bit(rreq_flag, &rreq->flags)) { 276 - trace_netfs_rreq(rreq, trace); 277 270 clear_bit_unlock(rreq_flag, &rreq->flags); 278 271 smp_mb__after_atomic(); /* Set flag before task state */ 272 + trace_netfs_rreq(rreq, trace); 279 273 wake_up(&rreq->waitq); 280 274 } 275 + } 276 + 277 + /* 278 + * Test the NETFS_RREQ_IN_PROGRESS flag, inserting an appropriate barrier. 279 + */ 280 + static inline bool netfs_check_rreq_in_progress(const struct netfs_io_request *rreq) 281 + { 282 + /* Order read of flags before read of anything else, such as error. */ 283 + return test_bit_acquire(NETFS_RREQ_IN_PROGRESS, &rreq->flags); 284 + } 285 + 286 + /* 287 + * Test the NETFS_SREQ_IN_PROGRESS flag, inserting an appropriate barrier. 288 + */ 289 + static inline bool netfs_check_subreq_in_progress(const struct netfs_io_subrequest *subreq) 290 + { 291 + /* Order read of flags before read of anything else, such as error. */ 292 + return test_bit_acquire(NETFS_SREQ_IN_PROGRESS, &subreq->flags); 281 293 } 282 294 283 295 /*

+3 -3

fs/netfs/main.c

··· 58 58 59 59 if (v == &netfs_io_requests) { 60 60 seq_puts(m, 61 - "REQUEST OR REF FL ERR OPS COVERAGE\n" 62 - "======== == === == ==== === =========\n" 61 + "REQUEST OR REF FLAG ERR OPS COVERAGE\n" 62 + "======== == === ==== ==== === =========\n" 63 63 ); 64 64 return 0; 65 65 } 66 66 67 67 rreq = list_entry(v, struct netfs_io_request, proc_link); 68 68 seq_printf(m, 69 - "%08x %s %3d %2lx %4ld %3d @%04llx %llx/%llx", 69 + "%08x %s %3d %4lx %4ld %3d @%04llx %llx/%llx", 70 70 rreq->debug_id, 71 71 netfs_origins[rreq->origin], 72 72 refcount_read(&rreq->ref),

+31 -19

fs/netfs/misc.c

··· 356 356 DEFINE_WAIT(myself); 357 357 358 358 list_for_each_entry(subreq, &stream->subrequests, rreq_link) { 359 - if (!test_bit(NETFS_SREQ_IN_PROGRESS, &subreq->flags)) 359 + if (!netfs_check_subreq_in_progress(subreq)) 360 360 continue; 361 361 362 - trace_netfs_rreq(rreq, netfs_rreq_trace_wait_queue); 362 + trace_netfs_rreq(rreq, netfs_rreq_trace_wait_quiesce); 363 363 for (;;) { 364 364 prepare_to_wait(&rreq->waitq, &myself, TASK_UNINTERRUPTIBLE); 365 365 366 - if (!test_bit(NETFS_SREQ_IN_PROGRESS, &subreq->flags)) 366 + if (!netfs_check_subreq_in_progress(subreq)) 367 367 break; 368 368 369 369 trace_netfs_sreq(subreq, netfs_sreq_trace_wait_for); 370 370 schedule(); 371 - trace_netfs_rreq(rreq, netfs_rreq_trace_woke_queue); 372 371 } 373 372 } 374 373 374 + trace_netfs_rreq(rreq, netfs_rreq_trace_waited_quiesce); 375 375 finish_wait(&rreq->waitq, &myself); 376 376 } 377 377 ··· 381 381 static int netfs_collect_in_app(struct netfs_io_request *rreq, 382 382 bool (*collector)(struct netfs_io_request *rreq)) 383 383 { 384 - bool need_collect = false, inactive = true; 384 + bool need_collect = false, inactive = true, done = true; 385 + 386 + if (!netfs_check_rreq_in_progress(rreq)) { 387 + trace_netfs_rreq(rreq, netfs_rreq_trace_recollect); 388 + return 1; /* Done */ 389 + } 385 390 386 391 for (int i = 0; i < NR_IO_STREAMS; i++) { 387 392 struct netfs_io_subrequest *subreq; ··· 400 395 struct netfs_io_subrequest, 401 396 rreq_link); 402 397 if (subreq && 403 - (!test_bit(NETFS_SREQ_IN_PROGRESS, &subreq->flags) || 398 + (!netfs_check_subreq_in_progress(subreq) || 404 399 test_bit(NETFS_SREQ_MADE_PROGRESS, &subreq->flags))) { 405 400 need_collect = true; 406 401 break; 407 402 } 403 + if (subreq || !test_bit(NETFS_RREQ_ALL_QUEUED, &rreq->flags)) 404 + done = false; 408 405 } 409 406 410 - if (!need_collect && !inactive) 407 + if (!need_collect && !inactive && !done) 411 408 return 0; /* Sleep */ 412 409 413 410 __set_current_state(TASK_RUNNING); ··· 430 423 /* 431 424 * Wait for a request to complete, successfully or otherwise. 432 425 */ 433 - static ssize_t netfs_wait_for_request(struct netfs_io_request *rreq, 434 - bool (*collector)(struct netfs_io_request *rreq)) 426 + static ssize_t netfs_wait_for_in_progress(struct netfs_io_request *rreq, 427 + bool (*collector)(struct netfs_io_request *rreq)) 435 428 { 436 429 DEFINE_WAIT(myself); 437 430 ssize_t ret; 438 431 439 432 for (;;) { 440 - trace_netfs_rreq(rreq, netfs_rreq_trace_wait_queue); 441 433 prepare_to_wait(&rreq->waitq, &myself, TASK_UNINTERRUPTIBLE); 442 434 443 435 if (!test_bit(NETFS_RREQ_OFFLOAD_COLLECTION, &rreq->flags)) { ··· 446 440 case 1: 447 441 goto all_collected; 448 442 case 2: 443 + if (!netfs_check_rreq_in_progress(rreq)) 444 + break; 445 + cond_resched(); 449 446 continue; 450 447 } 451 448 } 452 449 453 - if (!test_bit(NETFS_RREQ_IN_PROGRESS, &rreq->flags)) 450 + if (!netfs_check_rreq_in_progress(rreq)) 454 451 break; 455 452 453 + trace_netfs_rreq(rreq, netfs_rreq_trace_wait_ip); 456 454 schedule(); 457 - trace_netfs_rreq(rreq, netfs_rreq_trace_woke_queue); 458 455 } 459 456 460 457 all_collected: 458 + trace_netfs_rreq(rreq, netfs_rreq_trace_waited_ip); 461 459 finish_wait(&rreq->waitq, &myself); 462 460 463 461 ret = rreq->error; ··· 488 478 489 479 ssize_t netfs_wait_for_read(struct netfs_io_request *rreq) 490 480 { 491 - return netfs_wait_for_request(rreq, netfs_read_collection); 481 + return netfs_wait_for_in_progress(rreq, netfs_read_collection); 492 482 } 493 483 494 484 ssize_t netfs_wait_for_write(struct netfs_io_request *rreq) 495 485 { 496 - return netfs_wait_for_request(rreq, netfs_write_collection); 486 + return netfs_wait_for_in_progress(rreq, netfs_write_collection); 497 487 } 498 488 499 489 /* ··· 504 494 { 505 495 DEFINE_WAIT(myself); 506 496 507 - trace_netfs_rreq(rreq, netfs_rreq_trace_wait_pause); 508 - 509 497 for (;;) { 510 - trace_netfs_rreq(rreq, netfs_rreq_trace_wait_queue); 498 + trace_netfs_rreq(rreq, netfs_rreq_trace_wait_pause); 511 499 prepare_to_wait(&rreq->waitq, &myself, TASK_UNINTERRUPTIBLE); 512 500 513 501 if (!test_bit(NETFS_RREQ_OFFLOAD_COLLECTION, &rreq->flags)) { ··· 515 507 case 1: 516 508 goto all_collected; 517 509 case 2: 510 + if (!netfs_check_rreq_in_progress(rreq) || 511 + !test_bit(NETFS_RREQ_PAUSE, &rreq->flags)) 512 + break; 513 + cond_resched(); 518 514 continue; 519 515 } 520 516 } 521 517 522 - if (!test_bit(NETFS_RREQ_IN_PROGRESS, &rreq->flags) || 518 + if (!netfs_check_rreq_in_progress(rreq) || 523 519 !test_bit(NETFS_RREQ_PAUSE, &rreq->flags)) 524 520 break; 525 521 526 522 schedule(); 527 - trace_netfs_rreq(rreq, netfs_rreq_trace_woke_queue); 528 523 } 529 524 530 525 all_collected: 526 + trace_netfs_rreq(rreq, netfs_rreq_trace_waited_pause); 531 527 finish_wait(&rreq->waitq, &myself); 532 528 } 533 529

+11 -5

fs/netfs/read_collect.c

··· 218 218 stream->collected_to = front->start; 219 219 } 220 220 221 - if (test_bit(NETFS_SREQ_IN_PROGRESS, &front->flags)) 221 + if (netfs_check_subreq_in_progress(front)) 222 222 notes |= HIT_PENDING; 223 223 smp_rmb(); /* Read counters after IN_PROGRESS flag. */ 224 224 transferred = READ_ONCE(front->transferred); ··· 293 293 spin_lock(&rreq->lock); 294 294 295 295 remove = front; 296 - trace_netfs_sreq(front, netfs_sreq_trace_discard); 296 + trace_netfs_sreq(front, 297 + notes & ABANDON_SREQ ? 298 + netfs_sreq_trace_abandoned : netfs_sreq_trace_consumed); 297 299 list_del_init(&front->rreq_link); 298 300 front = list_first_entry_or_null(&stream->subrequests, 299 301 struct netfs_io_subrequest, rreq_link); ··· 355 353 356 354 if (rreq->iocb) { 357 355 rreq->iocb->ki_pos += rreq->transferred; 358 - if (rreq->iocb->ki_complete) 356 + if (rreq->iocb->ki_complete) { 357 + trace_netfs_rreq(rreq, netfs_rreq_trace_ki_complete); 359 358 rreq->iocb->ki_complete( 360 359 rreq->iocb, rreq->error ? rreq->error : rreq->transferred); 360 + } 361 361 } 362 362 if (rreq->netfs_ops->done) 363 363 rreq->netfs_ops->done(rreq); ··· 383 379 384 380 if (rreq->iocb) { 385 381 rreq->iocb->ki_pos += rreq->transferred; 386 - if (rreq->iocb->ki_complete) 382 + if (rreq->iocb->ki_complete) { 383 + trace_netfs_rreq(rreq, netfs_rreq_trace_ki_complete); 387 384 rreq->iocb->ki_complete( 388 385 rreq->iocb, rreq->error ? rreq->error : rreq->transferred); 386 + } 389 387 } 390 388 if (rreq->netfs_ops->done) 391 389 rreq->netfs_ops->done(rreq); ··· 451 445 struct netfs_io_request *rreq = container_of(work, struct netfs_io_request, work); 452 446 453 447 netfs_see_request(rreq, netfs_rreq_trace_see_work); 454 - if (test_bit(NETFS_RREQ_IN_PROGRESS, &rreq->flags)) { 448 + if (netfs_check_rreq_in_progress(rreq)) { 455 449 if (netfs_read_collection(rreq)) 456 450 /* Drop the ref from the IN_PROGRESS flag. */ 457 451 netfs_put_request(rreq, netfs_rreq_trace_put_work_ip);

+9 -5

fs/netfs/write_collect.c

··· 240 240 } 241 241 242 242 /* Stall if the front is still undergoing I/O. */ 243 - if (test_bit(NETFS_SREQ_IN_PROGRESS, &front->flags)) { 243 + if (netfs_check_subreq_in_progress(front)) { 244 244 notes |= HIT_PENDING; 245 245 break; 246 246 } ··· 393 393 ictx->ops->invalidate_cache(wreq); 394 394 } 395 395 396 - if (wreq->cleanup) 397 - wreq->cleanup(wreq); 396 + if ((wreq->origin == NETFS_UNBUFFERED_WRITE || 397 + wreq->origin == NETFS_DIO_WRITE) && 398 + !wreq->error) 399 + netfs_update_i_size(ictx, &ictx->inode, wreq->start, wreq->transferred); 398 400 399 401 if (wreq->origin == NETFS_DIO_WRITE && 400 402 wreq->mapping->nrpages) { ··· 421 419 if (wreq->iocb) { 422 420 size_t written = min(wreq->transferred, wreq->len); 423 421 wreq->iocb->ki_pos += written; 424 - if (wreq->iocb->ki_complete) 422 + if (wreq->iocb->ki_complete) { 423 + trace_netfs_rreq(wreq, netfs_rreq_trace_ki_complete); 425 424 wreq->iocb->ki_complete( 426 425 wreq->iocb, wreq->error ? wreq->error : written); 426 + } 427 427 wreq->iocb = VFS_PTR_POISON; 428 428 } 429 429 ··· 438 434 struct netfs_io_request *rreq = container_of(work, struct netfs_io_request, work); 439 435 440 436 netfs_see_request(rreq, netfs_rreq_trace_see_work); 441 - if (test_bit(NETFS_RREQ_IN_PROGRESS, &rreq->flags)) { 437 + if (netfs_check_rreq_in_progress(rreq)) { 442 438 if (netfs_write_collection(rreq)) 443 439 /* Drop the ref from the IN_PROGRESS flag. */ 444 440 netfs_put_request(rreq, netfs_rreq_trace_put_work_ip);

+1 -2

fs/netfs/write_retry.c

··· 146 146 subreq = netfs_alloc_subrequest(wreq); 147 147 subreq->source = to->source; 148 148 subreq->start = start; 149 - subreq->debug_index = atomic_inc_return(&wreq->subreq_counter); 150 149 subreq->stream_nr = to->stream_nr; 151 150 subreq->retry_count = 1; 152 151 153 152 trace_netfs_sreq_ref(wreq->debug_id, subreq->debug_index, 154 153 refcount_read(&subreq->ref), 155 154 netfs_sreq_trace_new); 156 - netfs_get_subrequest(subreq, netfs_sreq_trace_get_resubmit); 155 + trace_netfs_sreq(subreq, netfs_sreq_trace_split); 157 156 158 157 list_add(&subreq->rreq_link, &to->rreq_link); 159 158 to = list_next_entry(to, rreq_link);

+24 -2

fs/smb/client/cifssmb.c

··· 1334 1334 cifs_stats_bytes_read(tcon, rdata->got_bytes); 1335 1335 break; 1336 1336 case MID_REQUEST_SUBMITTED: 1337 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_req_submitted); 1338 + goto do_retry; 1337 1339 case MID_RETRY_NEEDED: 1340 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_retry_needed); 1341 + do_retry: 1342 + __set_bit(NETFS_SREQ_NEED_RETRY, &rdata->subreq.flags); 1338 1343 rdata->result = -EAGAIN; 1339 1344 if (server->sign && rdata->got_bytes) 1340 1345 /* reset bytes number since we can not check a sign */ ··· 1348 1343 task_io_account_read(rdata->got_bytes); 1349 1344 cifs_stats_bytes_read(tcon, rdata->got_bytes); 1350 1345 break; 1351 - default: 1346 + case MID_RESPONSE_MALFORMED: 1347 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_malformed); 1352 1348 rdata->result = -EIO; 1349 + break; 1350 + default: 1351 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_unknown); 1352 + rdata->result = -EIO; 1353 + break; 1353 1354 } 1354 1355 1355 1356 if (rdata->result == -ENODATA) { ··· 1724 1713 } 1725 1714 break; 1726 1715 case MID_REQUEST_SUBMITTED: 1727 - case MID_RETRY_NEEDED: 1716 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_req_submitted); 1717 + __set_bit(NETFS_SREQ_NEED_RETRY, &wdata->subreq.flags); 1728 1718 result = -EAGAIN; 1729 1719 break; 1720 + case MID_RETRY_NEEDED: 1721 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_retry_needed); 1722 + __set_bit(NETFS_SREQ_NEED_RETRY, &wdata->subreq.flags); 1723 + result = -EAGAIN; 1724 + break; 1725 + case MID_RESPONSE_MALFORMED: 1726 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_malformed); 1727 + result = -EIO; 1728 + break; 1730 1729 default: 1730 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_unknown); 1731 1731 result = -EIO; 1732 1732 break; 1733 1733 }

+24 -5

fs/smb/client/smb2pdu.c

··· 4567 4567 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4568 4568 break; 4569 4569 case MID_REQUEST_SUBMITTED: 4570 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_req_submitted); 4571 + goto do_retry; 4570 4572 case MID_RETRY_NEEDED: 4573 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_retry_needed); 4574 + do_retry: 4571 4575 __set_bit(NETFS_SREQ_NEED_RETRY, &rdata->subreq.flags); 4572 4576 rdata->result = -EAGAIN; 4573 4577 if (server->sign && rdata->got_bytes) ··· 4582 4578 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4583 4579 break; 4584 4580 case MID_RESPONSE_MALFORMED: 4581 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_malformed); 4585 4582 credits.value = le16_to_cpu(shdr->CreditRequest); 4586 4583 credits.instance = server->reconnect_instance; 4587 - fallthrough; 4588 - default: 4589 4584 rdata->result = -EIO; 4585 + break; 4586 + default: 4587 + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_unknown); 4588 + rdata->result = -EIO; 4589 + break; 4590 4590 } 4591 4591 #ifdef CONFIG_CIFS_SMB_DIRECT 4592 4592 /* ··· 4843 4835 4844 4836 switch (mid->mid_state) { 4845 4837 case MID_RESPONSE_RECEIVED: 4838 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_progress); 4846 4839 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4847 4840 credits.instance = server->reconnect_instance; 4848 4841 result = smb2_check_receive(mid, server, 0); 4849 - if (result != 0) 4842 + if (result != 0) { 4843 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_bad); 4850 4844 break; 4845 + } 4851 4846 4852 4847 written = le32_to_cpu(rsp->DataLength); 4853 4848 /* ··· 4872 4861 } 4873 4862 break; 4874 4863 case MID_REQUEST_SUBMITTED: 4864 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_req_submitted); 4865 + __set_bit(NETFS_SREQ_NEED_RETRY, &wdata->subreq.flags); 4866 + result = -EAGAIN; 4867 + break; 4875 4868 case MID_RETRY_NEEDED: 4869 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_retry_needed); 4870 + __set_bit(NETFS_SREQ_NEED_RETRY, &wdata->subreq.flags); 4876 4871 result = -EAGAIN; 4877 4872 break; 4878 4873 case MID_RESPONSE_MALFORMED: 4874 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_malformed); 4879 4875 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4880 4876 credits.instance = server->reconnect_instance; 4881 - fallthrough; 4877 + result = -EIO; 4878 + break; 4882 4879 default: 4880 + trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_unknown); 4883 4881 result = -EIO; 4884 4882 break; 4885 4883 } ··· 4928 4908 server->credits, server->in_flight, 4929 4909 0, cifs_trace_rw_credits_write_response_clear); 4930 4910 wdata->credits.value = 0; 4931 - trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_progress); 4932 4911 cifs_write_subrequest_terminated(wdata, result ?: written); 4933 4912 release_mid(mid); 4934 4913 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, 0,

include/linux/fs.h

··· 3608 3608 extern const struct address_space_operations ram_aops; 3609 3609 extern int always_delete_dentry(const struct dentry *); 3610 3610 extern struct inode *alloc_anon_inode(struct super_block *); 3611 + struct inode *anon_inode_make_secure_inode(struct super_block *sb, const char *name, 3612 + const struct inode *context_inode); 3611 3613 extern int simple_nosetlease(struct file *, int, struct file_lease **, void **); 3612 3614 extern const struct dentry_operations simple_dentry_operations; 3613 3615

+10 -11

include/linux/netfs.h

··· 265 265 bool direct_bv_unpin; /* T if direct_bv[] must be unpinned */ 266 266 refcount_t ref; 267 267 unsigned long flags; 268 - #define NETFS_RREQ_OFFLOAD_COLLECTION 0 /* Offload collection to workqueue */ 269 - #define NETFS_RREQ_NO_UNLOCK_FOLIO 2 /* Don't unlock no_unlock_folio on completion */ 270 - #define NETFS_RREQ_FAILED 4 /* The request failed */ 271 - #define NETFS_RREQ_IN_PROGRESS 5 /* Unlocked when the request completes (has ref) */ 272 - #define NETFS_RREQ_FOLIO_COPY_TO_CACHE 6 /* Copy current folio to cache from read */ 273 - #define NETFS_RREQ_UPLOAD_TO_SERVER 8 /* Need to write to the server */ 274 - #define NETFS_RREQ_PAUSE 11 /* Pause subrequest generation */ 268 + #define NETFS_RREQ_IN_PROGRESS 0 /* Unlocked when the request completes (has ref) */ 269 + #define NETFS_RREQ_ALL_QUEUED 1 /* All subreqs are now queued */ 270 + #define NETFS_RREQ_PAUSE 2 /* Pause subrequest generation */ 271 + #define NETFS_RREQ_FAILED 3 /* The request failed */ 272 + #define NETFS_RREQ_RETRYING 4 /* Set if we're in the retry path */ 273 + #define NETFS_RREQ_SHORT_TRANSFER 5 /* Set if we have a short transfer */ 274 + #define NETFS_RREQ_OFFLOAD_COLLECTION 8 /* Offload collection to workqueue */ 275 + #define NETFS_RREQ_NO_UNLOCK_FOLIO 9 /* Don't unlock no_unlock_folio on completion */ 276 + #define NETFS_RREQ_FOLIO_COPY_TO_CACHE 10 /* Copy current folio to cache from read */ 277 + #define NETFS_RREQ_UPLOAD_TO_SERVER 11 /* Need to write to the server */ 275 278 #define NETFS_RREQ_USE_IO_ITER 12 /* Use ->io_iter rather than ->i_pages */ 276 - #define NETFS_RREQ_ALL_QUEUED 13 /* All subreqs are now queued */ 277 - #define NETFS_RREQ_RETRYING 14 /* Set if we're in the retry path */ 278 - #define NETFS_RREQ_SHORT_TRANSFER 15 /* Set if we have a short transfer */ 279 279 #define NETFS_RREQ_USE_PGPRIV2 31 /* [DEPRECATED] Use PG_private_2 to mark 280 280 * write to cache on read */ 281 281 const struct netfs_request_ops *netfs_ops; 282 - void (*cleanup)(struct netfs_io_request *req); 283 282 }; 284 283 285 284 /*

+20 -9

include/trace/events/netfs.h

··· 50 50 51 51 #define netfs_rreq_traces \ 52 52 EM(netfs_rreq_trace_assess, "ASSESS ") \ 53 - EM(netfs_rreq_trace_copy, "COPY ") \ 54 53 EM(netfs_rreq_trace_collect, "COLLECT") \ 55 54 EM(netfs_rreq_trace_complete, "COMPLET") \ 55 + EM(netfs_rreq_trace_copy, "COPY ") \ 56 56 EM(netfs_rreq_trace_dirty, "DIRTY ") \ 57 57 EM(netfs_rreq_trace_done, "DONE ") \ 58 58 EM(netfs_rreq_trace_free, "FREE ") \ 59 + EM(netfs_rreq_trace_ki_complete, "KI-CMPL") \ 60 + EM(netfs_rreq_trace_recollect, "RECLLCT") \ 59 61 EM(netfs_rreq_trace_redirty, "REDIRTY") \ 60 62 EM(netfs_rreq_trace_resubmit, "RESUBMT") \ 61 63 EM(netfs_rreq_trace_set_abandon, "S-ABNDN") \ ··· 65 63 EM(netfs_rreq_trace_unlock, "UNLOCK ") \ 66 64 EM(netfs_rreq_trace_unlock_pgpriv2, "UNLCK-2") \ 67 65 EM(netfs_rreq_trace_unmark, "UNMARK ") \ 66 + EM(netfs_rreq_trace_unpause, "UNPAUSE") \ 68 67 EM(netfs_rreq_trace_wait_ip, "WAIT-IP") \ 69 - EM(netfs_rreq_trace_wait_pause, "WT-PAUS") \ 70 - EM(netfs_rreq_trace_wait_queue, "WAIT-Q ") \ 68 + EM(netfs_rreq_trace_wait_pause, "--PAUSED--") \ 69 + EM(netfs_rreq_trace_wait_quiesce, "WAIT-QUIESCE") \ 70 + EM(netfs_rreq_trace_waited_ip, "DONE-IP") \ 71 + EM(netfs_rreq_trace_waited_pause, "--UNPAUSED--") \ 72 + EM(netfs_rreq_trace_waited_quiesce, "DONE-QUIESCE") \ 71 73 EM(netfs_rreq_trace_wake_ip, "WAKE-IP") \ 72 74 EM(netfs_rreq_trace_wake_queue, "WAKE-Q ") \ 73 - EM(netfs_rreq_trace_woke_queue, "WOKE-Q ") \ 74 - EM(netfs_rreq_trace_unpause, "UNPAUSE") \ 75 75 E_(netfs_rreq_trace_write_done, "WR-DONE") 76 76 77 77 #define netfs_sreq_sources \ ··· 86 82 E_(NETFS_WRITE_TO_CACHE, "WRIT") 87 83 88 84 #define netfs_sreq_traces \ 85 + EM(netfs_sreq_trace_abandoned, "ABNDN") \ 89 86 EM(netfs_sreq_trace_add_donations, "+DON ") \ 90 87 EM(netfs_sreq_trace_added, "ADD ") \ 91 88 EM(netfs_sreq_trace_cache_nowrite, "CA-NW") \ ··· 94 89 EM(netfs_sreq_trace_cache_write, "CA-WR") \ 95 90 EM(netfs_sreq_trace_cancel, "CANCL") \ 96 91 EM(netfs_sreq_trace_clear, "CLEAR") \ 92 + EM(netfs_sreq_trace_consumed, "CONSM") \ 97 93 EM(netfs_sreq_trace_discard, "DSCRD") \ 98 94 EM(netfs_sreq_trace_donate_to_prev, "DON-P") \ 99 95 EM(netfs_sreq_trace_donate_to_next, "DON-N") \ ··· 102 96 EM(netfs_sreq_trace_fail, "FAIL ") \ 103 97 EM(netfs_sreq_trace_free, "FREE ") \ 104 98 EM(netfs_sreq_trace_hit_eof, "EOF ") \ 105 - EM(netfs_sreq_trace_io_progress, "IO ") \ 99 + EM(netfs_sreq_trace_io_bad, "I-BAD") \ 100 + EM(netfs_sreq_trace_io_malformed, "I-MLF") \ 101 + EM(netfs_sreq_trace_io_unknown, "I-UNK") \ 102 + EM(netfs_sreq_trace_io_progress, "I-OK ") \ 103 + EM(netfs_sreq_trace_io_req_submitted, "I-RSB") \ 104 + EM(netfs_sreq_trace_io_retry_needed, "I-RTR") \ 106 105 EM(netfs_sreq_trace_limited, "LIMIT") \ 107 106 EM(netfs_sreq_trace_need_clear, "N-CLR") \ 108 107 EM(netfs_sreq_trace_partial_read, "PARTR") \ ··· 153 142 154 143 #define netfs_sreq_ref_traces \ 155 144 EM(netfs_sreq_trace_get_copy_to_cache, "GET COPY2C ") \ 156 - EM(netfs_sreq_trace_get_resubmit, "GET RESUBMIT") \ 157 - EM(netfs_sreq_trace_get_submit, "GET SUBMIT") \ 145 + EM(netfs_sreq_trace_get_resubmit, "GET RESUBMT") \ 146 + EM(netfs_sreq_trace_get_submit, "GET SUBMIT ") \ 158 147 EM(netfs_sreq_trace_get_short_read, "GET SHORTRD") \ 159 148 EM(netfs_sreq_trace_new, "NEW ") \ 160 149 EM(netfs_sreq_trace_put_abandon, "PUT ABANDON") \ ··· 377 366 __entry->slot = sreq->io_iter.folioq_slot; 378 367 ), 379 368 380 - TP_printk("R=%08x[%x] %s %s f=%02x s=%llx %zx/%zx s=%u e=%d", 369 + TP_printk("R=%08x[%x] %s %s f=%03x s=%llx %zx/%zx s=%u e=%d", 381 370 __entry->rreq, __entry->index, 382 371 __print_symbolic(__entry->source, netfs_sreq_sources), 383 372 __print_symbolic(__entry->what, netfs_sreq_traces),

+1 -8

mm/secretmem.c

··· 195 195 struct file *file; 196 196 struct inode *inode; 197 197 const char *anon_name = "[secretmem]"; 198 - int err; 199 198 200 - inode = alloc_anon_inode(secretmem_mnt->mnt_sb); 199 + inode = anon_inode_make_secure_inode(secretmem_mnt->mnt_sb, anon_name, NULL); 201 200 if (IS_ERR(inode)) 202 201 return ERR_CAST(inode); 203 - 204 - err = security_inode_init_security_anon(inode, &QSTR(anon_name), NULL); 205 - if (err) { 206 - file = ERR_PTR(err); 207 - goto err_free_inode; 208 - } 209 202 210 203 file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem", 211 204 O_RDWR, &secretmem_fops);

tools/testing/selftests/coredump/stackdump_test.c

··· 461 461 _exit(EXIT_FAILURE); 462 462 } 463 463 464 + ret = read(fd_coredump, &c, 1); 465 + 464 466 close(fd_coredump); 465 467 close(fd_server); 466 468 close(fd_peer_pidfd); 467 469 close(fd_core_file); 470 + 471 + if (ret < 1) 472 + _exit(EXIT_FAILURE); 468 473 _exit(EXIT_SUCCESS); 469 474 } 470 475 self->pid_coredump_server = pid_coredump_server;

Configure Feed

Configure Feed