Re: [PATCH v5] eventfs: Remove eventfs_file and just use eventfs_inode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On 23-Nov-2023, at 4:55 PM, Heiko Carstens <hca@xxxxxxxxxxxxx> wrote:
> 
> !! External Email
> 
> On Fri, Nov 17, 2023 at 03:38:29PM +0100, Heiko Carstens wrote:
>> On Fri, Nov 17, 2023 at 03:23:35PM +0100, Heiko Carstens wrote:
>>> I think this patch causes from time to time crashes when running ftrace
>>> selftests. In particular I guess there is a bug wrt error handling in this
>>> function (see below for call trace):
>>> 
>>>> +static struct dentry *
>>>> +create_file_dentry(struct eventfs_inode *ei, struct dentry **e_dentry,
>>>> +            struct dentry *parent, const char *name, umode_t mode, void *data,
>>>> +            const struct file_operations *fops, bool lookup)
>>>> +{
>> ...
>>> Note that the compare and swap instruction within d_invalidate() generates
>>> a specification exception because it operates on an invalid address
>>> (0xffffffffffffffef), which happens to be -EEXIST. So my assumption is that
>>> create_dir_dentry() has incorrect error handling and passes -EEXIST instead
>>> of a valid dentry pointer to d_invalidate().
>>> 
>>> But I leave it up to you to figure this out :)
>> 
>> Ok, wrong function quoted of course. But the rest of my statement
>> should be correct.
> 
> So, if it helps (this still happens with Linus' master branch):
> 
> create_dir_dentry() is called with a "struct eventfs_inode *ei" (second
> parameter), which points to a data structure where "is_freed" is 1. Then it
> looks like create_dir() returned "-EEXIST". And looking at the code this
> combination then must lead to d_invalidate() incorrectly being called with
> "-EEXIST" as dentry pointer.
> 
> Now, I have no idea how the code should work, but it is quite obvious that
> something is broken :)
> 
> Here the dump of the struct eventfs_inode that was passed to
> create_file_dentry() when the crash happened:
> 
> crash> struct eventfs_inode 00000000eada7680
> struct eventfs_inode {
>  list = {
>    next = 0x10f802da0,
>    prev = 0x122
>  },
>  entries = 0x12c031328 <event_entries>,
>  name = 0x12b90bbac <__tpstrtab_xfs_alloc_vextent_exact_bno> "xfs_alloc_vextent_exact_bno",
>  children = {
>    next = 0xeada76a0,
>    prev = 0xeada76a0
>  },
>  dentry = 0x0,
>  d_parent = 0x107c75d40,
>  d_children = 0xeada5700,
>  entry_attrs = 0x0,
>  attr = {
>    mode = 0,
>    uid = {
>      val = 0
>    },
>    gid = {
>      val = 0
>    }
>  },
>  data = 0xeada6660,
>  {
>    llist = {
>      next = 0xeada7668
>    },
>    rcu = {
>      next = 0xeada7668,
>      func = 0x12ad2a5b8 <free_rcu_ei>
>    }
>  },
>  is_freed = 1,
>  nr_entries = 6
> }

Heiko, your analysis looks good to me. Seems -EEXIST is from:
https://elixir.bootlin.com/linux/v6.7-rc2/source/fs/tracefs/inode.c#L533

Steve, as per me error handling should be same for create_dir_dentry()
and create_file_dentry() or am I missing something.

-Ajay






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux