[PATCH] /proc/kcore: fix seeking

[PATCH] /proc/kcore: fix seeking

[Dave Anderson]

[-- Attachment #1: Type: text/plain, Size: 646 bytes --]

From: Dave Anderson <anderson@redhat.com>

Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
("procfs: Use generic_file_llseek in /proc/kcore")
broke seeking on /proc/kcore.  This changes it back
to use default_llseek in order to restore the original
behavior.

The problem with generic_file_llseek is that it only
allows seeks up to inode->i_sb->s_maxbytes, which is
2GB-1 on procfs, where the memory file offset values in
the /proc/kcore PT_LOAD segments may exceed or start
beyond that offset value.

A similar revert was made for /proc/vmcore.

Signed-off-by: Dave Anderson <anderson@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
--

[-- Attachment #2: kcore.patch --]
[-- Type: text/x-patch, Size: 340 bytes --]

--- linux-2.6.37/fs/proc/kcore.c.orig
+++ linux-2.6.37/fs/proc/kcore.c
@@ -558,7 +558,7 @@ static int open_kcore(struct inode *inod
 static const struct file_operations proc_kcore_operations = {
 	.read		= read_kcore,
 	.open		= open_kcore,
-	.llseek		= generic_file_llseek,
+	.llseek		= default_llseek,
 };
 
 #ifdef CONFIG_MEMORY_HOTPLUG

Re: [PATCH] /proc/kcore: fix seeking

[Frederic Weisbecker]

(Adding stable and Andrew in Cc)

On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
> From: Dave Anderson <anderson@redhat.com>
> 
> Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
> ("procfs: Use generic_file_llseek in /proc/kcore")
> broke seeking on /proc/kcore.  This changes it back
> to use default_llseek in order to restore the original
> behavior.
> 
> The problem with generic_file_llseek is that it only
> allows seeks up to inode->i_sb->s_maxbytes, which is
> 2GB-1 on procfs, where the memory file offset values in
> the /proc/kcore PT_LOAD segments may exceed or start
> beyond that offset value.
> 
> A similar revert was made for /proc/vmcore.
> 
> Signed-off-by: Dave Anderson <anderson@redhat.com>
> Cc: Frederic Weisbecker <fweisbec@gmail.com>

Acked-by: Frederic Weisbecker <fweisbec@gmail.com>

In the longer term, I guess default_llseek should disappear
and replaced with generic_file_llseek(), tweaking the sb->s_maxbytes
with the appropriate values in each filesystems.

Thanks for this fix!


> --- linux-2.6.37/fs/proc/kcore.c.orig
> +++ linux-2.6.37/fs/proc/kcore.c
> @@ -558,7 +558,7 @@ static int open_kcore(struct inode *inod
>  static const struct file_operations proc_kcore_operations = {
>  	.read		= read_kcore,
>  	.open		= open_kcore,
> -	.llseek		= generic_file_llseek,
> +	.llseek		= default_llseek,
>  };
>  
>  #ifdef CONFIG_MEMORY_HOTPLUG

Re: [PATCH] /proc/kcore: fix seeking

[Américo Wang]

On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
>From: Dave Anderson <anderson@redhat.com>
>
>Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
>("procfs: Use generic_file_llseek in /proc/kcore")
>broke seeking on /proc/kcore.  This changes it back
>to use default_llseek in order to restore the original
>behavior.
>
>The problem with generic_file_llseek is that it only
>allows seeks up to inode->i_sb->s_maxbytes, which is
>2GB-1 on procfs, where the memory file offset values in
>the /proc/kcore PT_LOAD segments may exceed or start
>beyond that offset value.
>

Is the race solved? Using default_llseek() still races
with read_kcore() on fpos, AFAIK.


-- 
Live like a child, think like the god.
 

Re: [PATCH] /proc/kcore: fix seeking

[Frederic Weisbecker]

On Wed, Jan 12, 2011 at 12:04:37AM +0800, Américo Wang wrote:
> On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
> >From: Dave Anderson <anderson@redhat.com>
> >
> >Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
> >("procfs: Use generic_file_llseek in /proc/kcore")
> >broke seeking on /proc/kcore.  This changes it back
> >to use default_llseek in order to restore the original
> >behavior.
> >
> >The problem with generic_file_llseek is that it only
> >allows seeks up to inode->i_sb->s_maxbytes, which is
> >2GB-1 on procfs, where the memory file offset values in
> >the /proc/kcore PT_LOAD segments may exceed or start
> >beyond that offset value.
> >
> 
> Is the race solved? Using default_llseek() still races
> with read_kcore() on fpos, AFAIK.

Hmm, how does it race there?

read_kcore() manipulates fpos, which can't be changed behind
us inside the read callback as it's a snapshot. Also read_kcore()
can change the value of fpos, which is writed back to file->fpos
from sys_read().

So the last resulting race here the natural one between
seeking and reading, which is up to the user to take care
of.

Or am I missing something?

Re: [PATCH] /proc/kcore: fix seeking

[Américo Wang]

On Tue, Jan 11, 2011 at 05:23:23PM +0100, Frederic Weisbecker wrote:
>On Wed, Jan 12, 2011 at 12:04:37AM +0800, Américo Wang wrote:
>> On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
>> >From: Dave Anderson <anderson@redhat.com>
>> >
>> >Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
>> >("procfs: Use generic_file_llseek in /proc/kcore")
>> >broke seeking on /proc/kcore.  This changes it back
>> >to use default_llseek in order to restore the original
>> >behavior.
>> >
>> >The problem with generic_file_llseek is that it only
>> >allows seeks up to inode->i_sb->s_maxbytes, which is
>> >2GB-1 on procfs, where the memory file offset values in
>> >the /proc/kcore PT_LOAD segments may exceed or start
>> >beyond that offset value.
>> >
>> 
>> Is the race solved? Using default_llseek() still races
>> with read_kcore() on fpos, AFAIK.
>
>Hmm, how does it race there?
>
>read_kcore() manipulates fpos, which can't be changed behind
>us inside the read callback as it's a snapshot. Also read_kcore()
>can change the value of fpos, which is writed back to file->fpos
>from sys_read().
>
>So the last resulting race here the natural one between
>seeking and reading, which is up to the user to take care
>of.

Hmm, I just read the changelog of commit
34aacb2920667d405a8df15968b7f71ba46c8f18, which claims to fix
the race. So anything changed in vfs layer after that?

Thanks.

Re: [PATCH] /proc/kcore: fix seeking

[Frederic Weisbecker]

On Fri, Jan 14, 2011 at 05:44:42PM +0800, Américo Wang wrote:
> On Tue, Jan 11, 2011 at 05:23:23PM +0100, Frederic Weisbecker wrote:
> >On Wed, Jan 12, 2011 at 12:04:37AM +0800, Américo Wang wrote:
> >> On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
> >> >From: Dave Anderson <anderson@redhat.com>
> >> >
> >> >Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
> >> >("procfs: Use generic_file_llseek in /proc/kcore")
> >> >broke seeking on /proc/kcore.  This changes it back
> >> >to use default_llseek in order to restore the original
> >> >behavior.
> >> >
> >> >The problem with generic_file_llseek is that it only
> >> >allows seeks up to inode->i_sb->s_maxbytes, which is
> >> >2GB-1 on procfs, where the memory file offset values in
> >> >the /proc/kcore PT_LOAD segments may exceed or start
> >> >beyond that offset value.
> >> >
> >> 
> >> Is the race solved? Using default_llseek() still races
> >> with read_kcore() on fpos, AFAIK.
> >
> >Hmm, how does it race there?
> >
> >read_kcore() manipulates fpos, which can't be changed behind
> >us inside the read callback as it's a snapshot. Also read_kcore()
> >can change the value of fpos, which is writed back to file->fpos
> >from sys_read().
> >
> >So the last resulting race here the natural one between
> >seeking and reading, which is up to the user to take care
> >of.
> 
> Hmm, I just read the changelog of commit
> 34aacb2920667d405a8df15968b7f71ba46c8f18, which claims to fix
> the race. So anything changed in vfs layer after that?


Ah it didn't fix any race, it just got rid of the bkl, OTOH
I said in my changelog:

	"/proc/kcore has no llseek and then falls down to use default_llseek.
	This is racy against read_kcore() that directly manipulates fpos
	but it doesn't hold the bkl there so using it in llseek doesn't
	protect anything."

So I think this just testifies my crude misunderstanding of the code when I wrote
that changelog. I didn't realize fpos is a copy of the file offset that is writed back
later. Hence my changelog was buggy.

Re: [PATCH] /proc/kcore: fix seeking

[Américo Wang]

On Fri, Jan 14, 2011 at 05:29:19PM +0100, Frederic Weisbecker wrote:
>On Fri, Jan 14, 2011 at 05:44:42PM +0800, Américo Wang wrote:
>> On Tue, Jan 11, 2011 at 05:23:23PM +0100, Frederic Weisbecker wrote:
>> >On Wed, Jan 12, 2011 at 12:04:37AM +0800, Américo Wang wrote:
>> >> On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
>> >> >From: Dave Anderson <anderson@redhat.com>
>> >> >
>> >> >Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
>> >> >("procfs: Use generic_file_llseek in /proc/kcore")
>> >> >broke seeking on /proc/kcore.  This changes it back
>> >> >to use default_llseek in order to restore the original
>> >> >behavior.
>> >> >
>> >> >The problem with generic_file_llseek is that it only
>> >> >allows seeks up to inode->i_sb->s_maxbytes, which is
>> >> >2GB-1 on procfs, where the memory file offset values in
>> >> >the /proc/kcore PT_LOAD segments may exceed or start
>> >> >beyond that offset value.
>> >> >
>> >> 
>> >> Is the race solved? Using default_llseek() still races
>> >> with read_kcore() on fpos, AFAIK.
>> >
>> >Hmm, how does it race there?
>> >
>> >read_kcore() manipulates fpos, which can't be changed behind
>> >us inside the read callback as it's a snapshot. Also read_kcore()
>> >can change the value of fpos, which is writed back to file->fpos
>> >from sys_read().
>> >
>> >So the last resulting race here the natural one between
>> >seeking and reading, which is up to the user to take care
>> >of.
>> 
>> Hmm, I just read the changelog of commit
>> 34aacb2920667d405a8df15968b7f71ba46c8f18, which claims to fix
>> the race. So anything changed in vfs layer after that?
>
>
>Ah it didn't fix any race, it just got rid of the bkl, OTOH
>I said in my changelog:
>
>	"/proc/kcore has no llseek and then falls down to use default_llseek.
>	This is racy against read_kcore() that directly manipulates fpos
>	but it doesn't hold the bkl there so using it in llseek doesn't
>	protect anything."
>
>So I think this just testifies my crude misunderstanding of the code when I wrote
>that changelog. I didn't realize fpos is a copy of the file offset that is writed back
>later. Hence my changelog was buggy.

Ok, thanks for explaining this!
Dave's patch should be alright.