| Message ID | 20240926-b4-miscdevice-v1-2-7349c2b2837a@google.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Miscdevices in Rust | expand |
On Thu, Sep 26, 2024 at 02:58:56PM +0000, Alice Ryhl wrote: > Add accessors for the file position. Most of the time, you should not > use these methods directly, and you should instead use a guard for the > file position to prove that you hold the fpos lock. However, under > limited circumstances, files are allowed to choose a different locking > strategy for their file position. These accessors can be used to handle > that case. > > For now, these accessors are the only way to access the file position > within the llseek and read_iter callbacks. You really should not do that within ->read_iter(). If your method does that, it has the wrong signature. If nothing else, it should be usable for preadv(2), so what file position are you talking about?
On Thu, Sep 26, 2024 at 11:08:21PM +0100, Al Viro wrote: > On Thu, Sep 26, 2024 at 02:58:56PM +0000, Alice Ryhl wrote: > > Add accessors for the file position. Most of the time, you should not > > use these methods directly, and you should instead use a guard for the > > file position to prove that you hold the fpos lock. However, under > > limited circumstances, files are allowed to choose a different locking > > strategy for their file position. These accessors can be used to handle > > that case. > > > > For now, these accessors are the only way to access the file position > > within the llseek and read_iter callbacks. > > You really should not do that within ->read_iter(). If your method > does that, it has the wrong signature. > > If nothing else, it should be usable for preadv(2), so what file position > are you talking about? To elaborate: ->llseek() is the only method that has any business accessing ->f_pos (and that - possibly not forever). Note, BTW, that most of the time ->llseek() should be using one of the safe instances from fs/libfs.c or helpers from the same place; direct ->f_pos access in drivers is basically for things like static loff_t cfam_llseek(struct file *file, loff_t offset, int whence) { switch (whence) { case SEEK_CUR: break; case SEEK_SET: file->f_pos = offset; break; default: return -EINVAL; } return offset; } which is... really special. Translation: lseek(fd, n, SEEK_CUR) - return n and do nothing. lseek(fd, n, SEEK_SET) - usual semantics. Anything else - fail with EINVAL. The mind-boggling part is SEEK_CUR, but that's userland ABI of that particular driver; if the authors can be convinced that we don't need to preserve that wart, it can be replaced with use of no_seek_end_llseek. If their very special userland relies upon it... not much we can do. Anything else outside of core VFS should not touch the damn thing, unless they have a very good reason and are willing to explain what makes them special. From quick grep through the tree, we seem to have grown a bunch of bogosities in vfio (including one in samples, presumably responsible for that infestation), there's a few strange ioctls that reset it to 0 or do other unnatural things (hell, VFAT has readdir() variant called that way), there are _really_ shitty cases in HFS, HFS+ and HPFS, where things like unlink() while somebody has the parent directory open will modify the current position(s), and then there's whatever ksmbd is playing at. We really should not expose ->f_pos - that can't be done on the C side (yet), but let's not spread that idiocy.
On Thu, Sep 26, 2024 at 11:47:33PM +0100, Al Viro wrote:
> time ->llseek() should be using one of the safe instances from fs/libfs.c
d'oh... s/libfs.c/read_write.c/ - sorry.
diff --git a/rust/kernel/fs/file.rs b/rust/kernel/fs/file.rs index e03dbe14d62a..c896a3b1d182 100644 --- a/rust/kernel/fs/file.rs +++ b/rust/kernel/fs/file.rs @@ -333,6 +333,26 @@ pub fn flags(&self) -> u32 { // FIXME(read_once): Replace with `read_once` when available on the Rust side. unsafe { core::ptr::addr_of!((*self.as_ptr()).f_flags).read_volatile() } } + + /// Read the file position. + /// + /// # Safety + /// + /// You must hold the fpos lock or otherwise ensure that no data race will happen. + #[inline] + pub unsafe fn f_pos(&self) -> i64 { + unsafe { (*self.as_ptr()).f_pos } + } + + /// Set the file position. + /// + /// # Safety + /// + /// You must hold the fpos lock or otherwise ensure that no data race will happen. + #[inline] + pub unsafe fn set_f_pos(&self, value: i64) { + unsafe { (*self.as_ptr()).f_pos = value }; + } } impl File {
Add accessors for the file position. Most of the time, you should not use these methods directly, and you should instead use a guard for the file position to prove that you hold the fpos lock. However, under limited circumstances, files are allowed to choose a different locking strategy for their file position. These accessors can be used to handle that case. For now, these accessors are the only way to access the file position within the llseek and read_iter callbacks. Signed-off-by: Alice Ryhl <aliceryhl@google.com> --- rust/kernel/fs/file.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)