[PATCH v6 0/5] Improve simple directory offset wrap behavior

[PATCH v6 0/5] Improve simple directory offset wrap behavior

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

The purpose of this series is to construct a set of upstream fixes
that can be backported to v6.6 to address CVE-2024-46701.

Changes since v5:
- Improve error flow in simple_offset_add()

This series (against v6.13-rc3) has been pushed to:

https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git/log/?h=tmpfs-fixes

Chuck Lever (5):
  libfs: Return ENOSPC when the directory offset range is exhausted
  Revert "libfs: Add simple_offset_empty()"
  Revert "libfs: fix infinite directory reads for offset dir"
  libfs: Replace simple_offset end-of-directory detection
  libfs: Use d_children list to iterate simple_offset directories

 fs/libfs.c         | 163 ++++++++++++++++++++++-----------------------
 include/linux/fs.h |   1 -
 mm/shmem.c         |   4 +-
 3 files changed, 80 insertions(+), 88 deletions(-)

-- 
2.47.0

[PATCH v6 1/5] libfs: Return ENOSPC when the directory offset range is exhausted

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

Testing shows that the EBUSY error return from mtree_alloc_cyclic()
leaks into user space. The ERRORS section of "man creat(2)" says:

>	EBUSY	O_EXCL was specified in flags and pathname refers
>		to a block device that is in use by the system
>		(e.g., it is mounted).

ENOSPC is closer to what applications expect in this situation.

Note that the normal range of simple directory offset values is
2..2^63, so hitting this error is going to be rare to impossible.

Fixes: 6faddda69f62 ("libfs: Add directory operations for stable offsets")
Cc: <stable@vger.kernel.org> # v6.9+
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Yang Erkun <yangerkun@huawei.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/libfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/libfs.c b/fs/libfs.c
index 748ac5923154..3da58a92f48f 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -292,8 +292,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
 
 	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
 				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
-	if (ret < 0)
-		return ret;
+	if (unlikely(ret < 0))
+		return ret == -EBUSY ? -ENOSPC : ret;
 
 	offset_set(dentry, offset);
 	return 0;
-- 
2.47.0

Re: [PATCH v6 1/5] libfs: Return ENOSPC when the directory offset range is exhausted

[Liam R. Howlett]

* cel@kernel.org <cel@kernel.org> [241220 10:33]:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> Testing shows that the EBUSY error return from mtree_alloc_cyclic()
> leaks into user space. The ERRORS section of "man creat(2)" says:
> 
> >	EBUSY	O_EXCL was specified in flags and pathname refers
> >		to a block device that is in use by the system
> >		(e.g., it is mounted).
> 
> ENOSPC is closer to what applications expect in this situation.

Should the tree be returning ENOSPC in this case as apposed to
translating it here?

> 
> Note that the normal range of simple directory offset values is
> 2..2^63, so hitting this error is going to be rare to impossible.
> 
> Fixes: 6faddda69f62 ("libfs: Add directory operations for stable offsets")
> Cc: <stable@vger.kernel.org> # v6.9+
> Reviewed-by: Jeff Layton <jlayton@kernel.org>
> Reviewed-by: Yang Erkun <yangerkun@huawei.com>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>  fs/libfs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/libfs.c b/fs/libfs.c
> index 748ac5923154..3da58a92f48f 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -292,8 +292,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
>  
>  	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
>  				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
> -	if (ret < 0)
> -		return ret;
> +	if (unlikely(ret < 0))
> +		return ret == -EBUSY ? -ENOSPC : ret;
>  
>  	offset_set(dentry, offset);
>  	return 0;
> -- 
> 2.47.0
> 
> 

Re: [PATCH v6 1/5] libfs: Return ENOSPC when the directory offset range is exhausted

[Chuck Lever]

On 12/23/24 11:28 AM, Liam R. Howlett wrote:
> * cel@kernel.org <cel@kernel.org> [241220 10:33]:
>> From: Chuck Lever <chuck.lever@oracle.com>
>>
>> Testing shows that the EBUSY error return from mtree_alloc_cyclic()
>> leaks into user space. The ERRORS section of "man creat(2)" says:
>>
>>> 	EBUSY	O_EXCL was specified in flags and pathname refers
>>> 		to a block device that is in use by the system
>>> 		(e.g., it is mounted).
>>
>> ENOSPC is closer to what applications expect in this situation.
> 
> Should the tree be returning ENOSPC in this case as apposed to
> translating it here?

ENOSPC means "No space left on device." which has a certain
filesystem-like ring to it. So translation in a filesystem caller
seems sensible to me.

If you change mtree_alloc_cyclic() wouldn't you also need to update
other mtree and xarray APIs as well, for consistency? That could be
a lot of bother.

But if you'd like to change the mtree API, I won't argue. It's not
a crazy idea.


>> Note that the normal range of simple directory offset values is
>> 2..2^63, so hitting this error is going to be rare to impossible.
>>
>> Fixes: 6faddda69f62 ("libfs: Add directory operations for stable offsets")
>> Cc: <stable@vger.kernel.org> # v6.9+
>> Reviewed-by: Jeff Layton <jlayton@kernel.org>
>> Reviewed-by: Yang Erkun <yangerkun@huawei.com>
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>> ---
>>   fs/libfs.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/libfs.c b/fs/libfs.c
>> index 748ac5923154..3da58a92f48f 100644
>> --- a/fs/libfs.c
>> +++ b/fs/libfs.c
>> @@ -292,8 +292,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
>>   
>>   	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
>>   				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
>> -	if (ret < 0)
>> -		return ret;
>> +	if (unlikely(ret < 0))
>> +		return ret == -EBUSY ? -ENOSPC : ret;
>>   
>>   	offset_set(dentry, offset);
>>   	return 0;
>> -- 
>> 2.47.0
>>
>>


-- 
Chuck Lever

[PATCH v6 2/5] Revert "libfs: Add simple_offset_empty()"

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

simple_empty() and simple_offset_empty() perform the same task.
The latter's use as a canary to find bugs has not found any new
issues. A subsequent patch will remove the use of the mtree for
iterating directory contents, so revert back to using a similar
mechanism for determining whether a directory is indeed empty.

Only one such mechanism is ever needed.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/libfs.c         | 32 --------------------------------
 include/linux/fs.h |  1 -
 mm/shmem.c         |  4 ++--
 3 files changed, 2 insertions(+), 35 deletions(-)

diff --git a/fs/libfs.c b/fs/libfs.c
index 3da58a92f48f..8380d9314ebd 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -329,38 +329,6 @@ void simple_offset_remove(struct offset_ctx *octx, struct dentry *dentry)
 	offset_set(dentry, 0);
 }
 
-/**
- * simple_offset_empty - Check if a dentry can be unlinked
- * @dentry: dentry to be tested
- *
- * Returns 0 if @dentry is a non-empty directory; otherwise returns 1.
- */
-int simple_offset_empty(struct dentry *dentry)
-{
-	struct inode *inode = d_inode(dentry);
-	struct offset_ctx *octx;
-	struct dentry *child;
-	unsigned long index;
-	int ret = 1;
-
-	if (!inode || !S_ISDIR(inode->i_mode))
-		return ret;
-
-	index = DIR_OFFSET_MIN;
-	octx = inode->i_op->get_offset_ctx(inode);
-	mt_for_each(&octx->mt, child, index, LONG_MAX) {
-		spin_lock(&child->d_lock);
-		if (simple_positive(child)) {
-			spin_unlock(&child->d_lock);
-			ret = 0;
-			break;
-		}
-		spin_unlock(&child->d_lock);
-	}
-
-	return ret;
-}
-
 /**
  * simple_offset_rename - handle directory offsets for rename
  * @old_dir: parent directory of source entry
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 7e29433c5ecc..f7efc6866ebc 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3468,7 +3468,6 @@ struct offset_ctx {
 void simple_offset_init(struct offset_ctx *octx);
 int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry);
 void simple_offset_remove(struct offset_ctx *octx, struct dentry *dentry);
-int simple_offset_empty(struct dentry *dentry);
 int simple_offset_rename(struct inode *old_dir, struct dentry *old_dentry,
 			 struct inode *new_dir, struct dentry *new_dentry);
 int simple_offset_rename_exchange(struct inode *old_dir,
diff --git a/mm/shmem.c b/mm/shmem.c
index ccb9629a0f70..274c2666f457 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3818,7 +3818,7 @@ static int shmem_unlink(struct inode *dir, struct dentry *dentry)
 
 static int shmem_rmdir(struct inode *dir, struct dentry *dentry)
 {
-	if (!simple_offset_empty(dentry))
+	if (!simple_empty(dentry))
 		return -ENOTEMPTY;
 
 	drop_nlink(d_inode(dentry));
@@ -3875,7 +3875,7 @@ static int shmem_rename2(struct mnt_idmap *idmap,
 		return simple_offset_rename_exchange(old_dir, old_dentry,
 						     new_dir, new_dentry);
 
-	if (!simple_offset_empty(new_dentry))
+	if (!simple_empty(new_dentry))
 		return -ENOTEMPTY;
 
 	if (flags & RENAME_WHITEOUT) {
-- 
2.47.0

Re: [PATCH v6 2/5] Revert "libfs: Add simple_offset_empty()"

[yangerkun]

LGTM

Reviewed-by: Yang Erkun <yangerkun@huawei.com>

在 2024/12/20 23:33, cel@kernel.org 写道:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> simple_empty() and simple_offset_empty() perform the same task.
> The latter's use as a canary to find bugs has not found any new
> issues. A subsequent patch will remove the use of the mtree for
> iterating directory contents, so revert back to using a similar
> mechanism for determining whether a directory is indeed empty.
> 
> Only one such mechanism is ever needed.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>   fs/libfs.c         | 32 --------------------------------
>   include/linux/fs.h |  1 -
>   mm/shmem.c         |  4 ++--
>   3 files changed, 2 insertions(+), 35 deletions(-)
> 
> diff --git a/fs/libfs.c b/fs/libfs.c
> index 3da58a92f48f..8380d9314ebd 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -329,38 +329,6 @@ void simple_offset_remove(struct offset_ctx *octx, struct dentry *dentry)
>   	offset_set(dentry, 0);
>   }
>   
> -/**
> - * simple_offset_empty - Check if a dentry can be unlinked
> - * @dentry: dentry to be tested
> - *
> - * Returns 0 if @dentry is a non-empty directory; otherwise returns 1.
> - */
> -int simple_offset_empty(struct dentry *dentry)
> -{
> -	struct inode *inode = d_inode(dentry);
> -	struct offset_ctx *octx;
> -	struct dentry *child;
> -	unsigned long index;
> -	int ret = 1;
> -
> -	if (!inode || !S_ISDIR(inode->i_mode))
> -		return ret;
> -
> -	index = DIR_OFFSET_MIN;
> -	octx = inode->i_op->get_offset_ctx(inode);
> -	mt_for_each(&octx->mt, child, index, LONG_MAX) {
> -		spin_lock(&child->d_lock);
> -		if (simple_positive(child)) {
> -			spin_unlock(&child->d_lock);
> -			ret = 0;
> -			break;
> -		}
> -		spin_unlock(&child->d_lock);
> -	}
> -
> -	return ret;
> -}
> -
>   /**
>    * simple_offset_rename - handle directory offsets for rename
>    * @old_dir: parent directory of source entry
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 7e29433c5ecc..f7efc6866ebc 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -3468,7 +3468,6 @@ struct offset_ctx {
>   void simple_offset_init(struct offset_ctx *octx);
>   int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry);
>   void simple_offset_remove(struct offset_ctx *octx, struct dentry *dentry);
> -int simple_offset_empty(struct dentry *dentry);
>   int simple_offset_rename(struct inode *old_dir, struct dentry *old_dentry,
>   			 struct inode *new_dir, struct dentry *new_dentry);
>   int simple_offset_rename_exchange(struct inode *old_dir,
> diff --git a/mm/shmem.c b/mm/shmem.c
> index ccb9629a0f70..274c2666f457 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -3818,7 +3818,7 @@ static int shmem_unlink(struct inode *dir, struct dentry *dentry)
>   
>   static int shmem_rmdir(struct inode *dir, struct dentry *dentry)
>   {
> -	if (!simple_offset_empty(dentry))
> +	if (!simple_empty(dentry))
>   		return -ENOTEMPTY;
>   
>   	drop_nlink(d_inode(dentry));
> @@ -3875,7 +3875,7 @@ static int shmem_rename2(struct mnt_idmap *idmap,
>   		return simple_offset_rename_exchange(old_dir, old_dentry,
>   						     new_dir, new_dentry);
>   
> -	if (!simple_offset_empty(new_dentry))
> +	if (!simple_empty(new_dentry))
>   		return -ENOTEMPTY;
>   
>   	if (flags & RENAME_WHITEOUT) {

[PATCH v6 3/5] Revert "libfs: fix infinite directory reads for offset dir"

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

The current directory offset allocator (based on mtree_alloc_cyclic)
stores the next offset value to return in octx->next_offset. This
mechanism typically returns values that increase monotonically over
time. Eventually, though, the newly allocated offset value wraps
back to a low number (say, 2) which is smaller than other already-
allocated offset values.

Yu Kuai <yukuai3@huawei.com> reports that, after commit 64a7ce76fb90
("libfs: fix infinite directory reads for offset dir"), if a
directory's offset allocator wraps, existing entries are no longer
visible via readdir/getdents because offset_readdir() stops listing
entries once an entry's offset is larger than octx->next_offset.
These entries vanish persistently -- they can be looked up, but will
never again appear in readdir(3) output.

The reason for this is that the commit treats directory offsets as
monotonically increasing integer values rather than opaque cookies,
and introduces this comparison:

	if (dentry2offset(dentry) >= last_index) {

On 64-bit platforms, the directory offset value upper bound is
2^63 - 1. Directory offsets will monotonically increase for millions
of years without wrapping.

On 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator
can wrap after only a few weeks (at worst).

Revert commit 64a7ce76fb90 ("libfs: fix infinite directory reads for
offset dir") to prepare for a fix that can work properly on 32-bit
systems and might apply to recent LTS kernels where shmem employs
the simple_offset mechanism.

Reported-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/libfs.c | 35 +++++++++++------------------------
 1 file changed, 11 insertions(+), 24 deletions(-)

diff --git a/fs/libfs.c b/fs/libfs.c
index 8380d9314ebd..8c9364a0174c 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -422,14 +422,6 @@ void simple_offset_destroy(struct offset_ctx *octx)
 	mtree_destroy(&octx->mt);
 }
 
-static int offset_dir_open(struct inode *inode, struct file *file)
-{
-	struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode);
-
-	file->private_data = (void *)ctx->next_offset;
-	return 0;
-}
-
 /**
  * offset_dir_llseek - Advance the read position of a directory descriptor
  * @file: an open directory whose position is to be updated
@@ -443,9 +435,6 @@ static int offset_dir_open(struct inode *inode, struct file *file)
  */
 static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
 {
-	struct inode *inode = file->f_inode;
-	struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode);
-
 	switch (whence) {
 	case SEEK_CUR:
 		offset += file->f_pos;
@@ -459,8 +448,7 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
 	}
 
 	/* In this case, ->private_data is protected by f_pos_lock */
-	if (!offset)
-		file->private_data = (void *)ctx->next_offset;
+	file->private_data = NULL;
 	return vfs_setpos(file, offset, LONG_MAX);
 }
 
@@ -491,7 +479,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
 			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
 }
 
-static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, long last_index)
+static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 {
 	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
 	struct dentry *dentry;
@@ -499,21 +487,17 @@ static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, lon
 	while (true) {
 		dentry = offset_find_next(octx, ctx->pos);
 		if (!dentry)
-			return;
-
-		if (dentry2offset(dentry) >= last_index) {
-			dput(dentry);
-			return;
-		}
+			return ERR_PTR(-ENOENT);
 
 		if (!offset_dir_emit(ctx, dentry)) {
 			dput(dentry);
-			return;
+			break;
 		}
 
 		ctx->pos = dentry2offset(dentry) + 1;
 		dput(dentry);
 	}
+	return NULL;
 }
 
 /**
@@ -540,19 +524,22 @@ static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, lon
 static int offset_readdir(struct file *file, struct dir_context *ctx)
 {
 	struct dentry *dir = file->f_path.dentry;
-	long last_index = (long)file->private_data;
 
 	lockdep_assert_held(&d_inode(dir)->i_rwsem);
 
 	if (!dir_emit_dots(file, ctx))
 		return 0;
 
-	offset_iterate_dir(d_inode(dir), ctx, last_index);
+	/* In this case, ->private_data is protected by f_pos_lock */
+	if (ctx->pos == DIR_OFFSET_MIN)
+		file->private_data = NULL;
+	else if (file->private_data == ERR_PTR(-ENOENT))
+		return 0;
+	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
 	return 0;
 }
 
 const struct file_operations simple_offset_dir_operations = {
-	.open		= offset_dir_open,
 	.llseek		= offset_dir_llseek,
 	.iterate_shared	= offset_readdir,
 	.read		= generic_read_dir,
-- 
2.47.0

Re: [PATCH v6 3/5] Revert "libfs: fix infinite directory reads for offset dir"

[yangerkun]

LGTM

Reviewed-by: Yang Erkun <yangerkun@huawei.com>


在 2024/12/20 23:33, cel@kernel.org 写道:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> The current directory offset allocator (based on mtree_alloc_cyclic)
> stores the next offset value to return in octx->next_offset. This
> mechanism typically returns values that increase monotonically over
> time. Eventually, though, the newly allocated offset value wraps
> back to a low number (say, 2) which is smaller than other already-
> allocated offset values.
> 
> Yu Kuai <yukuai3@huawei.com> reports that, after commit 64a7ce76fb90
> ("libfs: fix infinite directory reads for offset dir"), if a
> directory's offset allocator wraps, existing entries are no longer
> visible via readdir/getdents because offset_readdir() stops listing
> entries once an entry's offset is larger than octx->next_offset.
> These entries vanish persistently -- they can be looked up, but will
> never again appear in readdir(3) output.
> 
> The reason for this is that the commit treats directory offsets as
> monotonically increasing integer values rather than opaque cookies,
> and introduces this comparison:
> 
> 	if (dentry2offset(dentry) >= last_index) {
> 
> On 64-bit platforms, the directory offset value upper bound is
> 2^63 - 1. Directory offsets will monotonically increase for millions
> of years without wrapping.
> 
> On 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator
> can wrap after only a few weeks (at worst).
> 
> Revert commit 64a7ce76fb90 ("libfs: fix infinite directory reads for
> offset dir") to prepare for a fix that can work properly on 32-bit
> systems and might apply to recent LTS kernels where shmem employs
> the simple_offset mechanism.
> 
> Reported-by: Yu Kuai <yukuai3@huawei.com>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>   fs/libfs.c | 35 +++++++++++------------------------
>   1 file changed, 11 insertions(+), 24 deletions(-)
> 
> diff --git a/fs/libfs.c b/fs/libfs.c
> index 8380d9314ebd..8c9364a0174c 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -422,14 +422,6 @@ void simple_offset_destroy(struct offset_ctx *octx)
>   	mtree_destroy(&octx->mt);
>   }
>   
> -static int offset_dir_open(struct inode *inode, struct file *file)
> -{
> -	struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode);
> -
> -	file->private_data = (void *)ctx->next_offset;
> -	return 0;
> -}
> -
>   /**
>    * offset_dir_llseek - Advance the read position of a directory descriptor
>    * @file: an open directory whose position is to be updated
> @@ -443,9 +435,6 @@ static int offset_dir_open(struct inode *inode, struct file *file)
>    */
>   static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
>   {
> -	struct inode *inode = file->f_inode;
> -	struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode);
> -
>   	switch (whence) {
>   	case SEEK_CUR:
>   		offset += file->f_pos;
> @@ -459,8 +448,7 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
>   	}
>   
>   	/* In this case, ->private_data is protected by f_pos_lock */
> -	if (!offset)
> -		file->private_data = (void *)ctx->next_offset;
> +	file->private_data = NULL;
>   	return vfs_setpos(file, offset, LONG_MAX);
>   }
>   
> @@ -491,7 +479,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
>   			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>   }
>   
> -static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, long last_index)
> +static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>   {
>   	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>   	struct dentry *dentry;
> @@ -499,21 +487,17 @@ static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, lon
>   	while (true) {
>   		dentry = offset_find_next(octx, ctx->pos);
>   		if (!dentry)
> -			return;
> -
> -		if (dentry2offset(dentry) >= last_index) {
> -			dput(dentry);
> -			return;
> -		}
> +			return ERR_PTR(-ENOENT);
>   
>   		if (!offset_dir_emit(ctx, dentry)) {
>   			dput(dentry);
> -			return;
> +			break;
>   		}
>   
>   		ctx->pos = dentry2offset(dentry) + 1;
>   		dput(dentry);
>   	}
> +	return NULL;
>   }
>   
>   /**
> @@ -540,19 +524,22 @@ static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx, lon
>   static int offset_readdir(struct file *file, struct dir_context *ctx)
>   {
>   	struct dentry *dir = file->f_path.dentry;
> -	long last_index = (long)file->private_data;
>   
>   	lockdep_assert_held(&d_inode(dir)->i_rwsem);
>   
>   	if (!dir_emit_dots(file, ctx))
>   		return 0;
>   
> -	offset_iterate_dir(d_inode(dir), ctx, last_index);
> +	/* In this case, ->private_data is protected by f_pos_lock */
> +	if (ctx->pos == DIR_OFFSET_MIN)
> +		file->private_data = NULL;
> +	else if (file->private_data == ERR_PTR(-ENOENT))
> +		return 0;
> +	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
>   	return 0;
>   }
>   
>   const struct file_operations simple_offset_dir_operations = {
> -	.open		= offset_dir_open,
>   	.llseek		= offset_dir_llseek,
>   	.iterate_shared	= offset_readdir,
>   	.read		= generic_read_dir,

[PATCH v6 4/5] libfs: Replace simple_offset end-of-directory detection

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

According to getdents(3), the d_off field in each returned directory
entry points to the next entry in the directory. The d_off field in
the last returned entry in the readdir buffer must contain a valid
offset value, but if it points to an actual directory entry, then
readdir/getdents can loop.

This patch introduces a specific fixed offset value that is placed
in the d_off field of the last entry in a directory. Some user space
applications assume that the EOD offset value is larger than the
offsets of real directory entries, so the largest possible offset
value is reserved for this purpose. This new value is never
allocated by simple_offset_add().

When ->iterate_dir() returns, getdents{64} inserts the ctx->pos
value into the d_off field of the last valid entry in the readdir
buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD
offset value so the last entry is updated to point to the EOD marker.

When trying to read the entry at the EOD offset, offset_readdir()
terminates immediately.

It is worth noting that using a Maple tree for directory offset
value allocation does not guarantee a 63-bit range of values --
on platforms where "long" is a 32-bit type, the directory offset
value range is still 0..(2^31 - 1).

Fixes: 796432efab1e ("libfs: getdents() should return 0 after reaching EOD")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/libfs.c | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/fs/libfs.c b/fs/libfs.c
index 8c9364a0174c..5c56783c03a5 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -245,9 +245,16 @@ const struct inode_operations simple_dir_inode_operations = {
 };
 EXPORT_SYMBOL(simple_dir_inode_operations);
 
-/* 0 is '.', 1 is '..', so always start with offset 2 or more */
+/* simple_offset_add() allocation range */
 enum {
-	DIR_OFFSET_MIN	= 2,
+	DIR_OFFSET_MIN		= 2,
+	DIR_OFFSET_MAX		= LONG_MAX - 1,
+};
+
+/* simple_offset_add() never assigns these to a dentry */
+enum {
+	DIR_OFFSET_EOD		= LONG_MAX,	/* Marks EOD */
+
 };
 
 static void offset_set(struct dentry *dentry, long offset)
@@ -291,7 +298,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
 		return -EBUSY;
 
 	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
-				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
+				 DIR_OFFSET_MAX, &octx->next_offset,
+				 GFP_KERNEL);
 	if (unlikely(ret < 0))
 		return ret == -EBUSY ? -ENOSPC : ret;
 
@@ -447,8 +455,6 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
 		return -EINVAL;
 	}
 
-	/* In this case, ->private_data is protected by f_pos_lock */
-	file->private_data = NULL;
 	return vfs_setpos(file, offset, LONG_MAX);
 }
 
@@ -458,7 +464,7 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
 	struct dentry *child, *found = NULL;
 
 	rcu_read_lock();
-	child = mas_find(&mas, LONG_MAX);
+	child = mas_find(&mas, DIR_OFFSET_MAX);
 	if (!child)
 		goto out;
 	spin_lock(&child->d_lock);
@@ -479,7 +485,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
 			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
 }
 
-static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
+static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 {
 	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
 	struct dentry *dentry;
@@ -487,7 +493,7 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 	while (true) {
 		dentry = offset_find_next(octx, ctx->pos);
 		if (!dentry)
-			return ERR_PTR(-ENOENT);
+			goto out_eod;
 
 		if (!offset_dir_emit(ctx, dentry)) {
 			dput(dentry);
@@ -497,7 +503,10 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 		ctx->pos = dentry2offset(dentry) + 1;
 		dput(dentry);
 	}
-	return NULL;
+	return;
+
+out_eod:
+	ctx->pos = DIR_OFFSET_EOD;
 }
 
 /**
@@ -517,6 +526,8 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
  *
  * On return, @ctx->pos contains an offset that will read the next entry
  * in this directory when offset_readdir() is called again with @ctx.
+ * Caller places this value in the d_off field of the last entry in the
+ * user's buffer.
  *
  * Return values:
  *   %0 - Complete
@@ -529,13 +540,8 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
 
 	if (!dir_emit_dots(file, ctx))
 		return 0;
-
-	/* In this case, ->private_data is protected by f_pos_lock */
-	if (ctx->pos == DIR_OFFSET_MIN)
-		file->private_data = NULL;
-	else if (file->private_data == ERR_PTR(-ENOENT))
-		return 0;
-	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
+	if (ctx->pos != DIR_OFFSET_EOD)
+		offset_iterate_dir(d_inode(dir), ctx);
 	return 0;
 }
 
-- 
2.47.0

Re: [PATCH v6 4/5] libfs: Replace simple_offset end-of-directory detection

[yangerkun]

LGTM

Reviewed-by: Yang Erkun <yangerkun@huawei.com>


在 2024/12/20 23:33, cel@kernel.org 写道:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> According to getdents(3), the d_off field in each returned directory
> entry points to the next entry in the directory. The d_off field in
> the last returned entry in the readdir buffer must contain a valid
> offset value, but if it points to an actual directory entry, then
> readdir/getdents can loop.
> 
> This patch introduces a specific fixed offset value that is placed
> in the d_off field of the last entry in a directory. Some user space
> applications assume that the EOD offset value is larger than the
> offsets of real directory entries, so the largest possible offset
> value is reserved for this purpose. This new value is never
> allocated by simple_offset_add().
> 
> When ->iterate_dir() returns, getdents{64} inserts the ctx->pos
> value into the d_off field of the last valid entry in the readdir
> buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD
> offset value so the last entry is updated to point to the EOD marker.
> 
> When trying to read the entry at the EOD offset, offset_readdir()
> terminates immediately.
> 
> It is worth noting that using a Maple tree for directory offset
> value allocation does not guarantee a 63-bit range of values --
> on platforms where "long" is a 32-bit type, the directory offset
> value range is still 0..(2^31 - 1).
> 
> Fixes: 796432efab1e ("libfs: getdents() should return 0 after reaching EOD")
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>   fs/libfs.c | 38 ++++++++++++++++++++++----------------
>   1 file changed, 22 insertions(+), 16 deletions(-)
> 
> diff --git a/fs/libfs.c b/fs/libfs.c
> index 8c9364a0174c..5c56783c03a5 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -245,9 +245,16 @@ const struct inode_operations simple_dir_inode_operations = {
>   };
>   EXPORT_SYMBOL(simple_dir_inode_operations);
>   
> -/* 0 is '.', 1 is '..', so always start with offset 2 or more */
> +/* simple_offset_add() allocation range */
>   enum {
> -	DIR_OFFSET_MIN	= 2,
> +	DIR_OFFSET_MIN		= 2,
> +	DIR_OFFSET_MAX		= LONG_MAX - 1,
> +};
> +
> +/* simple_offset_add() never assigns these to a dentry */
> +enum {
> +	DIR_OFFSET_EOD		= LONG_MAX,	/* Marks EOD */
> +
>   };
>   
>   static void offset_set(struct dentry *dentry, long offset)
> @@ -291,7 +298,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
>   		return -EBUSY;
>   
>   	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
> -				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
> +				 DIR_OFFSET_MAX, &octx->next_offset,
> +				 GFP_KERNEL);
>   	if (unlikely(ret < 0))
>   		return ret == -EBUSY ? -ENOSPC : ret;
>   
> @@ -447,8 +455,6 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
>   		return -EINVAL;
>   	}
>   
> -	/* In this case, ->private_data is protected by f_pos_lock */
> -	file->private_data = NULL;
>   	return vfs_setpos(file, offset, LONG_MAX);
>   }
>   
> @@ -458,7 +464,7 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
>   	struct dentry *child, *found = NULL;
>   
>   	rcu_read_lock();
> -	child = mas_find(&mas, LONG_MAX);
> +	child = mas_find(&mas, DIR_OFFSET_MAX);
>   	if (!child)
>   		goto out;
>   	spin_lock(&child->d_lock);
> @@ -479,7 +485,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
>   			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>   }
>   
> -static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
> +static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>   {
>   	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>   	struct dentry *dentry;
> @@ -487,7 +493,7 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>   	while (true) {
>   		dentry = offset_find_next(octx, ctx->pos);
>   		if (!dentry)
> -			return ERR_PTR(-ENOENT);
> +			goto out_eod;
>   
>   		if (!offset_dir_emit(ctx, dentry)) {
>   			dput(dentry);
> @@ -497,7 +503,10 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>   		ctx->pos = dentry2offset(dentry) + 1;
>   		dput(dentry);
>   	}
> -	return NULL;
> +	return;
> +
> +out_eod:
> +	ctx->pos = DIR_OFFSET_EOD;
>   }
>   
>   /**
> @@ -517,6 +526,8 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>    *
>    * On return, @ctx->pos contains an offset that will read the next entry
>    * in this directory when offset_readdir() is called again with @ctx.
> + * Caller places this value in the d_off field of the last entry in the
> + * user's buffer.
>    *
>    * Return values:
>    *   %0 - Complete
> @@ -529,13 +540,8 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
>   
>   	if (!dir_emit_dots(file, ctx))
>   		return 0;
> -
> -	/* In this case, ->private_data is protected by f_pos_lock */
> -	if (ctx->pos == DIR_OFFSET_MIN)
> -		file->private_data = NULL;
> -	else if (file->private_data == ERR_PTR(-ENOENT))
> -		return 0;
> -	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
> +	if (ctx->pos != DIR_OFFSET_EOD)
> +		offset_iterate_dir(d_inode(dir), ctx);
>   	return 0;
>   }
>   

Re: [PATCH v6 4/5] libfs: Replace simple_offset end-of-directory detection

[Liam R. Howlett]

* cel@kernel.org <cel@kernel.org> [241220 10:33]:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> According to getdents(3), the d_off field in each returned directory
> entry points to the next entry in the directory. The d_off field in
> the last returned entry in the readdir buffer must contain a valid
> offset value, but if it points to an actual directory entry, then
> readdir/getdents can loop.
> 
> This patch introduces a specific fixed offset value that is placed
> in the d_off field of the last entry in a directory. Some user space
> applications assume that the EOD offset value is larger than the
> offsets of real directory entries, so the largest possible offset
> value is reserved for this purpose. This new value is never
> allocated by simple_offset_add().
> 
> When ->iterate_dir() returns, getdents{64} inserts the ctx->pos
> value into the d_off field of the last valid entry in the readdir
> buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD
> offset value so the last entry is updated to point to the EOD marker.
> 
> When trying to read the entry at the EOD offset, offset_readdir()
> terminates immediately.
> 
> It is worth noting that using a Maple tree for directory offset
> value allocation does not guarantee a 63-bit range of values --
> on platforms where "long" is a 32-bit type, the directory offset
> value range is still 0..(2^31 - 1).

I have a standing request to have 32-bit archs return 64-bit values.  Is
this another 'nice to have' 64 bit values on 32 bit archs?

> 
> Fixes: 796432efab1e ("libfs: getdents() should return 0 after reaching EOD")
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>  fs/libfs.c | 38 ++++++++++++++++++++++----------------
>  1 file changed, 22 insertions(+), 16 deletions(-)
> 
> diff --git a/fs/libfs.c b/fs/libfs.c
> index 8c9364a0174c..5c56783c03a5 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -245,9 +245,16 @@ const struct inode_operations simple_dir_inode_operations = {
>  };
>  EXPORT_SYMBOL(simple_dir_inode_operations);
>  
> -/* 0 is '.', 1 is '..', so always start with offset 2 or more */
> +/* simple_offset_add() allocation range */
>  enum {
> -	DIR_OFFSET_MIN	= 2,
> +	DIR_OFFSET_MIN		= 2,
> +	DIR_OFFSET_MAX		= LONG_MAX - 1,
> +};
> +
> +/* simple_offset_add() never assigns these to a dentry */
> +enum {
> +	DIR_OFFSET_EOD		= LONG_MAX,	/* Marks EOD */
> +
>  };
>  
>  static void offset_set(struct dentry *dentry, long offset)
> @@ -291,7 +298,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
>  		return -EBUSY;
>  
>  	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
> -				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
> +				 DIR_OFFSET_MAX, &octx->next_offset,
> +				 GFP_KERNEL);
>  	if (unlikely(ret < 0))
>  		return ret == -EBUSY ? -ENOSPC : ret;
>  
> @@ -447,8 +455,6 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
>  		return -EINVAL;
>  	}
>  
> -	/* In this case, ->private_data is protected by f_pos_lock */
> -	file->private_data = NULL;
>  	return vfs_setpos(file, offset, LONG_MAX);
>  }
>  
> @@ -458,7 +464,7 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
>  	struct dentry *child, *found = NULL;
>  
>  	rcu_read_lock();
> -	child = mas_find(&mas, LONG_MAX);
> +	child = mas_find(&mas, DIR_OFFSET_MAX);
>  	if (!child)
>  		goto out;
>  	spin_lock(&child->d_lock);
> @@ -479,7 +485,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
>  			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>  }
>  
> -static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
> +static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>  {
>  	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>  	struct dentry *dentry;
> @@ -487,7 +493,7 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>  	while (true) {
>  		dentry = offset_find_next(octx, ctx->pos);
>  		if (!dentry)
> -			return ERR_PTR(-ENOENT);
> +			goto out_eod;
>  
>  		if (!offset_dir_emit(ctx, dentry)) {
>  			dput(dentry);
> @@ -497,7 +503,10 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>  		ctx->pos = dentry2offset(dentry) + 1;
>  		dput(dentry);
>  	}
> -	return NULL;
> +	return;
> +
> +out_eod:
> +	ctx->pos = DIR_OFFSET_EOD;
>  }
>  
>  /**
> @@ -517,6 +526,8 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>   *
>   * On return, @ctx->pos contains an offset that will read the next entry
>   * in this directory when offset_readdir() is called again with @ctx.
> + * Caller places this value in the d_off field of the last entry in the
> + * user's buffer.
>   *
>   * Return values:
>   *   %0 - Complete
> @@ -529,13 +540,8 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
>  
>  	if (!dir_emit_dots(file, ctx))
>  		return 0;
> -
> -	/* In this case, ->private_data is protected by f_pos_lock */
> -	if (ctx->pos == DIR_OFFSET_MIN)
> -		file->private_data = NULL;
> -	else if (file->private_data == ERR_PTR(-ENOENT))
> -		return 0;
> -	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
> +	if (ctx->pos != DIR_OFFSET_EOD)
> +		offset_iterate_dir(d_inode(dir), ctx);
>  	return 0;
>  }
>  
> -- 
> 2.47.0
> 
> 

Re: [PATCH v6 4/5] libfs: Replace simple_offset end-of-directory detection

[Chuck Lever]

On 12/23/24 11:30 AM, Liam R. Howlett wrote:
> * cel@kernel.org <cel@kernel.org> [241220 10:33]:
>> From: Chuck Lever <chuck.lever@oracle.com>
>>
>> According to getdents(3), the d_off field in each returned directory
>> entry points to the next entry in the directory. The d_off field in
>> the last returned entry in the readdir buffer must contain a valid
>> offset value, but if it points to an actual directory entry, then
>> readdir/getdents can loop.
>>
>> This patch introduces a specific fixed offset value that is placed
>> in the d_off field of the last entry in a directory. Some user space
>> applications assume that the EOD offset value is larger than the
>> offsets of real directory entries, so the largest possible offset
>> value is reserved for this purpose. This new value is never
>> allocated by simple_offset_add().
>>
>> When ->iterate_dir() returns, getdents{64} inserts the ctx->pos
>> value into the d_off field of the last valid entry in the readdir
>> buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD
>> offset value so the last entry is updated to point to the EOD marker.
>>
>> When trying to read the entry at the EOD offset, offset_readdir()
>> terminates immediately.
>>
>> It is worth noting that using a Maple tree for directory offset
>> value allocation does not guarantee a 63-bit range of values --
>> on platforms where "long" is a 32-bit type, the directory offset
>> value range is still 0..(2^31 - 1).
> 
> I have a standing request to have 32-bit archs return 64-bit values.  Is
> this another 'nice to have' 64 bit values on 32 bit archs?

It would be nice if the range of values that the mtree API handles were
the same on 32-bit and 64-bit platforms. I think that could reduce the
defect rate in mtree consumers.

But 32-bit is going away over time. I wonder how much such an effort
would pay off in the long run.


>> Fixes: 796432efab1e ("libfs: getdents() should return 0 after reaching EOD")
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>> ---
>>   fs/libfs.c | 38 ++++++++++++++++++++++----------------
>>   1 file changed, 22 insertions(+), 16 deletions(-)
>>
>> diff --git a/fs/libfs.c b/fs/libfs.c
>> index 8c9364a0174c..5c56783c03a5 100644
>> --- a/fs/libfs.c
>> +++ b/fs/libfs.c
>> @@ -245,9 +245,16 @@ const struct inode_operations simple_dir_inode_operations = {
>>   };
>>   EXPORT_SYMBOL(simple_dir_inode_operations);
>>   
>> -/* 0 is '.', 1 is '..', so always start with offset 2 or more */
>> +/* simple_offset_add() allocation range */
>>   enum {
>> -	DIR_OFFSET_MIN	= 2,
>> +	DIR_OFFSET_MIN		= 2,
>> +	DIR_OFFSET_MAX		= LONG_MAX - 1,
>> +};
>> +
>> +/* simple_offset_add() never assigns these to a dentry */
>> +enum {
>> +	DIR_OFFSET_EOD		= LONG_MAX,	/* Marks EOD */
>> +
>>   };
>>   
>>   static void offset_set(struct dentry *dentry, long offset)
>> @@ -291,7 +298,8 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
>>   		return -EBUSY;
>>   
>>   	ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
>> -				 LONG_MAX, &octx->next_offset, GFP_KERNEL);
>> +				 DIR_OFFSET_MAX, &octx->next_offset,
>> +				 GFP_KERNEL);
>>   	if (unlikely(ret < 0))
>>   		return ret == -EBUSY ? -ENOSPC : ret;
>>   
>> @@ -447,8 +455,6 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
>>   		return -EINVAL;
>>   	}
>>   
>> -	/* In this case, ->private_data is protected by f_pos_lock */
>> -	file->private_data = NULL;
>>   	return vfs_setpos(file, offset, LONG_MAX);
>>   }
>>   
>> @@ -458,7 +464,7 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
>>   	struct dentry *child, *found = NULL;
>>   
>>   	rcu_read_lock();
>> -	child = mas_find(&mas, LONG_MAX);
>> +	child = mas_find(&mas, DIR_OFFSET_MAX);
>>   	if (!child)
>>   		goto out;
>>   	spin_lock(&child->d_lock);
>> @@ -479,7 +485,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
>>   			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>   }
>>   
>> -static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>> +static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>>   {
>>   	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>   	struct dentry *dentry;
>> @@ -487,7 +493,7 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>>   	while (true) {
>>   		dentry = offset_find_next(octx, ctx->pos);
>>   		if (!dentry)
>> -			return ERR_PTR(-ENOENT);
>> +			goto out_eod;
>>   
>>   		if (!offset_dir_emit(ctx, dentry)) {
>>   			dput(dentry);
>> @@ -497,7 +503,10 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>>   		ctx->pos = dentry2offset(dentry) + 1;
>>   		dput(dentry);
>>   	}
>> -	return NULL;
>> +	return;
>> +
>> +out_eod:
>> +	ctx->pos = DIR_OFFSET_EOD;
>>   }
>>   
>>   /**
>> @@ -517,6 +526,8 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
>>    *
>>    * On return, @ctx->pos contains an offset that will read the next entry
>>    * in this directory when offset_readdir() is called again with @ctx.
>> + * Caller places this value in the d_off field of the last entry in the
>> + * user's buffer.
>>    *
>>    * Return values:
>>    *   %0 - Complete
>> @@ -529,13 +540,8 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
>>   
>>   	if (!dir_emit_dots(file, ctx))
>>   		return 0;
>> -
>> -	/* In this case, ->private_data is protected by f_pos_lock */
>> -	if (ctx->pos == DIR_OFFSET_MIN)
>> -		file->private_data = NULL;
>> -	else if (file->private_data == ERR_PTR(-ENOENT))
>> -		return 0;
>> -	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
>> +	if (ctx->pos != DIR_OFFSET_EOD)
>> +		offset_iterate_dir(d_inode(dir), ctx);
>>   	return 0;
>>   }
>>   
>> -- 
>> 2.47.0
>>
>>


-- 
Chuck Lever

Re: [PATCH v6 4/5] libfs: Replace simple_offset end-of-directory detection

[Christian Brauner]

On Mon, Dec 23, 2024 at 11:30:47AM -0500, Liam R. Howlett wrote:
> * cel@kernel.org <cel@kernel.org> [241220 10:33]:
> > From: Chuck Lever <chuck.lever@oracle.com>
> > 
> > According to getdents(3), the d_off field in each returned directory
> > entry points to the next entry in the directory. The d_off field in
> > the last returned entry in the readdir buffer must contain a valid
> > offset value, but if it points to an actual directory entry, then
> > readdir/getdents can loop.
> > 
> > This patch introduces a specific fixed offset value that is placed
> > in the d_off field of the last entry in a directory. Some user space
> > applications assume that the EOD offset value is larger than the
> > offsets of real directory entries, so the largest possible offset
> > value is reserved for this purpose. This new value is never
> > allocated by simple_offset_add().
> > 
> > When ->iterate_dir() returns, getdents{64} inserts the ctx->pos
> > value into the d_off field of the last valid entry in the readdir
> > buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD
> > offset value so the last entry is updated to point to the EOD marker.
> > 
> > When trying to read the entry at the EOD offset, offset_readdir()
> > terminates immediately.
> > 
> > It is worth noting that using a Maple tree for directory offset
> > value allocation does not guarantee a 63-bit range of values --
> > on platforms where "long" is a 32-bit type, the directory offset
> > value range is still 0..(2^31 - 1).
> 
> I have a standing request to have 32-bit archs return 64-bit values.  Is

Yes, an allocation mechanism for 64-bit values on 32-bit would be very
nice to have.

[PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

The mtree mechanism has been effective at creating directory offsets
that are stable over multiple opendir instances. However, it has not
been able to handle the subtleties of renames that are concurrent
with readdir.

Instead of using the mtree to emit entries in the order of their
offset values, use it only to map incoming ctx->pos to a starting
entry. Then use the directory's d_children list, which is already
maintained properly by the dcache, to find the next child to emit.

One of the sneaky things about this is that when the mtree-allocated
offset value wraps (which is very rare), looking up ctx->pos++ is
not going to find the next entry; it will return NULL. Instead, by
following the d_children list, the offset values can appear in any
order but all of the entries in the directory will be visited
eventually.

Note also that the readdir() is guaranteed to reach the tail of this
list. Entries are added only at the head of d_children, and readdir
walks from its current position in that list towards its tail.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/libfs.c | 84 +++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 58 insertions(+), 26 deletions(-)

diff --git a/fs/libfs.c b/fs/libfs.c
index 5c56783c03a5..f7ead02062ad 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
 
 /* simple_offset_add() allocation range */
 enum {
-	DIR_OFFSET_MIN		= 2,
+	DIR_OFFSET_MIN		= 3,
 	DIR_OFFSET_MAX		= LONG_MAX - 1,
 };
 
 /* simple_offset_add() never assigns these to a dentry */
 enum {
+	DIR_OFFSET_FIRST	= 2,		/* Find first real entry */
 	DIR_OFFSET_EOD		= LONG_MAX,	/* Marks EOD */
 
 };
@@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
 	return vfs_setpos(file, offset, LONG_MAX);
 }
 
-static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
+static struct dentry *find_positive_dentry(struct dentry *parent,
+					   struct dentry *dentry,
+					   bool next)
 {
-	MA_STATE(mas, &octx->mt, offset, offset);
+	struct dentry *found = NULL;
+
+	spin_lock(&parent->d_lock);
+	if (next)
+		dentry = d_next_sibling(dentry);
+	else if (!dentry)
+		dentry = d_first_child(parent);
+	hlist_for_each_entry_from(dentry, d_sib) {
+		if (!simple_positive(dentry))
+			continue;
+		spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
+		if (simple_positive(dentry))
+			found = dget_dlock(dentry);
+		spin_unlock(&dentry->d_lock);
+		if (likely(found))
+			break;
+	}
+	spin_unlock(&parent->d_lock);
+	return found;
+}
+
+static noinline_for_stack struct dentry *
+offset_dir_lookup(struct dentry *parent, loff_t offset)
+{
+	struct inode *inode = d_inode(parent);
+	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
 	struct dentry *child, *found = NULL;
 
-	rcu_read_lock();
-	child = mas_find(&mas, DIR_OFFSET_MAX);
-	if (!child)
-		goto out;
-	spin_lock(&child->d_lock);
-	if (simple_positive(child))
-		found = dget_dlock(child);
-	spin_unlock(&child->d_lock);
-out:
-	rcu_read_unlock();
+	MA_STATE(mas, &octx->mt, offset, offset);
+
+	if (offset == DIR_OFFSET_FIRST)
+		found = find_positive_dentry(parent, NULL, false);
+	else {
+		rcu_read_lock();
+		child = mas_find(&mas, DIR_OFFSET_MAX);
+		found = find_positive_dentry(parent, child, false);
+		rcu_read_unlock();
+	}
 	return found;
 }
 
 static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
 {
 	struct inode *inode = d_inode(dentry);
-	long offset = dentry2offset(dentry);
 
-	return ctx->actor(ctx, dentry->d_name.name, dentry->d_name.len, offset,
-			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
+	return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
+			inode->i_ino, fs_umode_to_dtype(inode->i_mode));
 }
 
-static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
+static void offset_iterate_dir(struct file *file, struct dir_context *ctx)
 {
-	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
+	struct dentry *dir = file->f_path.dentry;
 	struct dentry *dentry;
 
+	dentry = offset_dir_lookup(dir, ctx->pos);
+	if (!dentry)
+		goto out_eod;
 	while (true) {
-		dentry = offset_find_next(octx, ctx->pos);
-		if (!dentry)
-			goto out_eod;
+		struct dentry *next;
 
-		if (!offset_dir_emit(ctx, dentry)) {
-			dput(dentry);
+		ctx->pos = dentry2offset(dentry);
+		if (!offset_dir_emit(ctx, dentry))
 			break;
-		}
 
-		ctx->pos = dentry2offset(dentry) + 1;
+		next = find_positive_dentry(dir, dentry, true);
 		dput(dentry);
+
+		if (!next)
+			goto out_eod;
+		dentry = next;
 	}
+	dput(dentry);
 	return;
 
 out_eod:
@@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
 	if (!dir_emit_dots(file, ctx))
 		return 0;
 	if (ctx->pos != DIR_OFFSET_EOD)
-		offset_iterate_dir(d_inode(dir), ctx);
+		offset_iterate_dir(file, ctx);
 	return 0;
 }
 
-- 
2.47.0

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[yangerkun]

在 2024/12/20 23:33, cel@kernel.org 写道:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> The mtree mechanism has been effective at creating directory offsets
> that are stable over multiple opendir instances. However, it has not
> been able to handle the subtleties of renames that are concurrent
> with readdir.
> 
> Instead of using the mtree to emit entries in the order of their
> offset values, use it only to map incoming ctx->pos to a starting
> entry. Then use the directory's d_children list, which is already
> maintained properly by the dcache, to find the next child to emit.
> 
> One of the sneaky things about this is that when the mtree-allocated
> offset value wraps (which is very rare), looking up ctx->pos++ is
> not going to find the next entry; it will return NULL. Instead, by
> following the d_children list, the offset values can appear in any
> order but all of the entries in the directory will be visited
> eventually.
> 
> Note also that the readdir() is guaranteed to reach the tail of this
> list. Entries are added only at the head of d_children, and readdir
> walks from its current position in that list towards its tail.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>   fs/libfs.c | 84 +++++++++++++++++++++++++++++++++++++-----------------
>   1 file changed, 58 insertions(+), 26 deletions(-)
> 
> diff --git a/fs/libfs.c b/fs/libfs.c
> index 5c56783c03a5..f7ead02062ad 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>   
>   /* simple_offset_add() allocation range */
>   enum {
> -	DIR_OFFSET_MIN		= 2,
> +	DIR_OFFSET_MIN		= 3,
>   	DIR_OFFSET_MAX		= LONG_MAX - 1,
>   };
>   
>   /* simple_offset_add() never assigns these to a dentry */
>   enum {
> +	DIR_OFFSET_FIRST	= 2,		/* Find first real entry */
>   	DIR_OFFSET_EOD		= LONG_MAX,	/* Marks EOD */
>   
>   };
> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
>   	return vfs_setpos(file, offset, LONG_MAX);
>   }
>   
> -static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
> +static struct dentry *find_positive_dentry(struct dentry *parent,
> +					   struct dentry *dentry,
> +					   bool next)
>   {
> -	MA_STATE(mas, &octx->mt, offset, offset);
> +	struct dentry *found = NULL;
> +
> +	spin_lock(&parent->d_lock);
> +	if (next)
> +		dentry = d_next_sibling(dentry);
> +	else if (!dentry)
> +		dentry = d_first_child(parent);
> +	hlist_for_each_entry_from(dentry, d_sib) {
> +		if (!simple_positive(dentry))
> +			continue;
> +		spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
> +		if (simple_positive(dentry))
> +			found = dget_dlock(dentry);
> +		spin_unlock(&dentry->d_lock);
> +		if (likely(found))
> +			break;
> +	}
> +	spin_unlock(&parent->d_lock);
> +	return found;
> +}
> +
> +static noinline_for_stack struct dentry *
> +offset_dir_lookup(struct dentry *parent, loff_t offset)
> +{
> +	struct inode *inode = d_inode(parent);
> +	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>   	struct dentry *child, *found = NULL;
>   
> -	rcu_read_lock();
> -	child = mas_find(&mas, DIR_OFFSET_MAX);
> -	if (!child)
> -		goto out;
> -	spin_lock(&child->d_lock);
> -	if (simple_positive(child))
> -		found = dget_dlock(child);
> -	spin_unlock(&child->d_lock);
> -out:
> -	rcu_read_unlock();
> +	MA_STATE(mas, &octx->mt, offset, offset);
> +
> +	if (offset == DIR_OFFSET_FIRST)
> +		found = find_positive_dentry(parent, NULL, false);
> +	else {
> +		rcu_read_lock();
> +		child = mas_find(&mas, DIR_OFFSET_MAX);

Can this child be NULL? Like we delete some file after first readdir, 
maybe we should break here, or we may rescan all dentry and return them 
to userspace again?

> +		found = find_positive_dentry(parent, child, false);
> +		rcu_read_unlock();
> +	}
>   	return found;
>   }
>   
>   static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
>   {
>   	struct inode *inode = d_inode(dentry);
> -	long offset = dentry2offset(dentry);
>   
> -	return ctx->actor(ctx, dentry->d_name.name, dentry->d_name.len, offset,
> -			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
> +	return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
> +			inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>   }
>   
> -static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
> +static void offset_iterate_dir(struct file *file, struct dir_context *ctx)
>   {
> -	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
> +	struct dentry *dir = file->f_path.dentry;
>   	struct dentry *dentry;
>   
> +	dentry = offset_dir_lookup(dir, ctx->pos);
> +	if (!dentry)
> +		goto out_eod;
>   	while (true) {
> -		dentry = offset_find_next(octx, ctx->pos);
> -		if (!dentry)
> -			goto out_eod;
> +		struct dentry *next;
>   
> -		if (!offset_dir_emit(ctx, dentry)) {
> -			dput(dentry);
> +		ctx->pos = dentry2offset(dentry);
> +		if (!offset_dir_emit(ctx, dentry))
>   			break;
> -		}
>   
> -		ctx->pos = dentry2offset(dentry) + 1;
> +		next = find_positive_dentry(dir, dentry, true);
>   		dput(dentry);
> +
> +		if (!next)
> +			goto out_eod;
> +		dentry = next;
>   	}
> +	dput(dentry);
>   	return;
>   
>   out_eod:
> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
>   	if (!dir_emit_dots(file, ctx))
>   		return 0;
>   	if (ctx->pos != DIR_OFFSET_EOD)
> -		offset_iterate_dir(d_inode(dir), ctx);
> +		offset_iterate_dir(file, ctx);
>   	return 0;
>   }
>   

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[Chuck Lever]

On 12/23/24 9:21 AM, yangerkun wrote:
> 
> 
> 在 2024/12/20 23:33, cel@kernel.org 写道:
>> From: Chuck Lever <chuck.lever@oracle.com>
>>
>> The mtree mechanism has been effective at creating directory offsets
>> that are stable over multiple opendir instances. However, it has not
>> been able to handle the subtleties of renames that are concurrent
>> with readdir.
>>
>> Instead of using the mtree to emit entries in the order of their
>> offset values, use it only to map incoming ctx->pos to a starting
>> entry. Then use the directory's d_children list, which is already
>> maintained properly by the dcache, to find the next child to emit.
>>
>> One of the sneaky things about this is that when the mtree-allocated
>> offset value wraps (which is very rare), looking up ctx->pos++ is
>> not going to find the next entry; it will return NULL. Instead, by
>> following the d_children list, the offset values can appear in any
>> order but all of the entries in the directory will be visited
>> eventually.
>>
>> Note also that the readdir() is guaranteed to reach the tail of this
>> list. Entries are added only at the head of d_children, and readdir
>> walks from its current position in that list towards its tail.
>>
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>> ---
>>   fs/libfs.c | 84 +++++++++++++++++++++++++++++++++++++-----------------
>>   1 file changed, 58 insertions(+), 26 deletions(-)
>>
>> diff --git a/fs/libfs.c b/fs/libfs.c
>> index 5c56783c03a5..f7ead02062ad 100644
>> --- a/fs/libfs.c
>> +++ b/fs/libfs.c
>> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>>   /* simple_offset_add() allocation range */
>>   enum {
>> -    DIR_OFFSET_MIN        = 2,
>> +    DIR_OFFSET_MIN        = 3,
>>       DIR_OFFSET_MAX        = LONG_MAX - 1,
>>   };
>>   /* simple_offset_add() never assigns these to a dentry */
>>   enum {
>> +    DIR_OFFSET_FIRST    = 2,        /* Find first real entry */
>>       DIR_OFFSET_EOD        = LONG_MAX,    /* Marks EOD */
>>   };
>> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file 
>> *file, loff_t offset, int whence)
>>       return vfs_setpos(file, offset, LONG_MAX);
>>   }
>> -static struct dentry *offset_find_next(struct offset_ctx *octx, 
>> loff_t offset)
>> +static struct dentry *find_positive_dentry(struct dentry *parent,
>> +                       struct dentry *dentry,
>> +                       bool next)
>>   {
>> -    MA_STATE(mas, &octx->mt, offset, offset);
>> +    struct dentry *found = NULL;
>> +
>> +    spin_lock(&parent->d_lock);
>> +    if (next)
>> +        dentry = d_next_sibling(dentry);
>> +    else if (!dentry)
>> +        dentry = d_first_child(parent);
>> +    hlist_for_each_entry_from(dentry, d_sib) {
>> +        if (!simple_positive(dentry))
>> +            continue;
>> +        spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
>> +        if (simple_positive(dentry))
>> +            found = dget_dlock(dentry);
>> +        spin_unlock(&dentry->d_lock);
>> +        if (likely(found))
>> +            break;
>> +    }
>> +    spin_unlock(&parent->d_lock);
>> +    return found;
>> +}
>> +
>> +static noinline_for_stack struct dentry *
>> +offset_dir_lookup(struct dentry *parent, loff_t offset)
>> +{
>> +    struct inode *inode = d_inode(parent);
>> +    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>       struct dentry *child, *found = NULL;
>> -    rcu_read_lock();
>> -    child = mas_find(&mas, DIR_OFFSET_MAX);
>> -    if (!child)
>> -        goto out;
>> -    spin_lock(&child->d_lock);
>> -    if (simple_positive(child))
>> -        found = dget_dlock(child);
>> -    spin_unlock(&child->d_lock);
>> -out:
>> -    rcu_read_unlock();
>> +    MA_STATE(mas, &octx->mt, offset, offset);
>> +
>> +    if (offset == DIR_OFFSET_FIRST)
>> +        found = find_positive_dentry(parent, NULL, false);
>> +    else {
>> +        rcu_read_lock();
>> +        child = mas_find(&mas, DIR_OFFSET_MAX);
> 
> Can this child be NULL?

Yes, this mas_find() call can return NULL. find_positive_dentry() should
then return NULL. Kind of subtle.


> Like we delete some file after first readdir, 
> maybe we should break here, or we may rescan all dentry and return them 
> to userspace again?

You mean to deal with the case where the "next" entry has an offset
that is lower than @offset? mas_find() will return the entry in the
tree that is "at or after" mas->index.

I'm not sure either "break" or returning repeats is safe. But, now that
you point it out, this function probably does need additional logic to
deal with the offset wrap case.

But since this logic already exists here, IMO it is reasonable to leave
that to be addressed by a subsequent patch. So far there aren't any
regression test failures that warn of a user-visible problem the way it
is now.


>> +        found = find_positive_dentry(parent, child, false);
>> +        rcu_read_unlock();
>> +    }
>>       return found;
>>   }
>>   static bool offset_dir_emit(struct dir_context *ctx, struct dentry 
>> *dentry)
>>   {
>>       struct inode *inode = d_inode(dentry);
>> -    long offset = dentry2offset(dentry);
>> -    return ctx->actor(ctx, dentry->d_name.name, dentry->d_name.len, 
>> offset,
>> -              inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>> +    return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
>> +            inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>   }
>> -static void offset_iterate_dir(struct inode *inode, struct 
>> dir_context *ctx)
>> +static void offset_iterate_dir(struct file *file, struct dir_context 
>> *ctx)
>>   {
>> -    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>> +    struct dentry *dir = file->f_path.dentry;
>>       struct dentry *dentry;
>> +    dentry = offset_dir_lookup(dir, ctx->pos);
>> +    if (!dentry)
>> +        goto out_eod;
>>       while (true) {
>> -        dentry = offset_find_next(octx, ctx->pos);
>> -        if (!dentry)
>> -            goto out_eod;
>> +        struct dentry *next;
>> -        if (!offset_dir_emit(ctx, dentry)) {
>> -            dput(dentry);
>> +        ctx->pos = dentry2offset(dentry);
>> +        if (!offset_dir_emit(ctx, dentry))
>>               break;
>> -        }
>> -        ctx->pos = dentry2offset(dentry) + 1;
>> +        next = find_positive_dentry(dir, dentry, true);
>>           dput(dentry);
>> +
>> +        if (!next)
>> +            goto out_eod;
>> +        dentry = next;
>>       }
>> +    dput(dentry);
>>       return;
>>   out_eod:
>> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, 
>> struct dir_context *ctx)
>>       if (!dir_emit_dots(file, ctx))
>>           return 0;
>>       if (ctx->pos != DIR_OFFSET_EOD)
>> -        offset_iterate_dir(d_inode(dir), ctx);
>> +        offset_iterate_dir(file, ctx);
>>       return 0;
>>   }
> 


-- 
Chuck Lever

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[yangerkun]

在 2024/12/23 22:44, Chuck Lever 写道:
> On 12/23/24 9:21 AM, yangerkun wrote:
>>
>>
>> 在 2024/12/20 23:33, cel@kernel.org 写道:
>>> From: Chuck Lever <chuck.lever@oracle.com>
>>>
>>> The mtree mechanism has been effective at creating directory offsets
>>> that are stable over multiple opendir instances. However, it has not
>>> been able to handle the subtleties of renames that are concurrent
>>> with readdir.
>>>
>>> Instead of using the mtree to emit entries in the order of their
>>> offset values, use it only to map incoming ctx->pos to a starting
>>> entry. Then use the directory's d_children list, which is already
>>> maintained properly by the dcache, to find the next child to emit.
>>>
>>> One of the sneaky things about this is that when the mtree-allocated
>>> offset value wraps (which is very rare), looking up ctx->pos++ is
>>> not going to find the next entry; it will return NULL. Instead, by
>>> following the d_children list, the offset values can appear in any
>>> order but all of the entries in the directory will be visited
>>> eventually.
>>>
>>> Note also that the readdir() is guaranteed to reach the tail of this
>>> list. Entries are added only at the head of d_children, and readdir
>>> walks from its current position in that list towards its tail.
>>>
>>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>>> ---
>>>   fs/libfs.c | 84 +++++++++++++++++++++++++++++++++++++-----------------
>>>   1 file changed, 58 insertions(+), 26 deletions(-)
>>>
>>> diff --git a/fs/libfs.c b/fs/libfs.c
>>> index 5c56783c03a5..f7ead02062ad 100644
>>> --- a/fs/libfs.c
>>> +++ b/fs/libfs.c
>>> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>>>   /* simple_offset_add() allocation range */
>>>   enum {
>>> -    DIR_OFFSET_MIN        = 2,
>>> +    DIR_OFFSET_MIN        = 3,
>>>       DIR_OFFSET_MAX        = LONG_MAX - 1,
>>>   };
>>>   /* simple_offset_add() never assigns these to a dentry */
>>>   enum {
>>> +    DIR_OFFSET_FIRST    = 2,        /* Find first real entry */
>>>       DIR_OFFSET_EOD        = LONG_MAX,    /* Marks EOD */
>>>   };
>>> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file 
>>> *file, loff_t offset, int whence)
>>>       return vfs_setpos(file, offset, LONG_MAX);
>>>   }
>>> -static struct dentry *offset_find_next(struct offset_ctx *octx, 
>>> loff_t offset)
>>> +static struct dentry *find_positive_dentry(struct dentry *parent,
>>> +                       struct dentry *dentry,
>>> +                       bool next)
>>>   {
>>> -    MA_STATE(mas, &octx->mt, offset, offset);
>>> +    struct dentry *found = NULL;
>>> +
>>> +    spin_lock(&parent->d_lock);
>>> +    if (next)
>>> +        dentry = d_next_sibling(dentry);
>>> +    else if (!dentry)
>>> +        dentry = d_first_child(parent);
>>> +    hlist_for_each_entry_from(dentry, d_sib) {
>>> +        if (!simple_positive(dentry))
>>> +            continue;
>>> +        spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
>>> +        if (simple_positive(dentry))
>>> +            found = dget_dlock(dentry);
>>> +        spin_unlock(&dentry->d_lock);
>>> +        if (likely(found))
>>> +            break;
>>> +    }
>>> +    spin_unlock(&parent->d_lock);
>>> +    return found;
>>> +}
>>> +
>>> +static noinline_for_stack struct dentry *
>>> +offset_dir_lookup(struct dentry *parent, loff_t offset)
>>> +{
>>> +    struct inode *inode = d_inode(parent);
>>> +    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>       struct dentry *child, *found = NULL;
>>> -    rcu_read_lock();
>>> -    child = mas_find(&mas, DIR_OFFSET_MAX);
>>> -    if (!child)
>>> -        goto out;
>>> -    spin_lock(&child->d_lock);
>>> -    if (simple_positive(child))
>>> -        found = dget_dlock(child);
>>> -    spin_unlock(&child->d_lock);
>>> -out:
>>> -    rcu_read_unlock();
>>> +    MA_STATE(mas, &octx->mt, offset, offset);
>>> +
>>> +    if (offset == DIR_OFFSET_FIRST)
>>> +        found = find_positive_dentry(parent, NULL, false);
>>> +    else {
>>> +        rcu_read_lock();
>>> +        child = mas_find(&mas, DIR_OFFSET_MAX);
>>
>> Can this child be NULL?
> 
> Yes, this mas_find() call can return NULL. find_positive_dentry() should
> then return NULL. Kind of subtle.
> 
> 
>> Like we delete some file after first readdir, maybe we should break 
>> here, or we may rescan all dentry and return them to userspace again?
> 
> You mean to deal with the case where the "next" entry has an offset
> that is lower than @offset? mas_find() will return the entry in the
> tree that is "at or after" mas->index.
> 
> I'm not sure either "break" or returning repeats is safe. But, now that
> you point it out, this function probably does need additional logic to
> deal with the offset wrap case.
> 
> But since this logic already exists here, IMO it is reasonable to leave
> that to be addressed by a subsequent patch. So far there aren't any
> regression test failures that warn of a user-visible problem the way it
> is now.

Sorry for the confusing, the case I am talking is something like below:

mkdir /tmp/dir && cd /tmp/dir
touch file1 # offset is 3
touch file2 # offset is 4
touch file3 # offset is 5
touch file4 # offset is 6
touch file5 # offset is 7
first readdir and get file5 file4 file3 file2 #ctx->pos is 3, which
means we will get file1 for second readdir

unlink file1 # can not get entry for ctx->pos == 3

second readdir # offset_dir_lookup will use mas_find but return NULL,
and we will get file5 file4 file3 file2 again?


And for the offset wrap case, I prefer it's safe with your patch if we 
won't unlink file between two readdir. The second readdir will use an
active ctx->pos which means there is a active dentry attach to this
ctx->pos. find_positive_dentry will stop once we meet the last child.


I am not sure if I understand correctly, if not, please point out!

Thanks!

> 
> 
>>> +        found = find_positive_dentry(parent, child, false);
>>> +        rcu_read_unlock();
>>> +    }
>>>       return found;
>>>   }
>>>   static bool offset_dir_emit(struct dir_context *ctx, struct dentry 
>>> *dentry)
>>>   {
>>>       struct inode *inode = d_inode(dentry);
>>> -    long offset = dentry2offset(dentry);
>>> -    return ctx->actor(ctx, dentry->d_name.name, dentry->d_name.len, 
>>> offset,
>>> -              inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>> +    return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
>>> +            inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>   }
>>> -static void offset_iterate_dir(struct inode *inode, struct 
>>> dir_context *ctx)
>>> +static void offset_iterate_dir(struct file *file, struct dir_context 
>>> *ctx)
>>>   {
>>> -    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>> +    struct dentry *dir = file->f_path.dentry;
>>>       struct dentry *dentry;
>>> +    dentry = offset_dir_lookup(dir, ctx->pos);
>>> +    if (!dentry)
>>> +        goto out_eod;
>>>       while (true) {
>>> -        dentry = offset_find_next(octx, ctx->pos);
>>> -        if (!dentry)
>>> -            goto out_eod;
>>> +        struct dentry *next;
>>> -        if (!offset_dir_emit(ctx, dentry)) {
>>> -            dput(dentry);
>>> +        ctx->pos = dentry2offset(dentry);
>>> +        if (!offset_dir_emit(ctx, dentry))
>>>               break;
>>> -        }
>>> -        ctx->pos = dentry2offset(dentry) + 1;
>>> +        next = find_positive_dentry(dir, dentry, true);
>>>           dput(dentry);
>>> +
>>> +        if (!next)
>>> +            goto out_eod;
>>> +        dentry = next;
>>>       }
>>> +    dput(dentry);
>>>       return;
>>>   out_eod:
>>> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, 
>>> struct dir_context *ctx)
>>>       if (!dir_emit_dots(file, ctx))
>>>           return 0;
>>>       if (ctx->pos != DIR_OFFSET_EOD)
>>> -        offset_iterate_dir(d_inode(dir), ctx);
>>> +        offset_iterate_dir(file, ctx);
>>>       return 0;
>>>   }
>>
> 
> 

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[Chuck Lever]

On 12/23/24 11:40 PM, yangerkun wrote:
> 
> 
> 在 2024/12/23 22:44, Chuck Lever 写道:
>> On 12/23/24 9:21 AM, yangerkun wrote:
>>>
>>>
>>> 在 2024/12/20 23:33, cel@kernel.org 写道:
>>>> From: Chuck Lever <chuck.lever@oracle.com>
>>>>
>>>> The mtree mechanism has been effective at creating directory offsets
>>>> that are stable over multiple opendir instances. However, it has not
>>>> been able to handle the subtleties of renames that are concurrent
>>>> with readdir.
>>>>
>>>> Instead of using the mtree to emit entries in the order of their
>>>> offset values, use it only to map incoming ctx->pos to a starting
>>>> entry. Then use the directory's d_children list, which is already
>>>> maintained properly by the dcache, to find the next child to emit.
>>>>
>>>> One of the sneaky things about this is that when the mtree-allocated
>>>> offset value wraps (which is very rare), looking up ctx->pos++ is
>>>> not going to find the next entry; it will return NULL. Instead, by
>>>> following the d_children list, the offset values can appear in any
>>>> order but all of the entries in the directory will be visited
>>>> eventually.
>>>>
>>>> Note also that the readdir() is guaranteed to reach the tail of this
>>>> list. Entries are added only at the head of d_children, and readdir
>>>> walks from its current position in that list towards its tail.
>>>>
>>>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>>>> ---
>>>>   fs/libfs.c | 84 ++++++++++++++++++++++++++++++++++++ 
>>>> +-----------------
>>>>   1 file changed, 58 insertions(+), 26 deletions(-)
>>>>
>>>> diff --git a/fs/libfs.c b/fs/libfs.c
>>>> index 5c56783c03a5..f7ead02062ad 100644
>>>> --- a/fs/libfs.c
>>>> +++ b/fs/libfs.c
>>>> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>>>>   /* simple_offset_add() allocation range */
>>>>   enum {
>>>> -    DIR_OFFSET_MIN        = 2,
>>>> +    DIR_OFFSET_MIN        = 3,
>>>>       DIR_OFFSET_MAX        = LONG_MAX - 1,
>>>>   };
>>>>   /* simple_offset_add() never assigns these to a dentry */
>>>>   enum {
>>>> +    DIR_OFFSET_FIRST    = 2,        /* Find first real entry */
>>>>       DIR_OFFSET_EOD        = LONG_MAX,    /* Marks EOD */
>>>>   };
>>>> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file 
>>>> *file, loff_t offset, int whence)
>>>>       return vfs_setpos(file, offset, LONG_MAX);
>>>>   }
>>>> -static struct dentry *offset_find_next(struct offset_ctx *octx, 
>>>> loff_t offset)
>>>> +static struct dentry *find_positive_dentry(struct dentry *parent,
>>>> +                       struct dentry *dentry,
>>>> +                       bool next)
>>>>   {
>>>> -    MA_STATE(mas, &octx->mt, offset, offset);
>>>> +    struct dentry *found = NULL;
>>>> +
>>>> +    spin_lock(&parent->d_lock);
>>>> +    if (next)
>>>> +        dentry = d_next_sibling(dentry);
>>>> +    else if (!dentry)
>>>> +        dentry = d_first_child(parent);
>>>> +    hlist_for_each_entry_from(dentry, d_sib) {
>>>> +        if (!simple_positive(dentry))
>>>> +            continue;
>>>> +        spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
>>>> +        if (simple_positive(dentry))
>>>> +            found = dget_dlock(dentry);
>>>> +        spin_unlock(&dentry->d_lock);
>>>> +        if (likely(found))
>>>> +            break;
>>>> +    }
>>>> +    spin_unlock(&parent->d_lock);
>>>> +    return found;
>>>> +}
>>>> +
>>>> +static noinline_for_stack struct dentry *
>>>> +offset_dir_lookup(struct dentry *parent, loff_t offset)
>>>> +{
>>>> +    struct inode *inode = d_inode(parent);
>>>> +    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>       struct dentry *child, *found = NULL;
>>>> -    rcu_read_lock();
>>>> -    child = mas_find(&mas, DIR_OFFSET_MAX);
>>>> -    if (!child)
>>>> -        goto out;
>>>> -    spin_lock(&child->d_lock);
>>>> -    if (simple_positive(child))
>>>> -        found = dget_dlock(child);
>>>> -    spin_unlock(&child->d_lock);
>>>> -out:
>>>> -    rcu_read_unlock();
>>>> +    MA_STATE(mas, &octx->mt, offset, offset);
>>>> +
>>>> +    if (offset == DIR_OFFSET_FIRST)
>>>> +        found = find_positive_dentry(parent, NULL, false);
>>>> +    else {
>>>> +        rcu_read_lock();
>>>> +        child = mas_find(&mas, DIR_OFFSET_MAX);
>>>
>>> Can this child be NULL?
>>
>> Yes, this mas_find() call can return NULL. find_positive_dentry() should
>> then return NULL. Kind of subtle.
>>
>>
>>> Like we delete some file after first readdir, maybe we should break 
>>> here, or we may rescan all dentry and return them to userspace again?
>>
>> You mean to deal with the case where the "next" entry has an offset
>> that is lower than @offset? mas_find() will return the entry in the
>> tree that is "at or after" mas->index.
>>
>> I'm not sure either "break" or returning repeats is safe. But, now that
>> you point it out, this function probably does need additional logic to
>> deal with the offset wrap case.
>>
>> But since this logic already exists here, IMO it is reasonable to leave
>> that to be addressed by a subsequent patch. So far there aren't any
>> regression test failures that warn of a user-visible problem the way it
>> is now.
> 
> Sorry for the confusing, the case I am talking is something like below:
> 
> mkdir /tmp/dir && cd /tmp/dir
> touch file1 # offset is 3
> touch file2 # offset is 4
> touch file3 # offset is 5
> touch file4 # offset is 6
> touch file5 # offset is 7
> first readdir and get file5 file4 file3 file2 #ctx->pos is 3, which
> means we will get file1 for second readdir
> 
> unlink file1 # can not get entry for ctx->pos == 3
> 
> second readdir # offset_dir_lookup will use mas_find but return NULL,
> and we will get file5 file4 file3 file2 again?

After this patch, directory entries are reported in descending
cookie order. Therefore, should this patch replace the mas_find() call
with mas_find_rev() ?


> And for the offset wrap case, I prefer it's safe with your patch if we 
> won't unlink file between two readdir. The second readdir will use an
> active ctx->pos which means there is a active dentry attach to this
> ctx->pos. find_positive_dentry will stop once we meet the last child.
> 
> 
> I am not sure if I understand correctly, if not, please point out!
> 
> Thanks!
> 
>>
>>
>>>> +        found = find_positive_dentry(parent, child, false);
>>>> +        rcu_read_unlock();
>>>> +    }
>>>>       return found;
>>>>   }
>>>>   static bool offset_dir_emit(struct dir_context *ctx, struct dentry 
>>>> *dentry)
>>>>   {
>>>>       struct inode *inode = d_inode(dentry);
>>>> -    long offset = dentry2offset(dentry);
>>>> -    return ctx->actor(ctx, dentry->d_name.name, dentry->d_name.len, 
>>>> offset,
>>>> -              inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>> +    return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
>>>> +            inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>   }
>>>> -static void offset_iterate_dir(struct inode *inode, struct 
>>>> dir_context *ctx)
>>>> +static void offset_iterate_dir(struct file *file, struct 
>>>> dir_context *ctx)
>>>>   {
>>>> -    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>> +    struct dentry *dir = file->f_path.dentry;
>>>>       struct dentry *dentry;
>>>> +    dentry = offset_dir_lookup(dir, ctx->pos);
>>>> +    if (!dentry)
>>>> +        goto out_eod;
>>>>       while (true) {
>>>> -        dentry = offset_find_next(octx, ctx->pos);
>>>> -        if (!dentry)
>>>> -            goto out_eod;
>>>> +        struct dentry *next;
>>>> -        if (!offset_dir_emit(ctx, dentry)) {
>>>> -            dput(dentry);
>>>> +        ctx->pos = dentry2offset(dentry);
>>>> +        if (!offset_dir_emit(ctx, dentry))
>>>>               break;
>>>> -        }
>>>> -        ctx->pos = dentry2offset(dentry) + 1;
>>>> +        next = find_positive_dentry(dir, dentry, true);
>>>>           dput(dentry);
>>>> +
>>>> +        if (!next)
>>>> +            goto out_eod;
>>>> +        dentry = next;
>>>>       }
>>>> +    dput(dentry);
>>>>       return;
>>>>   out_eod:
>>>> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, 
>>>> struct dir_context *ctx)
>>>>       if (!dir_emit_dots(file, ctx))
>>>>           return 0;
>>>>       if (ctx->pos != DIR_OFFSET_EOD)
>>>> -        offset_iterate_dir(d_inode(dir), ctx);
>>>> +        offset_iterate_dir(file, ctx);
>>>>       return 0;
>>>>   }
>>>
>>
>>
> 


-- 
Chuck Lever

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[yangerkun]

在 2024/12/24 21:52, Chuck Lever 写道:
> On 12/23/24 11:40 PM, yangerkun wrote:
>>
>>
>> 在 2024/12/23 22:44, Chuck Lever 写道:
>>> On 12/23/24 9:21 AM, yangerkun wrote:
>>>>
>>>>
>>>> 在 2024/12/20 23:33, cel@kernel.org 写道:
>>>>> From: Chuck Lever <chuck.lever@oracle.com>
>>>>>
>>>>> The mtree mechanism has been effective at creating directory offsets
>>>>> that are stable over multiple opendir instances. However, it has not
>>>>> been able to handle the subtleties of renames that are concurrent
>>>>> with readdir.
>>>>>
>>>>> Instead of using the mtree to emit entries in the order of their
>>>>> offset values, use it only to map incoming ctx->pos to a starting
>>>>> entry. Then use the directory's d_children list, which is already
>>>>> maintained properly by the dcache, to find the next child to emit.
>>>>>
>>>>> One of the sneaky things about this is that when the mtree-allocated
>>>>> offset value wraps (which is very rare), looking up ctx->pos++ is
>>>>> not going to find the next entry; it will return NULL. Instead, by
>>>>> following the d_children list, the offset values can appear in any
>>>>> order but all of the entries in the directory will be visited
>>>>> eventually.
>>>>>
>>>>> Note also that the readdir() is guaranteed to reach the tail of this
>>>>> list. Entries are added only at the head of d_children, and readdir
>>>>> walks from its current position in that list towards its tail.
>>>>>
>>>>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>>>>> ---
>>>>>   fs/libfs.c | 84 ++++++++++++++++++++++++++++++++++++ 
>>>>> +-----------------
>>>>>   1 file changed, 58 insertions(+), 26 deletions(-)
>>>>>
>>>>> diff --git a/fs/libfs.c b/fs/libfs.c
>>>>> index 5c56783c03a5..f7ead02062ad 100644
>>>>> --- a/fs/libfs.c
>>>>> +++ b/fs/libfs.c
>>>>> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>>>>>   /* simple_offset_add() allocation range */
>>>>>   enum {
>>>>> -    DIR_OFFSET_MIN        = 2,
>>>>> +    DIR_OFFSET_MIN        = 3,
>>>>>       DIR_OFFSET_MAX        = LONG_MAX - 1,
>>>>>   };
>>>>>   /* simple_offset_add() never assigns these to a dentry */
>>>>>   enum {
>>>>> +    DIR_OFFSET_FIRST    = 2,        /* Find first real entry */
>>>>>       DIR_OFFSET_EOD        = LONG_MAX,    /* Marks EOD */
>>>>>   };
>>>>> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file 
>>>>> *file, loff_t offset, int whence)
>>>>>       return vfs_setpos(file, offset, LONG_MAX);
>>>>>   }
>>>>> -static struct dentry *offset_find_next(struct offset_ctx *octx, 
>>>>> loff_t offset)
>>>>> +static struct dentry *find_positive_dentry(struct dentry *parent,
>>>>> +                       struct dentry *dentry,
>>>>> +                       bool next)
>>>>>   {
>>>>> -    MA_STATE(mas, &octx->mt, offset, offset);
>>>>> +    struct dentry *found = NULL;
>>>>> +
>>>>> +    spin_lock(&parent->d_lock);
>>>>> +    if (next)
>>>>> +        dentry = d_next_sibling(dentry);
>>>>> +    else if (!dentry)
>>>>> +        dentry = d_first_child(parent);
>>>>> +    hlist_for_each_entry_from(dentry, d_sib) {
>>>>> +        if (!simple_positive(dentry))
>>>>> +            continue;
>>>>> +        spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
>>>>> +        if (simple_positive(dentry))
>>>>> +            found = dget_dlock(dentry);
>>>>> +        spin_unlock(&dentry->d_lock);
>>>>> +        if (likely(found))
>>>>> +            break;
>>>>> +    }
>>>>> +    spin_unlock(&parent->d_lock);
>>>>> +    return found;
>>>>> +}
>>>>> +
>>>>> +static noinline_for_stack struct dentry *
>>>>> +offset_dir_lookup(struct dentry *parent, loff_t offset)
>>>>> +{
>>>>> +    struct inode *inode = d_inode(parent);
>>>>> +    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>>       struct dentry *child, *found = NULL;
>>>>> -    rcu_read_lock();
>>>>> -    child = mas_find(&mas, DIR_OFFSET_MAX);
>>>>> -    if (!child)
>>>>> -        goto out;
>>>>> -    spin_lock(&child->d_lock);
>>>>> -    if (simple_positive(child))
>>>>> -        found = dget_dlock(child);
>>>>> -    spin_unlock(&child->d_lock);
>>>>> -out:
>>>>> -    rcu_read_unlock();
>>>>> +    MA_STATE(mas, &octx->mt, offset, offset);
>>>>> +
>>>>> +    if (offset == DIR_OFFSET_FIRST)
>>>>> +        found = find_positive_dentry(parent, NULL, false);
>>>>> +    else {
>>>>> +        rcu_read_lock();
>>>>> +        child = mas_find(&mas, DIR_OFFSET_MAX);
>>>>
>>>> Can this child be NULL?
>>>
>>> Yes, this mas_find() call can return NULL. find_positive_dentry() should
>>> then return NULL. Kind of subtle.
>>>
>>>
>>>> Like we delete some file after first readdir, maybe we should break 
>>>> here, or we may rescan all dentry and return them to userspace again?
>>>
>>> You mean to deal with the case where the "next" entry has an offset
>>> that is lower than @offset? mas_find() will return the entry in the
>>> tree that is "at or after" mas->index.
>>>
>>> I'm not sure either "break" or returning repeats is safe. But, now that
>>> you point it out, this function probably does need additional logic to
>>> deal with the offset wrap case.
>>>
>>> But since this logic already exists here, IMO it is reasonable to leave
>>> that to be addressed by a subsequent patch. So far there aren't any
>>> regression test failures that warn of a user-visible problem the way it
>>> is now.
>>
>> Sorry for the confusing, the case I am talking is something like below:
>>
>> mkdir /tmp/dir && cd /tmp/dir
>> touch file1 # offset is 3
>> touch file2 # offset is 4
>> touch file3 # offset is 5
>> touch file4 # offset is 6
>> touch file5 # offset is 7
>> first readdir and get file5 file4 file3 file2 #ctx->pos is 3, which
>> means we will get file1 for second readdir
>>
>> unlink file1 # can not get entry for ctx->pos == 3
>>
>> second readdir # offset_dir_lookup will use mas_find but return NULL,
>> and we will get file5 file4 file3 file2 again?
> 
> After this patch, directory entries are reported in descending
> cookie order. Therefore, should this patch replace the mas_find() call
> with mas_find_rev() ?

Emm... The reason that why readdir report file with descending cookie
order is d_alloc will insert child dentry to the list head of
&parent->d_subdirs, and find_positive_dentry will get child in order. So
it seems this won't work?

> 
> 
>> And for the offset wrap case, I prefer it's safe with your patch if we 
>> won't unlink file between two readdir. The second readdir will use an
>> active ctx->pos which means there is a active dentry attach to this
>> ctx->pos. find_positive_dentry will stop once we meet the last child.
>>
>>
>> I am not sure if I understand correctly, if not, please point out!
>>
>> Thanks!
>>
>>>
>>>
>>>>> +        found = find_positive_dentry(parent, child, false);
>>>>> +        rcu_read_unlock();
>>>>> +    }
>>>>>       return found;
>>>>>   }
>>>>>   static bool offset_dir_emit(struct dir_context *ctx, struct 
>>>>> dentry *dentry)
>>>>>   {
>>>>>       struct inode *inode = d_inode(dentry);
>>>>> -    long offset = dentry2offset(dentry);
>>>>> -    return ctx->actor(ctx, dentry->d_name.name, 
>>>>> dentry->d_name.len, offset,
>>>>> -              inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>> +    return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
>>>>> +            inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>>   }
>>>>> -static void offset_iterate_dir(struct inode *inode, struct 
>>>>> dir_context *ctx)
>>>>> +static void offset_iterate_dir(struct file *file, struct 
>>>>> dir_context *ctx)
>>>>>   {
>>>>> -    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>> +    struct dentry *dir = file->f_path.dentry;
>>>>>       struct dentry *dentry;
>>>>> +    dentry = offset_dir_lookup(dir, ctx->pos);
>>>>> +    if (!dentry)
>>>>> +        goto out_eod;
>>>>>       while (true) {
>>>>> -        dentry = offset_find_next(octx, ctx->pos);
>>>>> -        if (!dentry)
>>>>> -            goto out_eod;
>>>>> +        struct dentry *next;
>>>>> -        if (!offset_dir_emit(ctx, dentry)) {
>>>>> -            dput(dentry);
>>>>> +        ctx->pos = dentry2offset(dentry);
>>>>> +        if (!offset_dir_emit(ctx, dentry))
>>>>>               break;
>>>>> -        }
>>>>> -        ctx->pos = dentry2offset(dentry) + 1;
>>>>> +        next = find_positive_dentry(dir, dentry, true);
>>>>>           dput(dentry);
>>>>> +
>>>>> +        if (!next)
>>>>> +            goto out_eod;
>>>>> +        dentry = next;
>>>>>       }
>>>>> +    dput(dentry);
>>>>>       return;
>>>>>   out_eod:
>>>>> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, 
>>>>> struct dir_context *ctx)
>>>>>       if (!dir_emit_dots(file, ctx))
>>>>>           return 0;
>>>>>       if (ctx->pos != DIR_OFFSET_EOD)
>>>>> -        offset_iterate_dir(d_inode(dir), ctx);
>>>>> +        offset_iterate_dir(file, ctx);
>>>>>       return 0;
>>>>>   }
>>>>
>>>
>>>
>>
> 
> 

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[yangerkun]

在 2024/12/24 21:57, yangerkun 写道:
> 
> 
> 在 2024/12/24 21:52, Chuck Lever 写道:
>> On 12/23/24 11:40 PM, yangerkun wrote:
>>>
>>>
>>> 在 2024/12/23 22:44, Chuck Lever 写道:
>>>> On 12/23/24 9:21 AM, yangerkun wrote:
>>>>>
>>>>>
>>>>> 在 2024/12/20 23:33, cel@kernel.org 写道:
>>>>>> From: Chuck Lever <chuck.lever@oracle.com>
>>>>>>
>>>>>> The mtree mechanism has been effective at creating directory offsets
>>>>>> that are stable over multiple opendir instances. However, it has not
>>>>>> been able to handle the subtleties of renames that are concurrent
>>>>>> with readdir.
>>>>>>
>>>>>> Instead of using the mtree to emit entries in the order of their
>>>>>> offset values, use it only to map incoming ctx->pos to a starting
>>>>>> entry. Then use the directory's d_children list, which is already
>>>>>> maintained properly by the dcache, to find the next child to emit.
>>>>>>
>>>>>> One of the sneaky things about this is that when the mtree-allocated
>>>>>> offset value wraps (which is very rare), looking up ctx->pos++ is
>>>>>> not going to find the next entry; it will return NULL. Instead, by
>>>>>> following the d_children list, the offset values can appear in any
>>>>>> order but all of the entries in the directory will be visited
>>>>>> eventually.
>>>>>>
>>>>>> Note also that the readdir() is guaranteed to reach the tail of this
>>>>>> list. Entries are added only at the head of d_children, and readdir
>>>>>> walks from its current position in that list towards its tail.
>>>>>>
>>>>>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>>>>>> ---
>>>>>>   fs/libfs.c | 84 ++++++++++++++++++++++++++++++++++++ 
>>>>>> +-----------------
>>>>>>   1 file changed, 58 insertions(+), 26 deletions(-)
>>>>>>
>>>>>> diff --git a/fs/libfs.c b/fs/libfs.c
>>>>>> index 5c56783c03a5..f7ead02062ad 100644
>>>>>> --- a/fs/libfs.c
>>>>>> +++ b/fs/libfs.c
>>>>>> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>>>>>>   /* simple_offset_add() allocation range */
>>>>>>   enum {
>>>>>> -    DIR_OFFSET_MIN        = 2,
>>>>>> +    DIR_OFFSET_MIN        = 3,
>>>>>>       DIR_OFFSET_MAX        = LONG_MAX - 1,
>>>>>>   };
>>>>>>   /* simple_offset_add() never assigns these to a dentry */
>>>>>>   enum {
>>>>>> +    DIR_OFFSET_FIRST    = 2,        /* Find first real entry */
>>>>>>       DIR_OFFSET_EOD        = LONG_MAX,    /* Marks EOD */
>>>>>>   };
>>>>>> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file 
>>>>>> *file, loff_t offset, int whence)
>>>>>>       return vfs_setpos(file, offset, LONG_MAX);
>>>>>>   }
>>>>>> -static struct dentry *offset_find_next(struct offset_ctx *octx, 
>>>>>> loff_t offset)
>>>>>> +static struct dentry *find_positive_dentry(struct dentry *parent,
>>>>>> +                       struct dentry *dentry,
>>>>>> +                       bool next)
>>>>>>   {
>>>>>> -    MA_STATE(mas, &octx->mt, offset, offset);
>>>>>> +    struct dentry *found = NULL;
>>>>>> +
>>>>>> +    spin_lock(&parent->d_lock);
>>>>>> +    if (next)
>>>>>> +        dentry = d_next_sibling(dentry);
>>>>>> +    else if (!dentry)
>>>>>> +        dentry = d_first_child(parent);
>>>>>> +    hlist_for_each_entry_from(dentry, d_sib) {
>>>>>> +        if (!simple_positive(dentry))
>>>>>> +            continue;
>>>>>> +        spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
>>>>>> +        if (simple_positive(dentry))
>>>>>> +            found = dget_dlock(dentry);
>>>>>> +        spin_unlock(&dentry->d_lock);
>>>>>> +        if (likely(found))
>>>>>> +            break;
>>>>>> +    }
>>>>>> +    spin_unlock(&parent->d_lock);
>>>>>> +    return found;
>>>>>> +}
>>>>>> +
>>>>>> +static noinline_for_stack struct dentry *
>>>>>> +offset_dir_lookup(struct dentry *parent, loff_t offset)
>>>>>> +{
>>>>>> +    struct inode *inode = d_inode(parent);
>>>>>> +    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>>>       struct dentry *child, *found = NULL;
>>>>>> -    rcu_read_lock();
>>>>>> -    child = mas_find(&mas, DIR_OFFSET_MAX);
>>>>>> -    if (!child)
>>>>>> -        goto out;
>>>>>> -    spin_lock(&child->d_lock);
>>>>>> -    if (simple_positive(child))
>>>>>> -        found = dget_dlock(child);
>>>>>> -    spin_unlock(&child->d_lock);
>>>>>> -out:
>>>>>> -    rcu_read_unlock();
>>>>>> +    MA_STATE(mas, &octx->mt, offset, offset);
>>>>>> +
>>>>>> +    if (offset == DIR_OFFSET_FIRST)
>>>>>> +        found = find_positive_dentry(parent, NULL, false);
>>>>>> +    else {
>>>>>> +        rcu_read_lock();
>>>>>> +        child = mas_find(&mas, DIR_OFFSET_MAX);
>>>>>
>>>>> Can this child be NULL?
>>>>
>>>> Yes, this mas_find() call can return NULL. find_positive_dentry() 
>>>> should
>>>> then return NULL. Kind of subtle.
>>>>
>>>>
>>>>> Like we delete some file after first readdir, maybe we should break 
>>>>> here, or we may rescan all dentry and return them to userspace again?
>>>>
>>>> You mean to deal with the case where the "next" entry has an offset
>>>> that is lower than @offset? mas_find() will return the entry in the
>>>> tree that is "at or after" mas->index.
>>>>
>>>> I'm not sure either "break" or returning repeats is safe. But, now that
>>>> you point it out, this function probably does need additional logic to
>>>> deal with the offset wrap case.
>>>>
>>>> But since this logic already exists here, IMO it is reasonable to leave
>>>> that to be addressed by a subsequent patch. So far there aren't any
>>>> regression test failures that warn of a user-visible problem the way it
>>>> is now.
>>>
>>> Sorry for the confusing, the case I am talking is something like below:
>>>
>>> mkdir /tmp/dir && cd /tmp/dir
>>> touch file1 # offset is 3
>>> touch file2 # offset is 4
>>> touch file3 # offset is 5
>>> touch file4 # offset is 6
>>> touch file5 # offset is 7
>>> first readdir and get file5 file4 file3 file2 #ctx->pos is 3, which
>>> means we will get file1 for second readdir
>>>
>>> unlink file1 # can not get entry for ctx->pos == 3
>>>
>>> second readdir # offset_dir_lookup will use mas_find but return NULL,
>>> and we will get file5 file4 file3 file2 again?
>>
>> After this patch, directory entries are reported in descending
>> cookie order. Therefore, should this patch replace the mas_find() call
>> with mas_find_rev() ?
> 
> Emm... The reason that why readdir report file with descending cookie
> order is d_alloc will insert child dentry to the list head of
> &parent->d_subdirs, and find_positive_dentry will get child in order. So
> it seems this won't work?

I prefer this is not a problem since dcache_readdir already report dir 
with this order.

> 
>>
>>
>>> And for the offset wrap case, I prefer it's safe with your patch if 
>>> we won't unlink file between two readdir. The second readdir will use an
>>> active ctx->pos which means there is a active dentry attach to this
>>> ctx->pos. find_positive_dentry will stop once we meet the last child.
>>>
>>>
>>> I am not sure if I understand correctly, if not, please point out!
>>>
>>> Thanks!
>>>
>>>>
>>>>
>>>>>> +        found = find_positive_dentry(parent, child, false);
>>>>>> +        rcu_read_unlock();
>>>>>> +    }
>>>>>>       return found;
>>>>>>   }
>>>>>>   static bool offset_dir_emit(struct dir_context *ctx, struct 
>>>>>> dentry *dentry)
>>>>>>   {
>>>>>>       struct inode *inode = d_inode(dentry);
>>>>>> -    long offset = dentry2offset(dentry);
>>>>>> -    return ctx->actor(ctx, dentry->d_name.name, 
>>>>>> dentry->d_name.len, offset,
>>>>>> -              inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>>> +    return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
>>>>>> +            inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>>>   }
>>>>>> -static void offset_iterate_dir(struct inode *inode, struct 
>>>>>> dir_context *ctx)
>>>>>> +static void offset_iterate_dir(struct file *file, struct 
>>>>>> dir_context *ctx)
>>>>>>   {
>>>>>> -    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>>> +    struct dentry *dir = file->f_path.dentry;
>>>>>>       struct dentry *dentry;
>>>>>> +    dentry = offset_dir_lookup(dir, ctx->pos);
>>>>>> +    if (!dentry)
>>>>>> +        goto out_eod;
>>>>>>       while (true) {
>>>>>> -        dentry = offset_find_next(octx, ctx->pos);
>>>>>> -        if (!dentry)
>>>>>> -            goto out_eod;
>>>>>> +        struct dentry *next;
>>>>>> -        if (!offset_dir_emit(ctx, dentry)) {
>>>>>> -            dput(dentry);
>>>>>> +        ctx->pos = dentry2offset(dentry);
>>>>>> +        if (!offset_dir_emit(ctx, dentry))
>>>>>>               break;
>>>>>> -        }
>>>>>> -        ctx->pos = dentry2offset(dentry) + 1;
>>>>>> +        next = find_positive_dentry(dir, dentry, true);
>>>>>>           dput(dentry);
>>>>>> +
>>>>>> +        if (!next)
>>>>>> +            goto out_eod;
>>>>>> +        dentry = next;
>>>>>>       }
>>>>>> +    dput(dentry);
>>>>>>       return;
>>>>>>   out_eod:
>>>>>> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, 
>>>>>> struct dir_context *ctx)
>>>>>>       if (!dir_emit_dots(file, ctx))
>>>>>>           return 0;
>>>>>>       if (ctx->pos != DIR_OFFSET_EOD)
>>>>>> -        offset_iterate_dir(d_inode(dir), ctx);
>>>>>> +        offset_iterate_dir(file, ctx);
>>>>>>       return 0;
>>>>>>   }
>>>>>
>>>>
>>>>
>>>
>>
>>
> 
> 

Re: [PATCH v6 5/5] libfs: Use d_children list to iterate simple_offset directories

[Chuck Lever]

On 12/24/24 9:00 AM, yangerkun wrote:
> 
> 
> 在 2024/12/24 21:57, yangerkun 写道:
>>
>>
>> 在 2024/12/24 21:52, Chuck Lever 写道:
>>> On 12/23/24 11:40 PM, yangerkun wrote:
>>>>
>>>>
>>>> 在 2024/12/23 22:44, Chuck Lever 写道:
>>>>> On 12/23/24 9:21 AM, yangerkun wrote:
>>>>>>
>>>>>>
>>>>>> 在 2024/12/20 23:33, cel@kernel.org 写道:
>>>>>>> From: Chuck Lever <chuck.lever@oracle.com>
>>>>>>>
>>>>>>> The mtree mechanism has been effective at creating directory offsets
>>>>>>> that are stable over multiple opendir instances. However, it has not
>>>>>>> been able to handle the subtleties of renames that are concurrent
>>>>>>> with readdir.
>>>>>>>
>>>>>>> Instead of using the mtree to emit entries in the order of their
>>>>>>> offset values, use it only to map incoming ctx->pos to a starting
>>>>>>> entry. Then use the directory's d_children list, which is already
>>>>>>> maintained properly by the dcache, to find the next child to emit.
>>>>>>>
>>>>>>> One of the sneaky things about this is that when the mtree-allocated
>>>>>>> offset value wraps (which is very rare), looking up ctx->pos++ is
>>>>>>> not going to find the next entry; it will return NULL. Instead, by
>>>>>>> following the d_children list, the offset values can appear in any
>>>>>>> order but all of the entries in the directory will be visited
>>>>>>> eventually.
>>>>>>>
>>>>>>> Note also that the readdir() is guaranteed to reach the tail of this
>>>>>>> list. Entries are added only at the head of d_children, and readdir
>>>>>>> walks from its current position in that list towards its tail.
>>>>>>>
>>>>>>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>>>>>>> ---
>>>>>>>   fs/libfs.c | 84 ++++++++++++++++++++++++++++++++++++ 
>>>>>>> +-----------------
>>>>>>>   1 file changed, 58 insertions(+), 26 deletions(-)
>>>>>>>
>>>>>>> diff --git a/fs/libfs.c b/fs/libfs.c
>>>>>>> index 5c56783c03a5..f7ead02062ad 100644
>>>>>>> --- a/fs/libfs.c
>>>>>>> +++ b/fs/libfs.c
>>>>>>> @@ -247,12 +247,13 @@ EXPORT_SYMBOL(simple_dir_inode_operations);
>>>>>>>   /* simple_offset_add() allocation range */
>>>>>>>   enum {
>>>>>>> -    DIR_OFFSET_MIN        = 2,
>>>>>>> +    DIR_OFFSET_MIN        = 3,
>>>>>>>       DIR_OFFSET_MAX        = LONG_MAX - 1,
>>>>>>>   };
>>>>>>>   /* simple_offset_add() never assigns these to a dentry */
>>>>>>>   enum {
>>>>>>> +    DIR_OFFSET_FIRST    = 2,        /* Find first real entry */
>>>>>>>       DIR_OFFSET_EOD        = LONG_MAX,    /* Marks EOD */
>>>>>>>   };
>>>>>>> @@ -458,51 +459,82 @@ static loff_t offset_dir_llseek(struct file 
>>>>>>> *file, loff_t offset, int whence)
>>>>>>>       return vfs_setpos(file, offset, LONG_MAX);
>>>>>>>   }
>>>>>>> -static struct dentry *offset_find_next(struct offset_ctx *octx, 
>>>>>>> loff_t offset)
>>>>>>> +static struct dentry *find_positive_dentry(struct dentry *parent,
>>>>>>> +                       struct dentry *dentry,
>>>>>>> +                       bool next)
>>>>>>>   {
>>>>>>> -    MA_STATE(mas, &octx->mt, offset, offset);
>>>>>>> +    struct dentry *found = NULL;
>>>>>>> +
>>>>>>> +    spin_lock(&parent->d_lock);
>>>>>>> +    if (next)
>>>>>>> +        dentry = d_next_sibling(dentry);
>>>>>>> +    else if (!dentry)
>>>>>>> +        dentry = d_first_child(parent);
>>>>>>> +    hlist_for_each_entry_from(dentry, d_sib) {
>>>>>>> +        if (!simple_positive(dentry))
>>>>>>> +            continue;
>>>>>>> +        spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
>>>>>>> +        if (simple_positive(dentry))
>>>>>>> +            found = dget_dlock(dentry);
>>>>>>> +        spin_unlock(&dentry->d_lock);
>>>>>>> +        if (likely(found))
>>>>>>> +            break;
>>>>>>> +    }
>>>>>>> +    spin_unlock(&parent->d_lock);
>>>>>>> +    return found;
>>>>>>> +}
>>>>>>> +
>>>>>>> +static noinline_for_stack struct dentry *
>>>>>>> +offset_dir_lookup(struct dentry *parent, loff_t offset)
>>>>>>> +{
>>>>>>> +    struct inode *inode = d_inode(parent);
>>>>>>> +    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>>>>       struct dentry *child, *found = NULL;
>>>>>>> -    rcu_read_lock();
>>>>>>> -    child = mas_find(&mas, DIR_OFFSET_MAX);
>>>>>>> -    if (!child)
>>>>>>> -        goto out;
>>>>>>> -    spin_lock(&child->d_lock);
>>>>>>> -    if (simple_positive(child))
>>>>>>> -        found = dget_dlock(child);
>>>>>>> -    spin_unlock(&child->d_lock);
>>>>>>> -out:
>>>>>>> -    rcu_read_unlock();
>>>>>>> +    MA_STATE(mas, &octx->mt, offset, offset);
>>>>>>> +
>>>>>>> +    if (offset == DIR_OFFSET_FIRST)
>>>>>>> +        found = find_positive_dentry(parent, NULL, false);
>>>>>>> +    else {
>>>>>>> +        rcu_read_lock();
>>>>>>> +        child = mas_find(&mas, DIR_OFFSET_MAX);
>>>>>>
>>>>>> Can this child be NULL?
>>>>>
>>>>> Yes, this mas_find() call can return NULL. find_positive_dentry() 
>>>>> should
>>>>> then return NULL. Kind of subtle.
>>>>>
>>>>>
>>>>>> Like we delete some file after first readdir, maybe we should 
>>>>>> break here, or we may rescan all dentry and return them to 
>>>>>> userspace again?
>>>>>
>>>>> You mean to deal with the case where the "next" entry has an offset
>>>>> that is lower than @offset? mas_find() will return the entry in the
>>>>> tree that is "at or after" mas->index.
>>>>>
>>>>> I'm not sure either "break" or returning repeats is safe. But, now 
>>>>> that
>>>>> you point it out, this function probably does need additional logic to
>>>>> deal with the offset wrap case.
>>>>>
>>>>> But since this logic already exists here, IMO it is reasonable to 
>>>>> leave
>>>>> that to be addressed by a subsequent patch. So far there aren't any
>>>>> regression test failures that warn of a user-visible problem the 
>>>>> way it
>>>>> is now.
>>>>
>>>> Sorry for the confusing, the case I am talking is something like below:
>>>>
>>>> mkdir /tmp/dir && cd /tmp/dir
>>>> touch file1 # offset is 3
>>>> touch file2 # offset is 4
>>>> touch file3 # offset is 5
>>>> touch file4 # offset is 6
>>>> touch file5 # offset is 7
>>>> first readdir and get file5 file4 file3 file2 #ctx->pos is 3, which
>>>> means we will get file1 for second readdir
>>>>
>>>> unlink file1 # can not get entry for ctx->pos == 3
>>>>
>>>> second readdir # offset_dir_lookup will use mas_find but return NULL,
>>>> and we will get file5 file4 file3 file2 again?
>>>
>>> After this patch, directory entries are reported in descending
>>> cookie order. Therefore, should this patch replace the mas_find() call
>>> with mas_find_rev() ?
>>
>> Emm... The reason that why readdir report file with descending cookie
>> order is d_alloc will insert child dentry to the list head of
>> &parent->d_subdirs, and find_positive_dentry will get child in order. So
>> it seems this won't work?
> 
> I prefer this is not a problem since dcache_readdir already report dir 
> with this order.

I'm experimenting with replacing "mas_find()" with "mas_find_rev()"
and it seems to behave. It needs more extensive testing.

What strikes me, though, is that readdir(3) probably has some caching
in user space. You might not ever get perfect readdir/unlink/readdir
behavior from this particular library API, IIUC.


>>>> And for the offset wrap case, I prefer it's safe with your patch if 
>>>> we won't unlink file between two readdir. The second readdir will 
>>>> use an
>>>> active ctx->pos which means there is a active dentry attach to this
>>>> ctx->pos. find_positive_dentry will stop once we meet the last child.
>>>>
>>>>
>>>> I am not sure if I understand correctly, if not, please point out!
>>>>
>>>> Thanks!
>>>>
>>>>>
>>>>>
>>>>>>> +        found = find_positive_dentry(parent, child, false);
>>>>>>> +        rcu_read_unlock();
>>>>>>> +    }
>>>>>>>       return found;
>>>>>>>   }
>>>>>>>   static bool offset_dir_emit(struct dir_context *ctx, struct 
>>>>>>> dentry *dentry)
>>>>>>>   {
>>>>>>>       struct inode *inode = d_inode(dentry);
>>>>>>> -    long offset = dentry2offset(dentry);
>>>>>>> -    return ctx->actor(ctx, dentry->d_name.name, dentry- 
>>>>>>> >d_name.len, offset,
>>>>>>> -              inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>>>> +    return dir_emit(ctx, dentry->d_name.name, dentry->d_name.len,
>>>>>>> +            inode->i_ino, fs_umode_to_dtype(inode->i_mode));
>>>>>>>   }
>>>>>>> -static void offset_iterate_dir(struct inode *inode, struct 
>>>>>>> dir_context *ctx)
>>>>>>> +static void offset_iterate_dir(struct file *file, struct 
>>>>>>> dir_context *ctx)
>>>>>>>   {
>>>>>>> -    struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
>>>>>>> +    struct dentry *dir = file->f_path.dentry;
>>>>>>>       struct dentry *dentry;
>>>>>>> +    dentry = offset_dir_lookup(dir, ctx->pos);
>>>>>>> +    if (!dentry)
>>>>>>> +        goto out_eod;
>>>>>>>       while (true) {
>>>>>>> -        dentry = offset_find_next(octx, ctx->pos);
>>>>>>> -        if (!dentry)
>>>>>>> -            goto out_eod;
>>>>>>> +        struct dentry *next;
>>>>>>> -        if (!offset_dir_emit(ctx, dentry)) {
>>>>>>> -            dput(dentry);
>>>>>>> +        ctx->pos = dentry2offset(dentry);
>>>>>>> +        if (!offset_dir_emit(ctx, dentry))
>>>>>>>               break;
>>>>>>> -        }
>>>>>>> -        ctx->pos = dentry2offset(dentry) + 1;
>>>>>>> +        next = find_positive_dentry(dir, dentry, true);
>>>>>>>           dput(dentry);
>>>>>>> +
>>>>>>> +        if (!next)
>>>>>>> +            goto out_eod;
>>>>>>> +        dentry = next;
>>>>>>>       }
>>>>>>> +    dput(dentry);
>>>>>>>       return;
>>>>>>>   out_eod:
>>>>>>> @@ -541,7 +573,7 @@ static int offset_readdir(struct file *file, 
>>>>>>> struct dir_context *ctx)
>>>>>>>       if (!dir_emit_dots(file, ctx))
>>>>>>>           return 0;
>>>>>>>       if (ctx->pos != DIR_OFFSET_EOD)
>>>>>>> -        offset_iterate_dir(d_inode(dir), ctx);
>>>>>>> +        offset_iterate_dir(file, ctx);
>>>>>>>       return 0;
>>>>>>>   }
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
> 


-- 
Chuck Lever

Re: [PATCH v6 0/5] Improve simple directory offset wrap behavior

[Christian Brauner]

On Fri, 20 Dec 2024 10:33:09 -0500, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> The purpose of this series is to construct a set of upstream fixes
> that can be backported to v6.6 to address CVE-2024-46701.
> 
> Changes since v5:
> - Improve error flow in simple_offset_add()
> 
> [...]

Applied to the vfs-6.14.misc branch of the vfs/vfs.git tree.
Patches in the vfs-6.14.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.14.misc

[1/5] libfs: Return ENOSPC when the directory offset range is exhausted
      https://git.kernel.org/vfs/vfs/c/a644104d9168
[2/5] Revert "libfs: Add simple_offset_empty()"
      https://git.kernel.org/vfs/vfs/c/fa9c3b906334
[3/5] Revert "libfs: fix infinite directory reads for offset dir"
      https://git.kernel.org/vfs/vfs/c/41480e28a4e0
[4/5] libfs: Replace simple_offset end-of-directory detection
      https://git.kernel.org/vfs/vfs/c/4ea4beb53d0f
[5/5] libfs: Use d_children list to iterate simple_offset directories
      https://git.kernel.org/vfs/vfs/c/02a3d7715c3e