From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: Christian Brauner <brauner@kernel.org>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>,
luca.boccassi@gmail.com, kexec@lists.infradead.org,
linux-mm@kvack.org, graf@amazon.com, rppt@kernel.org,
pratyush@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 3/6] liveupdate: add LUO_SESSION_MAGIC magic inode type
Date: Mon, 20 Apr 2026 15:57:53 +0000 [thread overview]
Message-ID: <fkz5u3nhgdm5k5qc77rioxon5gaxdgu7uuedqtixjq5evqrkzr@g23edpj4vmyo> (raw)
In-Reply-To: <20260420-buchung-panne-57e262f5057f@brauner>
On 04-20 17:28, Christian Brauner wrote:
> On Mon, Apr 20, 2026 at 02:55:56PM +0000, Pasha Tatashin wrote:
> > On 04-20 14:26, Christian Brauner wrote:
> > > On Sat, Apr 18, 2026 at 05:28:20PM +0100, luca.boccassi@gmail.com wrote:
> > > > From: Luca Boccassi <luca.boccassi@gmail.com>
> > > >
> > > > In userspace when managing LUO sessions we want to be able to identify
> > > > a FD as a LUO session, in order to be able to do the special handling
> > > > that they require in order to function as intended on kexec.
> > > >
> > > > Currently this requires scraping procfs and doing string matching on
> > > > the prefix of the dname, which is not an ideal interface.
> > > >
> > > > Add a singleton inode type with a magic value, so that we can
> > > > programmatically identify a fd as a LUO session via fstatfs().
> > > >
> > > > Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
> > > > Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
> > > > ---
> > > > include/uapi/linux/magic.h | 1 +
> > > > kernel/liveupdate/luo_core.c | 10 +++-
> > > > kernel/liveupdate/luo_internal.h | 2 +
> > > > kernel/liveupdate/luo_session.c | 89 ++++++++++++++++++++++++++++++--
> > > > 4 files changed, 96 insertions(+), 6 deletions(-)
> > > >
> > > > diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h
> > > > index 4f2da935a76c..4f51005522ff 100644
> > > > --- a/include/uapi/linux/magic.h
> > > > +++ b/include/uapi/linux/magic.h
> > > > @@ -105,5 +105,6 @@
> > > > #define PID_FS_MAGIC 0x50494446 /* "PIDF" */
> > > > #define GUEST_MEMFD_MAGIC 0x474d454d /* "GMEM" */
> > > > #define NULL_FS_MAGIC 0x4E554C4C /* "NULL" */
> > > > +#define LUO_SESSION_MAGIC 0x4c554f53 /* "LUOS" */
> > > >
> > > > #endif /* __LINUX_MAGIC_H__ */
> > > > diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c
> > > > index dda7bb57d421..f1a63ebe4fa4 100644
> > > > --- a/kernel/liveupdate/luo_core.c
> > > > +++ b/kernel/liveupdate/luo_core.c
> > > > @@ -197,9 +197,17 @@ static int __init luo_late_startup(void)
> > > > if (!liveupdate_enabled())
> > > > return 0;
> > > >
> > > > + err = luo_session_fs_init();
> > > > + if (err) {
> > > > + luo_global.enabled = false;
> > > > + return err;
> > > > + }
> > > > +
> > > > err = luo_fdt_setup();
> > > > - if (err)
> > > > + if (err) {
> > > > + luo_session_fs_cleanup();
> > > > luo_global.enabled = false;
> > > > + }
> > > >
> > > > return err;
> > > > }
> > > > diff --git a/kernel/liveupdate/luo_internal.h b/kernel/liveupdate/luo_internal.h
> > > > index 8083d8739b09..d4ac7b4c5882 100644
> > > > --- a/kernel/liveupdate/luo_internal.h
> > > > +++ b/kernel/liveupdate/luo_internal.h
> > > > @@ -79,6 +79,8 @@ struct luo_session {
> > > >
> > > > int luo_session_create(const char *name, struct file **filep);
> > > > int luo_session_retrieve(const char *name, struct file **filep);
> > > > +int __init luo_session_fs_init(void);
> > > > +void __init luo_session_fs_cleanup(void);
> > > > int __init luo_session_setup_outgoing(void *fdt);
> > > > int __init luo_session_setup_incoming(void *fdt);
> > > > int luo_session_serialize(void);
> > > > diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_session.c
> > > > index 5e316a4c5d71..21cbe99fc819 100644
> > > > --- a/kernel/liveupdate/luo_session.c
> > > > +++ b/kernel/liveupdate/luo_session.c
> > > > @@ -50,7 +50,6 @@
> > > >
> > > > #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> > > >
> > > > -#include <linux/anon_inodes.h>
> > > > #include <linux/cleanup.h>
> > > > #include <linux/err.h>
> > > > #include <linux/errno.h>
> > > > @@ -62,7 +61,10 @@
> > > > #include <linux/libfdt.h>
> > > > #include <linux/list.h>
> > > > #include <linux/liveupdate.h>
> > > > +#include <linux/magic.h>
> > > > +#include <linux/mount.h>
> > > > #include <linux/mutex.h>
> > > > +#include <linux/pseudo_fs.h>
> > > > #include <linux/rwsem.h>
> > > > #include <linux/slab.h>
> > > > #include <linux/unaligned.h>
> > > > @@ -363,18 +365,73 @@ static const struct file_operations luo_session_fops = {
> > > > .unlocked_ioctl = luo_session_ioctl,
> > > > };
> > > >
> > > > +static struct vfsmount *luo_session_mnt __ro_after_init;
> > > > +static struct inode *luo_session_inode __ro_after_init;
> > > > +
> > > > +/*
> > > > + * Reject all attribute changes on the singleton session inode.
> > > > + * Without this the VFS falls back to simple_setattr(), allowing
> > > > + * fchmod()/fchown() to modify the shared inode.
> > > > + */
> > > > +static int luo_session_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
> > > > + struct iattr *attr)
> > >
> > > Don't duplicate, please. Use the generic helper instead:
> > >
> > > int anon_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
> > > struct iattr *attr)
> > >
> > > > +{
> > > > + return -EOPNOTSUPP;
> > >
> > >
> > >
> > > > +}
> > > > +
> > > > +static const struct inode_operations luo_session_inode_operations = {
> > > > + .setattr = luo_session_setattr,
> > > > +};
> > > > +
> > > > +static char *luo_session_dname(struct dentry *dentry, char *buffer, int buflen)
> > > > +{
> > > > + return dynamic_dname(buffer, buflen, "luo_session:%s",
> > > > + dentry->d_name.name);
> > >
> > > Use the luo_session:[%s] which is the canonical format for this
> > > (ignoring historcal abberations).
> > >
> > > > +}
> > > > +
> > > > +static const struct dentry_operations luo_session_dentry_operations = {
> > > > + .d_dname = luo_session_dname,
> > > > +};
> > > > +
> > > > +static int luo_session_init_fs_context(struct fs_context *fc)
> > > > +{
> > > > + struct pseudo_fs_context *ctx;
> > > > +
> > > > + ctx = init_pseudo(fc, LUO_SESSION_MAGIC);
> > >
> > > I'd just call that LUO_FS_MAGIC.
> > >
> > > > + if (!ctx)
> > > > + return -ENOMEM;
> > > > +
> > > > + fc->s_iflags |= SB_I_NOEXEC;
> > > > + fc->s_iflags |= SB_I_NODEV;
> > >
> > > ctx->s_d_flags |= DCACHE_DONTCACHE;
> > >
> > > static const struct super_operations luo_session_sops = {
> > > .drop_inode = inode_just_drop,
> > > .statfs = simple_statfs,
> > > };
> > >
> > >
> > > > + ctx->dops = &luo_session_dentry_operations;
> > >
> > > ctx->ops = &luo_session_sops;
> > >
> > > > + return 0;
> > > > +}
> > > > +
> > > > +static struct file_system_type luo_session_fs_type = {
> > > > + .name = "luo_session",
> > > > + .init_fs_context = luo_session_init_fs_context,
> > > > + .kill_sb = kill_anon_super,
> > > > +};
> > > > +
> > > > /* Create a "struct file" for session */
> > > > static int luo_session_getfile(struct luo_session *session, struct file **filep)
> > >
> > > Luo is going full anti-pattern here. This whole return via a function
> > > argument completely messes up the later codepths. We don't do manual
> > > get_unused_fd_flags() flags and then file in new code, and then fail
> > > in-between:
> > >
> > > argp->fd = get_unused_fd_flags(O_CLOEXEC);
> > > if (argp->fd < 0)
> > > return argp->fd;
> > >
> > > err = luo_session_create(argp->name, &file);
> > > if (err)
> > > goto err_put_fd;
> > >
> > > err = luo_ucmd_respond(ucmd, sizeof(*argp));
> > > if (err)
> > > goto err_put_file;
> > >
> > > fd_install(argp->fd, file);
> > >
> > > Restructure the code so it just becomes:
> > >
> > > struct file *luo_session_create(argp->name);
> > >
> > > static int luo_ioctl_create_session(struct luo_ucmd *ucmd)
> > > {
> > > struct liveupdate_ioctl_create_session *argp = ucmd->cmd;
> > >
> > > return FD_ADD(O_CLOEXEC, luo_session_create(argp->name));
> > > }
> > >
> > > and get rid of all this state and error handling. Please fix this.
> >
> > We cannot do it this way because we must use copy_to_user() to return fd
> > via ioctl(), and since copy_to_user() may fail, we must do it prior to
> > fd_install().
> >
> > Unless there is a specific VFS macro you'd prefer for this
> > delayed-install pattern, I do not see any other way to do this but
> > maintain the get_unused_fd_flags() -> copy_to_user() -> fd_install() to
> > prevent the fd being leaked into the process's table.
>
> The usercopy happens in luo_ucmd_respond it's perfectly fine if that
> fails. FD_ADD() handles all that. It reserves an fd, it opens the file
> and if that somehow fails it cleans up both the preallocated fd and the
> file (And if you need to do more stuff in between there's: FD_PREPARE()
> + fd_publish()).
>
> What I meant is:
>
> static struct file *luo_session_open(struct luo_ucmd *ucmd)
> {
> struct liveupdate_ioctl_create_session *argp = ucmd->cmd;
>
> err = luo_ucmd_respond(ucmd, sizeof(*argp));
The fd is returned in 'argp->fd', not via ioctl() return value. so this
response won't contain the fd number that will be returned to usersapce.
This is similar to how it is done in iommufd for example, see
iommufd_fault_alloc()
cmd->out_fault_fd = fdno;
rc = iommufd_ucmd_respond(ucmd, sizeof(*cmd));
fd_install(fdno, fault->common.filep);
return rc
Pasha
next prev parent reply other threads:[~2026-04-20 15:57 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-18 16:28 [PATCH v8 0/6] liveupdate: new ioctl, change session inode type, bug fixes luca.boccassi
2026-04-18 16:28 ` [PATCH v8 1/6] liveupdate: reject LIVEUPDATE_IOCTL_CREATE_SESSION with invalid name length luca.boccassi
2026-04-19 15:06 ` Pasha Tatashin
2026-04-18 16:28 ` [PATCH v8 2/6] selftests/liveupdate: add test cases for LIVEUPDATE_IOCTL_CREATE_SESSION calls with invalid length luca.boccassi
2026-04-19 15:11 ` Pasha Tatashin
2026-04-18 16:28 ` [PATCH v8 3/6] liveupdate: add LUO_SESSION_MAGIC magic inode type luca.boccassi
2026-04-20 12:26 ` Christian Brauner
2026-04-20 14:22 ` Luca Boccassi
2026-04-20 14:57 ` Pasha Tatashin
2026-04-20 15:05 ` Christian Brauner
2026-04-20 14:55 ` Pasha Tatashin
2026-04-20 14:59 ` Luca Boccassi
2026-04-20 15:28 ` Christian Brauner
2026-04-20 15:57 ` Pasha Tatashin [this message]
2026-04-20 16:39 ` Pasha Tatashin
2026-04-18 16:28 ` [PATCH v8 4/6] selftests/liveupdate: add test case for LUO_SESSION_MAGIC luca.boccassi
2026-04-18 16:28 ` [PATCH v8 5/6] liveupdate: add LIVEUPDATE_SESSION_GET_NAME ioctl luca.boccassi
2026-04-18 16:28 ` [PATCH v8 6/6] selftests/liveupdate: add test cases for LIVEUPDATE_SESSION_GET_NAME luca.boccassi
2026-04-19 15:12 ` Pasha Tatashin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fkz5u3nhgdm5k5qc77rioxon5gaxdgu7uuedqtixjq5evqrkzr@g23edpj4vmyo \
--to=pasha.tatashin@soleen.com \
--cc=brauner@kernel.org \
--cc=graf@amazon.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luca.boccassi@gmail.com \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox