Re: [linus:master] [eventfs] 852e46e239: BUG:unable_to_handle_page_fault_for_address

From: Linus Torvalds
Date: Tue Jan 30 2024 - 03:45:49 EST

Next message: Tian, Kevin: "RE: [PATCH v12 5/5] iommu/vt-d: improve ITE fault handling if target device isn't present"
Previous message: Edward Adam Davis: "Re: [syzbot] [block?] [trace?] INFO: task hung in blk_trace_remove (2)"
In reply to: Linus Torvalds: "Re: [linus:master] [eventfs] 852e46e239: BUG:unable_to_handle_page_fault_for_address"
Next in thread: Linus Torvalds: "Re: [linus:master] [eventfs] 852e46e239: BUG:unable_to_handle_page_fault_for_address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 29 Jan 2024 at 19:56, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> But I've been staring at this code for too long, so I'm posting this
> just as a "it's broken, but _something_ like this", because I'm taking
> a break from looking at this.

Bah. I literally woke up and realized what the problem is.

We're caching negative dentries, but eventfs_create_dir() has no way
to invalidate the old negative dentry when it adds a new entry.

The old "try to reuse dentry" ended up hiding that issue, because it
would look up the negative dentry from the 'ei' and turn it into a
positive one.

And I was stupidly staring at the wrong code - all these functions
with almost the same names.

eventfs_create_events_dir() is fine, because it gets the parent as a
dentry, so looking up the new dentry is trivial.

But eventfs_create_dir() doesn't get a dentry at all. It gets the parent as a

struct eventfs_inode *parent

which is no good.

So that explains why creating an event after deleting an old one - or
after just looking it up before it was created - ends up with the
nonsensical "ls" output - it gets listed by readdir() because the
entry is there in the eventfs data structures, but then doing a
"stat()" on it will just hit the negative dentry. So it won't actually
look up the dentry.

The simple solution is probably just to not cache negative dentries
for eventfs. So instead of doing the "d_add(dentry, NULL);" we should
just return "ERR_PTR(ENOENT)".

Which is actually what /proc/<pid> lookups do, for the same reason.

I'll go back to bed, but I think the fix is something trivial like this:

--- a/fs/tracefs/event_inode.c
+++ b/fs/tracefs/event_inode.c
@@ -517,9 +517,8 @@ static struct dentry *eventfs_root_lookup(
}

enoent:
- /* Nothing found? */
- d_add(dentry, NULL);
- result = NULL;
+ /* Don't cache negative lookups, just return an error */
+ result = ERR_PTR(ENOENT);

out:
mutex_unlock(&eventfs_mutex);

I just wanted to write it down when the likely solution struck me.

Linus

Next message: Tian, Kevin: "RE: [PATCH v12 5/5] iommu/vt-d: improve ITE fault handling if target device isn't present"
Previous message: Edward Adam Davis: "Re: [syzbot] [block?] [trace?] INFO: task hung in blk_trace_remove (2)"
In reply to: Linus Torvalds: "Re: [linus:master] [eventfs] 852e46e239: BUG:unable_to_handle_page_fault_for_address"
Next in thread: Linus Torvalds: "Re: [linus:master] [eventfs] 852e46e239: BUG:unable_to_handle_page_fault_for_address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]