vfs, cachefiles: Mark a backing file in use with an inode flag

Use an inode flag, S_KERNEL_FILE, to mark that a backing file is in use by
the kernel to prevent cachefiles or other kernel services from interfering
with that file.

Alter rmdir to reject attempts to remove a directory marked with this flag.
This is used by cachefiles to prevent cachefilesd from removing them.

Using S_SWAPFILE instead isn't really viable as that has other effects in
the I/O paths.

Changes
=======
ver #3:
 - Check for the object pointer being NULL in the tracepoints rather than
   the caller.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
cc: linux-cachefs@redhat.com
Link: https://lore.kernel.org/r/163819630256.215744.4815885535039369574.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/163906931596.143852.8642051223094013028.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/163967141000.1823006.12920680657559677789.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/164021541207.640689.564689725898537127.stgit@warthog.procyon.org.uk/

diff --git a/fs/cachefiles/Makefile b/fs/cachefiles/Makefile
index 463e3d608b7587acb4948d572ec912fa38ed4f6f..e0b092ca077fbe925c60742984522da324bba77e 100644 (file)
--- a/fs/cachefiles/Makefile
+++ b/fs/cachefiles/Makefile
@@ -7,6 +7,7 @@ cachefiles-y := \
        cache.o \
        daemon.o \
        main.o \
+       namei.o \
        security.o
 
 cachefiles-$(CONFIG_CACHEFILES_ERROR_INJECTION) += error_inject.o

diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
new file mode 100644 (file)
index 0000000..913f83f
--- /dev/null
+++ b/fs/cachefiles/namei.c
@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* CacheFiles path walking and related routines
+ *
+ * Copyright (C) 2021 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#include <linux/fs.h>
+#include "internal.h"
+
+/*
+ * Mark the backing file as being a cache file if it's not already in use.  The
+ * mark tells the culling request command that it's not allowed to cull the
+ * file or directory.  The caller must hold the inode lock.
+ */
+static bool __cachefiles_mark_inode_in_use(struct cachefiles_object *object,
+                                          struct dentry *dentry)
+{
+       struct inode *inode = d_backing_inode(dentry);
+       bool can_use = false;
+
+       if (!(inode->i_flags & S_KERNEL_FILE)) {
+               inode->i_flags |= S_KERNEL_FILE;
+               trace_cachefiles_mark_active(object, inode);
+               can_use = true;
+       } else {
+               pr_notice("cachefiles: Inode already in use: %pd\n", dentry);
+       }
+
+       return can_use;
+}
+
+/*
+ * Unmark a backing inode.  The caller must hold the inode lock.
+ */
+static void __cachefiles_unmark_inode_in_use(struct cachefiles_object *object,
+                                            struct dentry *dentry)
+{
+       struct inode *inode = d_backing_inode(dentry);
+
+       inode->i_flags &= ~S_KERNEL_FILE;
+       trace_cachefiles_mark_inactive(object, inode);
+}

diff --git a/fs/namei.c b/fs/namei.c
index 1f9d2187c76555813b21f07b56ddf026d67d6337..d81f04f8d81880b84d34598948126a63e33319f2 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3958,7 +3958,8 @@ int vfs_rmdir(struct user_namespace *mnt_userns, struct inode *dir,
        inode_lock(dentry->d_inode);
 
        error = -EBUSY;
-       if (is_local_mountpoint(dentry))
+       if (is_local_mountpoint(dentry) ||
+           (dentry->d_inode->i_flags & S_KERNEL_FILE))
                goto out;
 
        error = security_inode_rmdir(dir, dentry);

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 2c0b8e77d9ab2291f7275453d67655fb1431609d..bcf1ca43013956e100e4e0afedaf337d0a98d926 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2249,6 +2249,7 @@ struct super_operations {
 #define S_ENCRYPTED    (1 << 14) /* Encrypted file (using fs/crypto/) */
 #define S_CASEFOLD     (1 << 15) /* Casefolded file */
 #define S_VERITY       (1 << 16) /* Verity file (using fs/verity/) */
+#define S_KERNEL_FILE  (1 << 17) /* File is in use by the kernel (eg. fs/cachefiles) */
 
 /*
  * Note that nosuid etc flags are inode-specific: setting some file-system

diff --git a/include/trace/events/cachefiles.h b/include/trace/events/cachefiles.h
index 9bd5a8a60801e328824e525d4fb5faf150569667..6331cd29880d64e447d73be8dc73d7797b7c1912 100644 (file)
--- a/include/trace/events/cachefiles.h
+++ b/include/trace/events/cachefiles.h
@@ -83,6 +83,48 @@ cachefiles_error_traces;
 #define E_(a, b)       { a, b }
 
 
+TRACE_EVENT(cachefiles_mark_active,
+           TP_PROTO(struct cachefiles_object *obj,
+                    struct inode *inode),
+
+           TP_ARGS(obj, inode),
+
+           /* Note that obj may be NULL */
+           TP_STRUCT__entry(
+                   __field(unsigned int,               obj             )
+                   __field(ino_t,                      inode           )
+                            ),
+
+           TP_fast_assign(
+                   __entry->obj        = obj ? obj->debug_id : 0;
+                   __entry->inode      = inode->i_ino;
+                          ),
+
+           TP_printk("o=%08x i=%lx",
+                     __entry->obj, __entry->inode)
+           );
+
+TRACE_EVENT(cachefiles_mark_inactive,
+           TP_PROTO(struct cachefiles_object *obj,
+                    struct inode *inode),
+
+           TP_ARGS(obj, inode),
+
+           /* Note that obj may be NULL */
+           TP_STRUCT__entry(
+                   __field(unsigned int,               obj             )
+                   __field(ino_t,                      inode           )
+                            ),
+
+           TP_fast_assign(
+                   __entry->obj        = obj ? obj->debug_id : 0;
+                   __entry->inode      = inode->i_ino;
+                          ),
+
+           TP_printk("o=%08x i=%lx",
+                     __entry->obj, __entry->inode)
+           );
+
 TRACE_EVENT(cachefiles_vfs_error,
            TP_PROTO(struct cachefiles_object *obj, struct inode *backer,
                     int error, enum cachefiles_error_trace where),