On Thu, Nov 06, 2025 at 11:27:10PM +0800, Tzung-Bi Shih wrote:
> +/*
> + * Recover the private_data to its original one.
> + */
> +static struct fops_replacement *_recover_private_data(struct file *filp)
> +{
> + struct fops_replacement *fr = filp->private_data;
> +
> + filp->private_data = fr->orig_private_data;
> + return fr;
> +}
> +
> +/*
> + * Replace the private_data to fops_replacement.
> + */
> +static void _replace_private_data(struct fops_replacement *fr)
> +{
> + fr->filp->private_data = fr;
> +}
This switching of private_data isn't reasonable, it breaks too much
stuff. I think I showed a better idea in my sketch.
I still think this is a bad use case of revocable, we don't need to
obfuscate very simple locks in *core* kernel code like this. I'd rather
see you propose this series without using it.
> +static int fs_revocable_release(struct inode *inode, struct file *filp)
> +{
> + struct fops_replacement *fr = _recover_private_data(filp);
> + int ret = 0;
> + void *any;
> +
> + filp->f_op = fr->orig_fops;
> +
> + if (!fr->orig_fops->release)
> + goto leave;
> +
> + REVOCABLE_TRY_ACCESS_SCOPED(fr->rev, any) {
> + if (!any) {
> + ret = -ENODEV;
> + goto leave;
> + }
> +
> + ret = fr->orig_fops->release(inode, filp);
> + }
This probably doesn't work out, is likely to make a memory leak.
It will be hard for the owning driver to free its per-file memory
without access to release.
Jason
