On Mon, 9 Feb 2026 18:42:47 -0500 Steven Rostedt <[email protected]> wrote:
> On Mon, 9 Feb 2026 18:08:44 +0900 > Masami Hiramatsu (Google) <[email protected]> wrote: > > > > @@ -5152,6 +5157,9 @@ tracing_cpumask_write(struct file *filp, const > > > > char __user *ubuf, > > > > cpumask_var_t tracing_cpumask_new; > > > > int err; > > > > > > > > + if (trace_array_is_readonly(tr)) > > > > + return -EPERM; > > > > + > > > > > > Shouldn't these checks be done in the open function? Doing it now is > > > too late, as -EPERM on a write is confusing when the open for write > > > succeeds. > > > > I've made a small program and straced. Surprisingly, for the super user, > > open(2) does not return error on opening a readonly file with O_RDWR. > > *blink* > > So if on open, the trace_array_is_read_only(tr) returns true and you > return -EPREM, it still succeeds? That sounds like a bug! Hmm, OK. Now I found how sysfs handles it. /* * For regular files, if the opener has CAP_DAC_OVERRIDE, open(2) * succeeds regardless of the RW permissions. sysfs had an extra * layer of enforcement where open(2) fails with -EACCES regardless * of CAP_DAC_OVERRIDE if the permission doesn't have the * respective read or write access at all (none of S_IRUGO or * S_IWUGO) or the respective operation isn't implemented. The * following flag enables that behavior. */ KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK = 0x0002, So for the similar reason, I will make tracefs to check the permission even if CAP_DAC_OVERRIDE is set. (But this check should be done in general, instead of each open() operation) Thank you, > -- Steve -- Masami Hiramatsu (Google) <[email protected]>
