On Wed, 11 Feb 2026 10:42:44 -0500 Steven Rostedt <[email protected]> wrote:
> On Tue, 10 Feb 2026 14:14:15 +0900 > Masami Hiramatsu (Google) <[email protected]> wrote: > > > Hmm, OK. Now I found how sysfs handles it. > > > > /* > > * For regular files, if the opener has CAP_DAC_OVERRIDE, open(2) > > * succeeds regardless of the RW permissions. sysfs had an extra > > * layer of enforcement where open(2) fails with -EACCES regardless > > * of CAP_DAC_OVERRIDE if the permission doesn't have the > > * respective read or write access at all (none of S_IRUGO or > > * S_IWUGO) or the respective operation isn't implemented. The > > * following flag enables that behavior. > > */ > > KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK = 0x0002, > > > > So for the similar reason, I will make tracefs to check the permission > > even if CAP_DAC_OVERRIDE is set. (But this check should be done in general, > > instead of each open() operation) > > > > I don't believe this is the same. This is about an instance being truly > read only. The instance is special, not the files. Note, permissions can > be changed by root too. Ah, OK. Let me add read only checks in all related .open operations. > After applying your patches, I did the following: > > ~# cd /sys/kernel/tracing/instances/backup/ > ~# ls -l current_tracer > -r--r----- 1 root root 0 Feb 11 10:29 current_tracer > > ~# cat current_tracer > nop > > ~# cat trace > # tracer: nop > # > # entries-in-buffer/entries-written: 0/0 #P:8 > # > # _-----=> irqs-off/BH-disabled > # / _----=> need-resched > # | / _---=> hardirq/softirq > # || / _--=> preempt-depth > # ||| / _-=> migrate-disable > # |||| / delay > # TASK-PID CPU# ||||| TIMESTAMP FUNCTION > # | | | ||||| | | > > ~# chmod 664 current_tracer > ~# ls -l current_tracer > -rw-rw-r-- 1 root root 0 Feb 11 10:29 current_tracer Ah, OK... > > ~# echo function > current_tracer > ~# cat current_tracer > function > > ~# cat trace > # tracer: function > # > # entries-in-buffer/entries-written: 1750306/2076556 #P:8 > # > # _-----=> irqs-off/BH-disabled > # / _----=> need-resched > # | / _---=> hardirq/softirq > # || / _--=> preempt-depth > # ||| / _-=> migrate-disable > # |||| / delay > # TASK-PID CPU# ||||| TIMESTAMP FUNCTION > # | | | ||||| | | > bash-1056 [001] ..... 231.448852: mutex_unlock > <-tracing_set_tracer > <idle>-0 [002] ...1. 231.448853: arch_cpu_idle_exit > <-do_idle > ##### CPU 7 buffer started #### > <idle>-0 [007] ...1. 231.448853: arch_cpu_idle_exit > <-do_idle > bash-1056 [001] ..... 231.448854: __mutex_unlock_slowpath > <-tracing_set_tracer > <idle>-0 [002] d..1. 231.448855: arch_cpu_idle_enter > <-do_idle > <idle>-0 [007] d..1. 231.448855: arch_cpu_idle_enter > <-do_idle > <idle>-0 [007] d..1. 231.448855: tsc_verify_tsc_adjust > <-arch_cpu_idle_enter > <idle>-0 [002] d..1. 231.448855: tsc_verify_tsc_adjust > <-arch_cpu_idle_enter > bash-1056 [001] d.... 231.448856: > fpregs_assert_state_consistent <-arch_exit_to_user_mode_prepare > <idle>-0 [007] d..1. 231.448856: local_touch_nmi <-do_idle > <idle>-0 [002] d..1. 231.448856: local_touch_nmi <-do_idle > bash-1056 [001] d.... 231.448856: switch_fpu_return > <-arch_exit_to_user_mode_prepare > <idle>-0 [007] d..1. 231.448856: > rcu_nocb_flush_deferred_wakeup <-do_idle > <idle>-0 [002] d..1. 231.448856: > rcu_nocb_flush_deferred_wakeup <-do_idle > <idle>-0 [007] d..1. 231.448857: cpuidle_get_cpu_driver > <-do_idle > <idle>-0 [002] d..1. 231.448857: cpuidle_get_cpu_driver > <-do_idle > <idle>-0 [007] d..1. 231.448857: cpuidle_not_available > <-do_idle > [..] > > Not too read only! > > I change permissions all the time for tracefs files, so I don't want > that changed. > > This is not the same as sysfs. Let's keep it simple. Have all the open > callers that can do writes return error -EACCES if a file allows writes > and is open for write, but is part of the read only instance. OK. Thank you, > > -- Steve > -- Masami Hiramatsu (Google) <[email protected]>
