Re: [PATCH v8 3/6] tracefs: Check file permission even if user has CAP_DAC_OVERRIDE
From: Steven Rostedt
Date: Tue Mar 24 2026 - 12:53:35 EST
On Tue, 10 Feb 2026 17:43:51 +0900
"Masami Hiramatsu (Google)" <mhiramat@xxxxxxxxxx> wrote:
Hi Masami,
Did you send a new version of this patch series yet? I don't see it.
> diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
> index d9d8932a7b9c..eb1ddc0cc13a 100644
> --- a/fs/tracefs/inode.c
> +++ b/fs/tracefs/inode.c
> @@ -212,10 +212,40 @@ static void set_tracefs_inode_owner(struct inode *inode)
> inode->i_gid = gid;
> }
>
> -static int tracefs_permission(struct mnt_idmap *idmap,
> - struct inode *inode, int mask)
> +int tracefs_permission(struct mnt_idmap *idmap,
> + struct inode *inode, int mask)
> {
> - set_tracefs_inode_owner(inode);
> + struct tracefs_inode *ti = get_tracefs(inode);
> + const struct file_operations *fops;
> +
> + if (!(ti->flags & TRACEFS_EVENT_INODE))
> + set_tracefs_inode_owner(inode);
> +
> + /*
> + * Like sysfs, file permission checks are performed even for superuser
> + * with CAP_DAC_OVERRIDE. See the KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK
> + * definition in linux/kernfs.h.
> + */
> + if (mask & MAY_OPEN) {
> + fops = inode->i_fop;
> +
> + if (mask & MAY_WRITE) {
> + if (!(inode->i_mode & 0222))
> + return -EACCES;
> + if (!fops || (!fops->write && !fops->write_iter &&
> + !fops->mmap))
> + return -EACCES;
> + }
> +
> + if (mask & MAY_READ) {
> + if (!(inode->i_mode & 0444))
> + return -EACCES;
> + if (!fops || (!fops->read && !fops->read_iter &&
> + !fops->mmap && !fops->splice_read))
> + return -EACCES;
> + }
The above if block is way too coupled with the workings of fops and is very
fragile. Is it even needed? If there are no read or write functions,
wouldn't the vfs stop it anyway?
-- Steve
> + }
> +
> return generic_permission(idmap, inode, mask);
> }