Re: [PATCH v6 2/4] tracing: Make the backup instance non-reusable
From: Google
Date: Wed Feb 11 2026 - 23:24:18 EST
On Wed, 11 Feb 2026 10:42:44 -0500
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> On Tue, 10 Feb 2026 14:14:15 +0900
> Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx> wrote:
>
> > Hmm, OK. Now I found how sysfs handles it.
> >
> > /*
> > * For regular files, if the opener has CAP_DAC_OVERRIDE, open(2)
> > * succeeds regardless of the RW permissions. sysfs had an extra
> > * layer of enforcement where open(2) fails with -EACCES regardless
> > * of CAP_DAC_OVERRIDE if the permission doesn't have the
> > * respective read or write access at all (none of S_IRUGO or
> > * S_IWUGO) or the respective operation isn't implemented. The
> > * following flag enables that behavior.
> > */
> > KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK = 0x0002,
> >
> > So for the similar reason, I will make tracefs to check the permission
> > even if CAP_DAC_OVERRIDE is set. (But this check should be done in general,
> > instead of each open() operation)
> >
>
> I don't believe this is the same. This is about an instance being truly
> read only. The instance is special, not the files. Note, permissions can
> be changed by root too.
Ah, OK. Let me add read only checks in all related .open operations.
> After applying your patches, I did the following:
>
> ~# cd /sys/kernel/tracing/instances/backup/
> ~# ls -l current_tracer
> -r--r----- 1 root root 0 Feb 11 10:29 current_tracer
>
> ~# cat current_tracer
> nop
>
> ~# cat trace
> # tracer: nop
> #
> # entries-in-buffer/entries-written: 0/0 #P:8
> #
> # _-----=> irqs-off/BH-disabled
> # / _----=> need-resched
> # | / _---=> hardirq/softirq
> # || / _--=> preempt-depth
> # ||| / _-=> migrate-disable
> # |||| / delay
> # TASK-PID CPU# ||||| TIMESTAMP FUNCTION
> # | | | ||||| | |
>
> ~# chmod 664 current_tracer
> ~# ls -l current_tracer
> -rw-rw-r-- 1 root root 0 Feb 11 10:29 current_tracer
Ah, OK...
>
> ~# echo function > current_tracer
> ~# cat current_tracer
> function
>
> ~# cat trace
> # tracer: function
> #
> # entries-in-buffer/entries-written: 1750306/2076556 #P:8
> #
> # _-----=> irqs-off/BH-disabled
> # / _----=> need-resched
> # | / _---=> hardirq/softirq
> # || / _--=> preempt-depth
> # ||| / _-=> migrate-disable
> # |||| / delay
> # TASK-PID CPU# ||||| TIMESTAMP FUNCTION
> # | | | ||||| | |
> bash-1056 [001] ..... 231.448852: mutex_unlock <-tracing_set_tracer
> <idle>-0 [002] ...1. 231.448853: arch_cpu_idle_exit <-do_idle
> ##### CPU 7 buffer started ####
> <idle>-0 [007] ...1. 231.448853: arch_cpu_idle_exit <-do_idle
> bash-1056 [001] ..... 231.448854: __mutex_unlock_slowpath <-tracing_set_tracer
> <idle>-0 [002] d..1. 231.448855: arch_cpu_idle_enter <-do_idle
> <idle>-0 [007] d..1. 231.448855: arch_cpu_idle_enter <-do_idle
> <idle>-0 [007] d..1. 231.448855: tsc_verify_tsc_adjust <-arch_cpu_idle_enter
> <idle>-0 [002] d..1. 231.448855: tsc_verify_tsc_adjust <-arch_cpu_idle_enter
> bash-1056 [001] d.... 231.448856: fpregs_assert_state_consistent <-arch_exit_to_user_mode_prepare
> <idle>-0 [007] d..1. 231.448856: local_touch_nmi <-do_idle
> <idle>-0 [002] d..1. 231.448856: local_touch_nmi <-do_idle
> bash-1056 [001] d.... 231.448856: switch_fpu_return <-arch_exit_to_user_mode_prepare
> <idle>-0 [007] d..1. 231.448856: rcu_nocb_flush_deferred_wakeup <-do_idle
> <idle>-0 [002] d..1. 231.448856: rcu_nocb_flush_deferred_wakeup <-do_idle
> <idle>-0 [007] d..1. 231.448857: cpuidle_get_cpu_driver <-do_idle
> <idle>-0 [002] d..1. 231.448857: cpuidle_get_cpu_driver <-do_idle
> <idle>-0 [007] d..1. 231.448857: cpuidle_not_available <-do_idle
> [..]
>
> Not too read only!
>
> I change permissions all the time for tracefs files, so I don't want
> that changed.
>
> This is not the same as sysfs. Let's keep it simple. Have all the open
> callers that can do writes return error -EACCES if a file allows writes
> and is open for write, but is part of the read only instance.
OK.
Thank you,
>
> -- Steve
>
--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>