lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 02 Feb 2008 09:00:44 +0100
From:	Miklos Szeredi <miklos@...redi.hu>
To:	staubach@...hat.com
CC:	miklos@...redi.hu, linux-kernel@...r.kernel.org,
	linux-nfs@...r.kernel.org, akpm@...ux-foundation.org,
	trond.myklebust@....uio.no, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)

> >>>       
> >> Would you describe the situation that would cause the kernel to
> >> go into an infinite loop, please?
> >>     
> >
> > The patch basically does:
> >
> > 	do {
> > 		...
> > 		error = inode->i_op->foo()
> > 		...
> > 	} while (error == ESTALE);
> >
> > What is the guarantee, that ->foo() will not always return ESTALE?
> 
> You skimmed over some stuff, like the pathname lookup component
> contained in the first set of dots...
> 
> I can't guarantee that ->foo() won't always return ESTALE.
> 
> That said, the loop is not unbreakable.  At least for NFS, a signal
> to the process will interrupt the loop because the error returned
> will change from ESTALE to EINTR.

In FUSE interrupts are sent to userspace, and the filesystem decides
what to do with them.  So it is entirely possible and valid for a
filesystem to ignore an interrupt.  If an operation was non-blocking
(such as one returning an error), then there would in fact be no
purpose in checking interrupts.

So while sending a signal might reliably work in NFS to break out of
the loop, it does not necessarily work for other filesystems, and fuse
may not be the only one affected.

Also up till now, returning ESTALE in a fuse filesystem was a
perfectly valid thing to do.  This patch changes the behavior of that
rather drastically.  There might be installed systems that rely on
current behavior, and we want to avoid breaking those on a kernel
upgrade.

A few solutions come to mind, perhaps the best is to introduce a
kernel internal errno value (ERETRYSTALE), that forces the relevant
system calls to be retried.

NFS could transform ESTALE errors to ERETRYSTALE and get the desired
behavior, while other filesystems would not be affected.

Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ