lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 20 Jan 2010 19:52:59 -0500
From:	Valerie Aurora <vaurora@...hat.com>
To:	Erez Zadok <ezk@...sunysb.edu>
Cc:	Jan Blunck <jblunck@...e.de>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Christoph Hellwig <hch@...radead.org>,
	Andy Whitcroft <apw@...onical.com>,
	Scott James Remnant <scott@...onical.com>,
	Sandu Popa Marius <sandupopamarius@...il.com>,
	Jan Rekorajski <baggins@...h.mimuw.edu.pl>,
	"J. R. Okajima" <hooanon05@...oo.co.jp>,
	Arnd Bergmann <arnd@...db.de>,
	Vladimir Dronnikov <dronnikov@...il.com>,
	Felix Fietkau <nbd@...nwrt.org>, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 12/41] union-mount: Allow removal of a directory

On Mon, Nov 30, 2009 at 01:13:36AM -0500, Erez Zadok wrote:
> In message <1256152779-10054-13-git-send-email-vaurora@...hat.com>, Valerie Aurora writes:
> > From: Jan Blunck <jblunck@...e.de>
> > 
> > do_whiteout() allows removal of a directory when it has whiteouts but
> > is logically empty.
> > 
> > XXX - This patch abuses readdir() to check if the union directory is
> > logically empty - that is, all the entries are whiteouts (or "." or
> > "..").  Currently, we have no clean VFS interface to ask the lower
> > file system if a directory is empty.
> > 
> > Fixes:
> >  - Add ->is_directory_empty() op
> >  - Add is_directory_empty flag to dentry (ugly dcache populate)
> >  - Ask underlying fs to remove it and look for an error return
> >  - (your idea here)
> 
> Yeah, this is a difficult issue.  I think the best way would be to
> 
> 1. add an OPTIONAL ->is_directory_empty() inode op.
> 
> 2. have the VFS use some default/generic behavior ala filldir_is_empty()
>    below if inode->i_op->is_directory_empty is NULL.  I assume this behavior
>    will only need to be checked for file systems that support whiteouts in
>    the first place.
> 
> This'll provide some working behavior for all whiteout-supporting file
> systems, but allow anyone who wants to develop a more efficient method to
> provide one.

I hear you, but I'm reluctant to keep a generic version of
is_directory_empty() because, (1) you have to add support for
whiteouts and fallthrus anyway, you might as well require support for
is_directory_empty() op at the same time, (2) per-fs versions would be
undoubtedly more efficient than bouncing up and down through
readdir(), and (3) it's such an abuse. :)

> > Signed-off-by: Jan Blunck <jblunck@...e.de>
> > Signed-off-by: Valerie Aurora <vaurora@...hat.com>
> > ---
> >  fs/namei.c |   85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >  1 files changed, 85 insertions(+), 0 deletions(-)
> > 
> > diff --git a/fs/namei.c b/fs/namei.c
> > index 5da1635..9a62c75 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -2284,6 +2284,91 @@ int vfs_whiteout(struct inode *dir, struct dentry *dentry, int isdir)
> >  }
> >  
> >  /*
> > + * This is abusing readdir to check if a union directory is logically empty.
> > + * Al Viro barfed when he saw this, but Val said: "Well, at this point I'm
> > + * aiming for working, pretty can come later"
> > + */
> > +static int filldir_is_empty(void *__buf, const char *name, int namlen,
> > +			    loff_t offset, u64 ino, unsigned int d_type)
> > +{
> 
> Why not make filldir_is_empty() return a bool?  That explains more clearly
> the function's return code.
> 
> > +static int directory_is_empty(struct dentry *dentry, struct vfsmount *mnt)
> > +{
> 
> This can also return a bool.
> 
> > +static int do_whiteout(struct nameidata *nd, struct path *path, int isdir)
> > +{
> 
> 'isdir' can be bool.

In general, I'm not using bools because it doesn't fit in with the
coding style of the rest of the VFS.

> > +	struct path safe = { .dentry = dget(nd->path.dentry),
> > +			     .mnt = mntget(nd->path.mnt) };
> > +	struct dentry *dentry = path->dentry;
> > +	int err;
> 
> You might want to move the initialization of 'struct path safe' down below,
> and add a BUG_ON(!nd) before that.  I think during the development phases of
> UM, it's a good idea to have a few more debugging BUG_ON's.

I'd rather get rid of the need for struct path safe entirely...

-VAL
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ