| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Mar 2011 12:30:41 +1100 From: Dave Chinner <david@...morbit.com> To: Andreas Dilger <adilger.kernel@...ger.ca> Cc: Marco Stornelli <marco.stornelli@...il.com>, Linux Kernel <linux-kernel@...r.kernel.org>, Linux FS Devel <linux-fsdevel@...r.kernel.org> Subject: Re: [PATCH v3] Check for immutable/append flag in fallocate path On Mon, Mar 07, 2011 at 10:38:37PM -0700, Andreas Dilger wrote: > On 2011-03-07, at 10:11 PM, Dave Chinner wrote: > > On Sat, Mar 05, 2011 at 10:37:45AM +0100, Marco Stornelli wrote: > >> From: Marco Stornelli <marco.stornelli@...il.com> > >> > >> In the fallocate path the kernel doesn't check for the immutable/append > >> flag. It's possible to have a race condition in this scenario: an > >> application open a file in read/write and it does something, meanwhile > >> root set the immutable flag on the file, the application at that point > >> can call fallocate with success. In addition, we don't allow to do any > >> unreserve operation on an append only file but only the reserve one. > >> > >> Signed-off-by: Marco Stornelli <marco.stornelli@...il.com> > >> --- > >> Patch is against 2.6.38-rc7 > >> > >> ChangeLog: > >> v3: Modified do_fallocate instead of every single fs > >> v2: Added the check for append-only file for XFS > >> v1: First draft > >> > >> --- open.c.orig 2011-03-01 22:55:12.000000000 +0100 > >> +++ open.c 2011-03-04 15:28:43.000000000 +0100 > >> @@ -233,6 +233,14 @@ int do_fallocate(struct file *file, int > >> > >> if (!(file->f_mode & FMODE_WRITE)) > >> return -EBADF; > >> + > >> + /* It's not possible punch hole on append only file */ > >> + if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode)) > >> + return -EPERM; > > > > Seeing as I didn't get an answer in before you reposted, I still > > think punching an append-only file is a valid thing to want to do. > > > > I've seen this done in the past for application-level transaction > > journal files. The journal file is append only so new transactions > > can only be written at the end of the file i.e. you cannot overwrite > > (and therefore corrupt) existing transactions. However, once a > > transaction is complete and the changes flushed to disk, the > > transaction is punched out of the file to zero the range so it > > doesn't get replayed during recovery after a system crash. > > To my thinking "append only" means just that - only new data can > be written at the end of the file, and existing data cannot be > modified. Allowing hole punch on such a file (e.g. range 0 .. ~0) > would allow erasing all of the data, entirely bypassing the > append-only flag. Not worth arguing over. XFS_IOC_UNRESVSP won't get changed, so the applications already doing this can just keep using that interface... Cheers, Dave. -- Dave Chinner david@...morbit.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists