| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Oct 2014 21:10:25 +0200 From: Heinrich Schuchardt <xypron.glpk@....de> To: Jan Kara <jack@...e.cz> CC: Alexander Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Eric Paris <eparis@...isplace.org>, John McCutchan <john@...nmccutchan.com>, Robert Love <rlove@...ve.org>, Michael Kerrisk <mtk.manpages@...il.com> Subject: Re: [PATCH 1/1] fallocate: create FAN_MODIFY and IN_MODIFY events On 06.10.2014 16:12, Jan Kara wrote: > On Fri 03-10-14 10:19:30, Heinrich Schuchardt wrote: >> The fanotify and the inotify API can used to monitor changes of the file >> system. >> >> System call fallocate modifies files. Hence it should trigger the corresponding >> fanotify (FAN_MODIFY) and inotify (IN_MODIFY) events. >> >> This patch adds the missing call to fsnotify_modify. > Well, there are different fallocate() commands and e.g. pure > FALLOC_FL_KEEP_SIZE call will not change any data in the file. I'm not sure > how much we care but I wanted to point that out... The most interesting case is FALLOC_FL_COLLAPSE_RANGE because this value allows to create arbitrary file content from random data. Hence I think we really need to create FAN_MODIFY in this case. As the fallocate(2) man page teaches: After a successful call, subsequent writes into the range specified by offset and len are guaranteed not to fail because of lack of disk space. So calling fallocate(fd, FALLOC_FL_KEEP_SIZE, offset, len) may result in different outcomes of a subsequent write depending on the values of offset and len. Calling fallocate for a region already zeroed will not result in any data change. I would like to compare fallocate() with write(). When we call write() we always create a FAN_MODIFY event even in the case of overwriting with identical data. So event FAN_MODIFY does not provide any guarantee that data was actually changed. In analogy to write() I suggest to keep the logic for fallocate() as trivial as possible: If fallocate() succeeds, create IN_MODIFY and FAN_MODIFY events. Best regards Heinrich Schuchardt > >> Signed-off-by: Heinrich Schuchardt <xypron.glpk@....de> >> --- >> fs/open.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/fs/open.c b/fs/open.c >> index d6fd3ac..03aa8e5 100644 >> --- a/fs/open.c >> +++ b/fs/open.c >> @@ -295,6 +295,11 @@ int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len) >> >> sb_start_write(inode->i_sb); >> ret = file->f_op->fallocate(file, mode, offset, len); >> + >> + /* Create inotify and fanotify events. */ >> + if (ret == 0) >> + fsnotify_modify(file); >> + >> sb_end_write(inode->i_sb); >> return ret; >> } >> -- >> 2.1.0 >> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists