lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 13 Jan 2020 16:20:05 -0800
From:   Ira Weiny <ira.weiny@...el.com>
To:     "Darrick J. Wong" <darrick.wong@...cle.com>
Cc:     linux-kernel@...r.kernel.org,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Dan Williams <dan.j.williams@...el.com>,
        Dave Chinner <david@...morbit.com>,
        Christoph Hellwig <hch@....de>,
        "Theodore Y. Ts'o" <tytso@....edu>, Jan Kara <jack@...e.cz>,
        linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org,
        linux-fsdevel@...r.kernel.org
Subject: Re: [RFC PATCH V2 07/12] fs: Add locking for a dynamic inode 'mode'

On Mon, Jan 13, 2020 at 02:12:18PM -0800, Darrick J. Wong wrote:
> On Fri, Jan 10, 2020 at 11:29:37AM -0800, ira.weiny@...el.com wrote:
> > From: Ira Weiny <ira.weiny@...el.com>

[snip]

> >  
> >  The File Object
> >  ---------------
> > @@ -437,6 +459,8 @@ As of kernel 2.6.22, the following members are defined:
> >  		int (*atomic_open)(struct inode *, struct dentry *, struct file *,
> >  				   unsigned open_flag, umode_t create_mode);
> >  		int (*tmpfile) (struct inode *, struct dentry *, umode_t);
> > +		void (*lock_mode)(struct inode *);
> > +		void (*unlock_mode)(struct inode *);
> 
> Yikes.  "mode" has a specific meaning for inodes, and this lock isn't
> related to i_mode.  This lock protects aops from changing while an
> address space operation is in use.

Ah...  yea ok mode is a bad name.

> 
> >  	};
> >  
> >  Again, all methods are called without any locks being held, unless
> > @@ -584,6 +608,12 @@ otherwise noted.
> >  	atomically creating, opening and unlinking a file in given
> >  	directory.
> >  
> > +``lock_mode``
> > +	called to prevent operations which depend on the inode's mode from
> > +        proceeding should a mode change be in progress
> 
> "Inodes can't change mode, because files do not suddenly become
> directories". ;)

Yea sorry.

> 
> Oh, you meant "lock_XXXX is called to prevent a change in the pagecache
> mode from proceeding while there are address space operations in
> progress".  So these are really more aops get and put functions...

At first I actually did have aops get/put functions but this is really
protecting more than the aops vector because as Christoph said there are file
operations which need to be protected not just address space operations.

But I agree "mode" is a bad name...  Sorry...

> 
> > +``unlock_mode``
> > +	called when critical mode dependent operation is complete
> >  
> >  The Address Space Object
> >  ========================
> > diff --git a/fs/ioctl.c b/fs/ioctl.c
> > index 7c9a5df5a597..ed6ab5303a24 100644
> > --- a/fs/ioctl.c
> > +++ b/fs/ioctl.c
> > @@ -55,18 +55,29 @@ EXPORT_SYMBOL(vfs_ioctl);
> >  static int ioctl_fibmap(struct file *filp, int __user *p)
> >  {
> >  	struct address_space *mapping = filp->f_mapping;
> > +	struct inode *inode = filp->f_inode;
> >  	int res, block;
> >  
> > +	lock_inode_mode(inode);
> > +
> >  	/* do we support this mess? */
> > -	if (!mapping->a_ops->bmap)
> > -		return -EINVAL;
> > -	if (!capable(CAP_SYS_RAWIO))
> > -		return -EPERM;
> > +	if (!mapping->a_ops->bmap) {
> > +		res = -EINVAL;
> > +		goto out;
> > +	}
> > +	if (!capable(CAP_SYS_RAWIO)) {
> > +		res = -EPERM;
> > +		goto out;
> 
> Why does the order of these checks change here?

I don't understand?  The order does not change we just can't return without
releasing the lock.  And to protect against bmap changing the lock needs to be
taken first.

[snip]

> >  
> > +static inline void lock_inode_mode(struct inode *inode)
> 
> inode_aops_get()?

Let me think on this.  This is not just getting a reference to the aops vector.
It is more than that...  and inode_get is not right either!  ;-P

> 
> > +{
> > +	WARN_ON_ONCE(inode->i_op->lock_mode &&
> > +		     !inode->i_op->unlock_mode);
> > +	if (inode->i_op->lock_mode)
> > +		inode->i_op->lock_mode(inode);
> > +}
> > +static inline void unlock_inode_mode(struct inode *inode)
> > +{
> > +	WARN_ON_ONCE(inode->i_op->unlock_mode &&
> > +		     !inode->i_op->lock_mode);
> > +	if (inode->i_op->unlock_mode)
> > +		inode->i_op->unlock_mode(inode);
> > +}
> > +
> >  static inline ssize_t call_read_iter(struct file *file, struct kiocb *kio,
> >  				     struct iov_iter *iter)
> 
> inode_aops_put()?

...  something like that but not 'aops'...

Ira

> 
> --D
> 

Powered by blists - more mailing lists