lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 Jan 2020 17:02:50 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     David Howells <dhowells@...hat.com>
Cc:     linux-fsdevel@...r.kernel.org, hch@....de, tytso@....edu,
        adilger.kernel@...ger.ca, darrick.wong@...cle.com, clm@...com,
        josef@...icpanda.com, dsterba@...e.com, linux-ext4@...r.kernel.org,
        linux-xfs@...r.kernel.org, linux-btrfs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: Making linkat() able to overwrite the target

On Tue, Jan 14, 2020 at 04:34:25PM +0000, David Howells wrote:
> With my rewrite of fscache and cachefiles:
> 
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=fscache-iter
> 
> when a file gets invalidated by the server - and, under some circumstances,
> modified locally - I have the cache create a temporary file with vfs_tmpfile()
> that I'd like to just link into place over the old one - but I can't because
> vfs_link() doesn't allow you to do that.  Instead I have to either unlink the
> old one and then link the new one in or create it elsewhere and rename across.
> 
> Would it be possible to make linkat() take a flag, say AT_LINK_REPLACE, that
> causes the target to be replaced and not give EEXIST?  Or make it so that
> rename() can take a tmpfile as the source and replace the target with that.  I
> presume that, either way, this would require journal changes on ext4, xfs and
> btrfs.

Umm...  I don't like the idea of linkat() doing that - you suddenly get new
fun cases to think about (what should happen when the target is a mountpoint,
for starters?) _and_ you would have to add a magical flag to vfs_link() so
that it would know which tests to do.  As for rename...  How would that
work?  AT_EMPTY_PATH for source?  What happens if two threads do that
at the same time?  Should that case be always "create a new link, even
if you've got it by plain lookup somewhere"?  Worse, suppose you do that
to given tmpfile; what should happen to /proc/self/fd/* link to it?  Should
it point to new location, or...?

Powered by blists - more mailing lists