lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 14 Jan 2020 20:37:38 +0100
From:   Miklos Szeredi <>
To:     David Howells <>
Cc:     Al Viro <>,,
        Christoph Hellwig <>,
        "Theodore Ts'o" <>,
        Andreas Dilger <>,
        "Darrick J. Wong" <>,
        Chris Mason <>, Josef Bacik <>,,,
        linux-xfs <>,,
Subject: Re: Making linkat() able to overwrite the target

On Tue, Jan 14, 2020 at 7:06 PM David Howells <> wrote:
> Al Viro <> wrote:
> > > Would it be possible to make linkat() take a flag, say AT_LINK_REPLACE,
> > > that causes the target to be replaced and not give EEXIST?  Or make it so
> > > that rename() can take a tmpfile as the source and replace the target with
> > > that.  I presume that, either way, this would require journal changes on
> > > ext4, xfs and btrfs.
> >
> > Umm...  I don't like the idea of linkat() doing that - you suddenly get new
> > fun cases to think about (what should happen when the target is a mountpoint,
> > for starters?
> Don't allow it onto directories, S_AUTOMOUNT-marked inodes or anything that's
> got something mounted on it.
> > ) _and_ you would have to add a magical flag to vfs_link() so
> > that it would know which tests to do.
> Yes, I suggested AT_LINK_REPLACE as said magical flag.
> > As for rename...
> Yeah - with further thought, rename() doesn't really work as an interface,
> particularly if a link has already been made.
> Do you have an alternative suggestion?  There are two things I want to avoid:
>  (1) Doing unlink-link or unlink-create as that leaves a window where the
>      cache file is absent.
>  (2) Creating replacement files in a temporary directory and renaming from
>      there over the top of the target file as the temp dir would then be a
>      bottleneck that spends a lot of time locked for creations and renames.

Create multiple sub-temp-dirs and use them alternatively.

I think there was a report for overlayfs with the same bottleneck
(copy up uses a temp dir, but now only for non-regular).  Hasn't
gotten around to implementing this idea yet.


Powered by blists - more mailing lists