lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jan 2020 20:37:38 +0100 From: Miklos Szeredi <miklos@...redi.hu> To: David Howells <dhowells@...hat.com> Cc: Al Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, Christoph Hellwig <hch@....de>, "Theodore Ts'o" <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, "Darrick J. Wong" <darrick.wong@...cle.com>, Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>, dsterba@...e.com, linux-ext4@...r.kernel.org, linux-xfs <linux-xfs@...r.kernel.org>, linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Making linkat() able to overwrite the target On Tue, Jan 14, 2020 at 7:06 PM David Howells <dhowells@...hat.com> wrote: > > Al Viro <viro@...iv.linux.org.uk> wrote: > > > > Would it be possible to make linkat() take a flag, say AT_LINK_REPLACE, > > > that causes the target to be replaced and not give EEXIST? Or make it so > > > that rename() can take a tmpfile as the source and replace the target with > > > that. I presume that, either way, this would require journal changes on > > > ext4, xfs and btrfs. > > > > Umm... I don't like the idea of linkat() doing that - you suddenly get new > > fun cases to think about (what should happen when the target is a mountpoint, > > for starters? > > Don't allow it onto directories, S_AUTOMOUNT-marked inodes or anything that's > got something mounted on it. > > > ) _and_ you would have to add a magical flag to vfs_link() so > > that it would know which tests to do. > > Yes, I suggested AT_LINK_REPLACE as said magical flag. > > > As for rename... > > Yeah - with further thought, rename() doesn't really work as an interface, > particularly if a link has already been made. > > Do you have an alternative suggestion? There are two things I want to avoid: > > (1) Doing unlink-link or unlink-create as that leaves a window where the > cache file is absent. > > (2) Creating replacement files in a temporary directory and renaming from > there over the top of the target file as the temp dir would then be a > bottleneck that spends a lot of time locked for creations and renames. Create multiple sub-temp-dirs and use them alternatively. I think there was a report for overlayfs with the same bottleneck (copy up uses a temp dir, but now only for non-regular). Hasn't gotten around to implementing this idea yet. Thanks, Miklos
Powered by blists - more mailing lists