lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y5obcGLDZuw/NWOh@mit.edu> Date: Wed, 14 Dec 2022 13:52:32 -0500 From: "Theodore Ts'o" <tytso@....edu> To: Jan Kara <jack@...e.cz> Cc: Zhang Yi <yi.zhang@...wei.com>, linux-ext4@...r.kernel.org, adilger.kernel@...ger.ca, yi.zhang@...weicloud.com, yukuai3@...wei.com Subject: Re: [RFC PATCH] ext4: dio take shared inode lock when overwriting preallocated blocks On Wed, Dec 14, 2022 at 06:01:25PM +0100, Jan Kara wrote: > > Besides some naming nits (see below) I think this should work. But I have > to say I'm a bit uneasy about this because we will now be changing block > mapping from unwritten to written only with shared i_rwsem. OTOH that > happens during writeback as well so we should be fine and the gain is very > nice. Hmm.... when I was looking potential impacts of the change what ext4_overwrite_io() would do, I looked at the current user of that function in ext4_dio_write_checks(). /* * Determine whether the IO operation will overwrite allocated * and initialized blocks. * We need exclusive i_rwsem for changing security info * in file_modified(). */ if (*ilock_shared && (!IS_NOSEC(inode) || *extend || !ext4_overwrite_io(inode, offset, count))) { if (iocb->ki_flags & IOCB_NOWAIT) { ret = -EAGAIN; goto out; } inode_unlock_shared(inode); *ilock_shared = false; inode_lock(inode); goto restart; } ret = file_modified(file); if (ret < 0) goto out; What is confusing me is the comment, "We need exclusive i_rwsem for changing security info in file_modified().". But then we end up calling file_modified() unconditionally, regardless of whether we've transitioned from a shared lock to an exclusive lock. So file_modified() can get called either with or without the inode locked r/w. I realize that this patch doesn't change this inconsistency, but it appears either the comment is wrong, or the code is wrong. What am I missing? - Ted
Powered by blists - more mailing lists