lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y5obcGLDZuw/NWOh@mit.edu>
Date:   Wed, 14 Dec 2022 13:52:32 -0500
From:   "Theodore Ts'o" <tytso@....edu>
To:     Jan Kara <jack@...e.cz>
Cc:     Zhang Yi <yi.zhang@...wei.com>, linux-ext4@...r.kernel.org,
        adilger.kernel@...ger.ca, yi.zhang@...weicloud.com,
        yukuai3@...wei.com
Subject: Re: [RFC PATCH] ext4: dio take shared inode lock when overwriting
 preallocated blocks

On Wed, Dec 14, 2022 at 06:01:25PM +0100, Jan Kara wrote:
> 
> Besides some naming nits (see below) I think this should work. But I have
> to say I'm a bit uneasy about this because we will now be changing block
> mapping from unwritten to written only with shared i_rwsem. OTOH that
> happens during writeback as well so we should be fine and the gain is very
> nice.

Hmm.... when I was looking potential impacts of the change what
ext4_overwrite_io() would do, I looked at the current user of that
function in ext4_dio_write_checks().

	/*
	 * Determine whether the IO operation will overwrite allocated
	 * and initialized blocks.
	 * We need exclusive i_rwsem for changing security info
	 * in file_modified().
	 */
	if (*ilock_shared && (!IS_NOSEC(inode) || *extend ||
	     !ext4_overwrite_io(inode, offset, count))) {
		if (iocb->ki_flags & IOCB_NOWAIT) {
			ret = -EAGAIN;
			goto out;
		}
		inode_unlock_shared(inode);
		*ilock_shared = false;
		inode_lock(inode);
		goto restart;
	}

	ret = file_modified(file);
	if (ret < 0)
		goto out;

What is confusing me is the comment, "We need exclusive i_rwsem for
changing security info in file_modified().".  But then we end up
calling file_modified() unconditionally, regardless of whether we've
transitioned from a shared lock to an exclusive lock.

So file_modified() can get called either with or without the inode
locked r/w.  I realize that this patch doesn't change this
inconsistency, but it appears either the comment is wrong, or the code
is wrong.

What am I missing?

						- Ted

Powered by blists - more mailing lists