lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <442e060a-de74-1e54-4fa3-5e4d35597dbe@huawei.com> Date: Thu, 15 Dec 2022 16:41:17 +0800 From: Zhang Yi <yi.zhang@...wei.com> To: Theodore Ts'o <tytso@....edu>, Jan Kara <jack@...e.cz> CC: <linux-ext4@...r.kernel.org>, <adilger.kernel@...ger.ca>, <yi.zhang@...weicloud.com>, <yukuai3@...wei.com>, <ritesh.list@...il.com> Subject: Re: [RFC PATCH] ext4: dio take shared inode lock when overwriting preallocated blocks On 2022/12/15 2:52, Theodore Ts'o wrote: > On Wed, Dec 14, 2022 at 06:01:25PM +0100, Jan Kara wrote: >> >> Besides some naming nits (see below) I think this should work. But I have >> to say I'm a bit uneasy about this because we will now be changing block >> mapping from unwritten to written only with shared i_rwsem. OTOH that >> happens during writeback as well so we should be fine and the gain is very >> nice. > > Hmm.... when I was looking potential impacts of the change what > ext4_overwrite_io() would do, I looked at the current user of that > function in ext4_dio_write_checks(). > > /* > * Determine whether the IO operation will overwrite allocated > * and initialized blocks. > * We need exclusive i_rwsem for changing security info > * in file_modified(). > */ > if (*ilock_shared && (!IS_NOSEC(inode) || *extend || > !ext4_overwrite_io(inode, offset, count))) { > if (iocb->ki_flags & IOCB_NOWAIT) { > ret = -EAGAIN; > goto out; > } > inode_unlock_shared(inode); > *ilock_shared = false; > inode_lock(inode); > goto restart; > } > > ret = file_modified(file); > if (ret < 0) > goto out; > > What is confusing me is the comment, "We need exclusive i_rwsem for > changing security info in file_modified().". But then we end up > calling file_modified() unconditionally, regardless of whether we've > transitioned from a shared lock to an exclusive lock. > > So file_modified() can get called either with or without the inode > locked r/w. I realize that this patch doesn't change this > inconsistency, but it appears either the comment is wrong, or the code > is wrong. > > What am I missing? > IIUC, both of the comment and the code are correct, the __file_remove_privs() in file_modified() should execute under exclusive lock, and we have already check the IS_NOSEC(inode) and could make sure taking exclusive lock before we remove privs. If we take share lock, __file_remove_privs() will return directly because below check. So it's find now, but it looks that call file_update_time() is enough for the shared lock case. int file_update_time(struct file *file) { if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode)) return 0; ... } Thanks, Yi.
Powered by blists - more mailing lists