| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Feb 2023 16:08:49 -0700
From: Andreas Dilger <adilger@...ger.ca>
To: "Matthew Wilcox (Oracle)" <willy@...radead.org>
Cc: linux-fsdevel@...r.kernel.org, linux-afs@...ts.infradead.org,
linux-btrfs@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-mm@...ck.org, Hugh Dickins <hughd@...gle.com>,
linux-kernel@...r.kernel.org, fstests@...r.kernel.org
Subject: Re: [PATCH 0/5] Fix a minor POSIX conformance problem
On Feb 2, 2023, at 1:44 PM, Matthew Wilcox (Oracle) <willy@...radead.org> wrote:
>
> POSIX requires that on ftruncate() expansion, the new bytes must read
> as zeroes. If someone's mmap()ed the file and stored past EOF, for
> most filesystems the bytes in that page will be not-zero. It's a
> pretty minor violation; someone could race you and write to the file
> between the ftruncate() call and you reading from it, but it's a bit
> of a QOI violation.
Is it possible to have mmap return SIGBUS for the writes beyond EOF?
On the one hand, that might indicate incorrect behavior of the application,
and on the other hand, it seems possible that the application doesn't
know it is writing beyond EOF and expects that data to be read back OK?
What happens if it is writing beyond EOF, but the block hasn't even been
allocated because PAGE_SIZE > blocksize?
IMHO, this seems better to stop the root of the problem (mmap() allowing
bad writes), rather than trying to fix it after the fact.
Cheers, Andreas
> I've tested xfs (passes before & after), ext4 and tmpfs (both fail
> before, pass after). Testing from other FS developers appreciated.
> fstest to follow; not sure how to persuade git-send-email to work on
> multiple repositories
>
> Matthew Wilcox (Oracle) (5):
> truncate: Zero bytes after 'oldsize' if we're expanding the file
> ext4: Zero bytes after 'oldsize' if we're expanding the file
> tmpfs: Zero bytes after 'oldsize' if we're expanding the file
> afs: Zero bytes after 'oldsize' if we're expanding the file
> btrfs: Zero bytes after 'oldsize' if we're expanding the file
>
> fs/afs/inode.c | 2 ++
> fs/btrfs/inode.c | 1 +
> fs/ext4/inode.c | 1 +
> mm/shmem.c | 2 ++
> mm/truncate.c | 7 +++++--
> 5 files changed, 11 insertions(+), 2 deletions(-)
>
> --
> 2.35.1
>
Cheers, Andreas
Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)
Powered by blists - more mailing lists