lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 16 Mar 2007 03:26:24 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	"Pekka Enberg" <penberg@...helsinki.fi>
Cc:	linux-kernel@...r.kernel.org, hch@...radead.org,
	alan@...rguk.ukuu.org.uk
Subject: Re: [PATCH 2/5] revoke: core code

On Fri, 16 Mar 2007 08:44:46 +0200 "Pekka Enberg" <penberg@...helsinki.fi> wrote:

> On 3/16/07, Andrew Morton <akpm@...ux-foundation.org> wrote:
> > Why is this code using invalidate_inode_pages2()?  That function keeps on
> > breaking, has ill-defined semantics and will probably change in the future.
> >
> > Exactly what semantics are you looking for here, and why?
> 
> What the comment says "make pending reads fail." When revoking an
> inode, we need to make sure there are no pending I/O that will
> complete after revocation and thus leak information.

hm, let's define "pending".

I assume that any future callers to sys_read() will reliably do the right
thing at this stage, so we are concerned with threads which are presently
partway through a read from this inode?

If that's not accurate then please describe with some detail exactly what
semantics you're looking for here.

If it _is_ accurate then hm, tricky.  It all rather depends upon how the
relevant filesystem implements reading (and writing?).  Which is why you
made it a file_operation, fair enough.

But even for ext2 and ext3 (please keep ext4 in sync with ext3 changes,
btw), if some process is partway through a big page_cache_readahead()
operation then a concurrent invalidate_inode_pages2() call won't worry it
at all: the pagecache will be reinstantiated and do_generic_mapping_read()
will proceed to copy that pagecache out to the user after the revoke() has
returned.  I think.

I'm afraid I havent paid any attention to this revoke proposal before, I
don't understand the usecases nor the implementation details so things
which are implicitly-obvious-to-you must be explained to me.  But others
will benefit from that explanation too ;)  What, exactly, are we trying to do
with the already-opened files and the currently-in-progress syscalls?

(A concurrent direct-io read might be a problem too?)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ