| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Jan 2012 14:49:54 -0500 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: Christoph Hellwig <hch@...radead.org> Cc: Dave Chinner <david@...morbit.com>, Greg KH <greg@...ah.com>, Andrew Morton <akpm@...ux-foundation.org>, Dmitry Kasatkin <dmitry.kasatkin@...el.com>, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3 1/1] vfs: iversion truncate bug fix On Thu, 2012-01-05 at 13:14 -0500, Christoph Hellwig wrote: > On Thu, Jan 05, 2012 at 03:53:54PM +1100, Dave Chinner wrote: > > That's seems like a rather unreliable way of detecting that a file > > has changed to me. I mean, only ext4 uses inode_inc_version() when > > it internally dirties an inode, and only ext4 sets the MS_I_VERSION > > so that inode_inc_version is only called for ext4 inodes when > > timestamps change. > > And even ext4 only does it when using the non-default "i_version" > mount option. > > > Hence just adding an increment to the truncate case doesn't seem to > > be sufficient to me. e.g. what about the equivalent case of having a > > hole punched in the file via fallocate? The file has definitely > > changed, but i_version won't change.... > > > > Perhaps bumping i_version in __mark_inode_dirty() might be the best > > way to capture all changes (other than timestamp updates) to any > > inode regardless of the filesystem type? > > It has the same problem as the timestamp updates doing that right now - > the fs can't do locking around it, and it can't return errors. That's > something affecting at least btrfs, xfs and IIRC ubifs, and probably > the cluster filesystems as well. The right answer is to replace the > timestmap updates which are the only places doing that with a method > as Josef had planned to do, and then we can include the i_version > updates in there. > > That assumes we figure out a coherent way to do it - except for the > conditional abuse in file_updates_times it's currently entirely under > fs control. So the best way to fix it would be to: > > - move the fs-private use into those filesystems actually using it. > Note that a lot less actually check for it rather than just updating > it based on some cargo cult, and most only do so for directories. > - figure a why what exact change count semantics NFS (and IMA) want > and find a way to implement them so that the fs can tell the callers > that they don't exist. > > Btw, does IMA care about these beeing persistent? By 'persistent' I assume you mean across boots. IMA (and IMA-appraisal) measure and appraise files the first time they're accessed/executed. So no, it does not need to be persistent. IMA/IMA-appraisal just need some way to detect file change in order to know whether the file needs to be re-measured/appraised on subsequent access. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists