| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 07 Dec 2012 12:36:35 -0500 From: Ric Wheeler <rwheeler@...hat.com> To: Ingo Molnar <mingo@...nel.org> CC: Christoph Hellwig <hch@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Martin Steigerwald <Martin@...htvoll.de>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Dave Chinner <david@...morbit.com>, "Theodore Ts'o" <tytso@....edu>, linux-fsdevel <linux-fsdevel@...r.kernel.org> Subject: Re: [PATCH, 3.7-rc7, RESEND] fs: revert commit bbdd6808 to fallocate UAPI On 12/06/2012 08:16 PM, Ingo Molnar wrote: > * Christoph Hellwig <hch@...radead.org> wrote: > >> No, the problem is that the thing is not just a) wrong, but b) >> only made it in through sneaky ways. > People disagree with a), and b) only really matters if a) is > true. > > You never gave a technical reason for why protecting against > future ABI clashes is 'wrong'. It looks like a marginally > useful, practical patch to me. > > Thanks, > > Ingo > Hi Ingo, The historical roots of the argument are not quite as clear here as you posit above. The need for the interface/ABI itself was the subject of the review. The interface proposed - expose any deleted data without zeroing it - was requested not to enable a tool or fix a specific need. It was proposed in order to avoid tripping over an ext4 performance problem that occurs when we change allocated-but-unwritten extents into allocated and written. This is a huge break with very long standing file system semantics - normally, we always promise to return to the application only data that you wrote or return zeroed blocks of data if you allocated it and did not write it. This allows you to fallocate all unused space on disk, seek around and poke for other peoples' deleted data. Aside from the obvious violation of expected privacy of deleted data (for non-root users at least), it could also break things that have the original expectations in place. After LSF, we did try to reproduce the use case (not with a lot of success) and had several proposed ways to fix the ext4 performance challenge instead of using this hack to avoid it. I would prefer to fix the performance issue in ext4 rather than add an interface that has no actual users of the actual feature - it exists for applications that want to avoid an unfortunate performance hit from something that we could work around. If there are legitimate needs to expose the data to non-root users, it would be good to have that debate in the open and clarify the correct interface. The process issue exposed is not one where "bike shedding" occurred - the proposed feature was discussed in person at LSF and on the mailing lists and debated and rejected. Review is part of the way we work as a community and we should figure out how to fix our review process so that we can have meaningful results from the review or we lose confidence in the process and it makes it much harder to get reviewers to spend time reviewing when their reviews are ultimately ignored. Regards, Ric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists