lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Nov 2016 09:53:43 +0000
From:   David Howells <dhowells@...hat.com>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     dhowells@...hat.com, Dave Chinner <david@...morbit.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] statx: Add a system call to make enhanced file info available

Andreas Dilger <adilger@...ger.ca> wrote:

> > What happens when an application uses STATX_ALL from a future kernel
> > that defines more flags than are initially supported, and that
> > application then is run on a kernel that onyl supports the initial
> > fields?
> 
> Fields that are unknown by the current kernel/filesystem will not be set,
> and this is reflected in the flags that are returned to userspace.

Yep.

A userspace program can stick 0xffffffff in there if it wants.  No error will
be incurred.  It just won't necessarily get anything back for each of those
bits.  That said, if we, say, want to reserve bit 31 as a struct extension
bit, sticking in 0xffffffff without knowing what this is going to do to you on
a kernel that supports a longer struct might give you a problem.

But, basically, STATX_ALL indicates what flags have fields in the copy of the
struct you got from the header file.

There's an extra scenario: you could compile your userspace program against
the headers for a particular kernel and then run against a later kernel.  In
such a case, you may find bits set that are outside STATX_ALL in stx_mask.
However, you don't have definitions for those bits and can only ignore them.

> > Again, we have many more common and extended flags than this.
> > NOATIME and SYNC are two that immediately come to mind as generic
> > flags that should be in this...
> 
> Sure, and they can be added incrementally in a later patch.  I'm not
> sure why NOATIME and SYNC are missing, and I'm not against adding them,
> but it is equally likely that they were removed in a previous round of
> bikeshedding to avoid some real or perceived issue, so that this patch
> can finally land rather than being in limbo for another 5 years.

Does it make sense to return them through statx?  Note that NOATIME might be
considered superfluous given that STATX_ATIME is cleared in such a case.

> >> New flags include:
> >> 
> >> 	STATX_ATTR_NONUNIX_OWNERSHIP	File doesn't have Unixy ownership
> >> 	STATX_ATTR_HAS_ACL		File has an ACL
> > 
> > So statx will require us to do ACL lookups? i.e. instead of just
> > reading the inode to get the information, we'll also have to do
> > extended attribute lookups? That's potentially very expensive if
> > the extended attribute is not stored in the inode....
> 
> No, there is no requirement to return anything that the caller didn't
> ask for.  Only fields that are explicitly requested need to be returned,
> and others can optionally be returned if it is easy for the filesystem
> to do so.

Actually, Dave might have a point.  We don't necessarily know that the file
has an ACL without doing a getxattr() to probe for it - on the other hand, I
would expect the permissions check to have done precisely that.

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ