lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 23 Jan 2019 10:37:18 +0100
From:   Miklos Szeredi <miklos@...redi.hu>
To:     Kirill Tkhai <ktkhai@...tuozzo.com>
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC] fuse: Prevent background write requests increase
 inode size

On Tue, Nov 6, 2018 at 3:03 PM Kirill Tkhai <ktkhai@...tuozzo.com> wrote:
>
> Hi, Miklos,
>
> this is not a well-tested patch, this is a concept,
> showing the places, where it looks we have a problem.
>
> Commit 7879c4e58b7c made io->async careless about inode size,
> and this is wrong. Asyncronuos background requests may be sent
> to userspace after inode becomes unlocked, when background
> queue is throttled. In this case we execute a write request
> extending inode size without any protection, and this ruines
> everything. Fix that.
>
> Also, some write background requests do not increment fi->writectr,
> e.g.:
>         fuse_direct_IO()
>           fuse_direct_io()
>             fuse_send_write()
>               fuse_async_req_send()
>                 fuse_request_send_background()

inode_lock should prevent mischief for sync DIO.  For AIO DIO the
order of operations is not deterministic, so it's fine if truncate and
an extending AIO write race, as far as I understand.

Thanks,
Miklos

Powered by blists - more mailing lists