| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 May 2020 09:15:54 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Luis Henriques <lhenriques@...e.com>
Cc: Ilya Dryomov <idryomov@...il.com>, ceph-devel@...r.kernel.org,
linux-kernel@...r.kernel.org, Amir Goldstein <amir73il@...il.com>
Subject: Re: [PATCH] ceph: don't return -ESTALE if there's still an open file
On Thu, 2020-05-14 at 13:48 +0100, Luis Henriques wrote:
> On Thu, May 14, 2020 at 08:10:09AM -0400, Jeff Layton wrote:
> > On Thu, 2020-05-14 at 12:14 +0100, Luis Henriques wrote:
> > > Similarly to commit 03f219041fdb ("ceph: check i_nlink while converting
> > > a file handle to dentry"), this fixes another corner case with
> > > name_to_handle_at/open_by_handle_at. The issue has been detected by
> > > xfstest generic/467, when doing:
> > >
> > > - name_to_handle_at("/cephfs/myfile")
> > > - open("/cephfs/myfile")
> > > - unlink("/cephfs/myfile")
> > > - open_by_handle_at()
> > >
> > > The call to open_by_handle_at should not fail because the file still
> > > exists and we do have a valid handle to it.
> > >
> > > Signed-off-by: Luis Henriques <lhenriques@...e.com>
> > > ---
> > > fs/ceph/export.c | 13 +++++++++++--
> > > 1 file changed, 11 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/fs/ceph/export.c b/fs/ceph/export.c
> > > index 79dc06881e78..8556df9d94d0 100644
> > > --- a/fs/ceph/export.c
> > > +++ b/fs/ceph/export.c
> > > @@ -171,12 +171,21 @@ struct inode *ceph_lookup_inode(struct super_block *sb, u64 ino)
> > >
> > > static struct dentry *__fh_to_dentry(struct super_block *sb, u64 ino)
> > > {
> > > + struct ceph_inode_info *ci;
> > > struct inode *inode = __lookup_inode(sb, ino);
> > > +
> > > if (IS_ERR(inode))
> > > return ERR_CAST(inode);
> > > if (inode->i_nlink == 0) {
> > > - iput(inode);
> > > - return ERR_PTR(-ESTALE);
> > > + bool is_open;
> > > + ci = ceph_inode(inode);
> > > + spin_lock(&ci->i_ceph_lock);
> > > + is_open = __ceph_is_file_opened(ci);
> > > + spin_unlock(&ci->i_ceph_lock);
> > > + if (!is_open) {
> > > + iput(inode);
> > > + return ERR_PTR(-ESTALE);
> > > + }
> > > }
> > > return d_obtain_alias(inode);
> > > }
> >
> > Thanks Luis. Out of curiousity, is there any reason we shouldn't ignore
> > the i_nlink value here? Does anything obviously break if we do?
>
> Yes, the scenario described in commit 03f219041fdb is still valid, which
> is basically the same but without the extra open(2):
>
> - name_to_handle_at("/cephfs/myfile")
> - unlink("/cephfs/myfile")
> - open_by_handle_at()
>
Ok, I guess we end up doing some delayed cleanup, and that allows the
inode to be found in that situation.
> The open_by_handle_at man page isn't really clear about these 2 scenarios,
> but generic/426 will fail if -ESTALE isn't returned. Want me to add a
> comment to the code, describing these 2 scenarios?
>
(cc'ing Amir since he added this test)
I don't think there is any hard requirement that open_by_handle_at
should fail in that situation. It generally does for most filesystems
due to the way they handle cleaning up unlinked inodes, but I don't
think it's technically illegal to allow the inode to still be found. If
the caller cares about whether it has been unlinked it can always test
i_nlink itself.
Amir, is this required for some reason that I'm not aware of?
Thanks,
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists