lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200710064603.GA1656368@google.com>
Date:   Thu, 9 Jul 2020 23:46:03 -0700
From:   Jaegeuk Kim <jaegeuk@...nel.org>
To:     Chao Yu <yuchao0@...wei.com>
Cc:     Daeho Jeong <daeho43@...il.com>,
        Daeho Jeong <daehojeong@...gle.com>, kernel-team@...roid.com,
        linux-kernel@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH] f2fs: change the way of handling range.len in
 F2FS_IOC_SEC_TRIM_FILE

On 07/10, Chao Yu wrote:
> On 2020/7/10 11:52, Jaegeuk Kim wrote:
> > On 07/10, Chao Yu wrote:
> >> On 2020/7/10 11:31, Jaegeuk Kim wrote:
> >>> On 07/10, Chao Yu wrote:
> >>>> On 2020/7/10 11:02, Jaegeuk Kim wrote:
> >>>>> On 07/10, Daeho Jeong wrote:
> >>>>>> From: Daeho Jeong <daehojeong@...gle.com>
> >>>>>>
> >>>>>> Changed the way of handling range.len of F2FS_IOC_SEC_TRIM_FILE.
> >>>>>>  1. Added -1 value support for range.len to signify the end of file.
> >>>>>>  2. If the end of the range passes over the end of file, it means until
> >>>>>>     the end of file.
> >>>>>>  3. ignored the case of that range.len is zero to prevent the function
> >>>>>>     from making end_addr zero and triggering different behaviour of
> >>>>>>     the function.
> >>>>>>
> >>>>>> Signed-off-by: Daeho Jeong <daehojeong@...gle.com>
> >>>>>> ---
> >>>>>>  fs/f2fs/file.c | 16 +++++++---------
> >>>>>>  1 file changed, 7 insertions(+), 9 deletions(-)
> >>>>>>
> >>>>>> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
> >>>>>> index 368c80f8e2a1..1c4601f99326 100644
> >>>>>> --- a/fs/f2fs/file.c
> >>>>>> +++ b/fs/f2fs/file.c
> >>>>>> @@ -3813,21 +3813,19 @@ static int f2fs_sec_trim_file(struct file *filp, unsigned long arg)
> >>>>>>  	file_start_write(filp);
> >>>>>>  	inode_lock(inode);
> >>>>>>  
> >>>>>> -	if (f2fs_is_atomic_file(inode) || f2fs_compressed_file(inode)) {
> >>>>>> +	if (f2fs_is_atomic_file(inode) || f2fs_compressed_file(inode) ||
> >>>>>> +			range.start >= inode->i_size) {
> >>>>>>  		ret = -EINVAL;
> >>>>>>  		goto err;
> >>>>>>  	}
> >>>>>>  
> >>>>>> -	if (range.start >= inode->i_size) {
> >>>>>> -		ret = -EINVAL;
> >>>>>> +	if (range.len == 0)
> >>>>>>  		goto err;
> >>>>>> -	}
> >>>>>>  
> >>>>>> -	if (inode->i_size - range.start < range.len) {
> >>>>>> -		ret = -E2BIG;
> >>>>>> -		goto err;
> >>>>>> -	}
> >>>>>> -	end_addr = range.start + range.len;
> >>>>>> +	if (range.len == (u64)-1 || inode->i_size - range.start < range.len)
> >>>>>> +		end_addr = inode->i_size;
> >>>>
> >>>> We can remove 'range.len == (u64)-1' condition since later condition can cover
> >>>> this?
> >>>>
> >>>>>
> >>>>> Hmm, what if there are blocks beyond i_size? Do we need to check i_blocks for
> >>>>
> >>>> The blocks beyond i_size will never be written, there won't be any valid message
> >>>> there, so we don't need to worry about that.
> >>>
> >>> I don't think we have a way to guarantee the order of i_size and block
> >>> allocation in f2fs. See f2fs_write_begin and f2fs_write_end.
> >>
> >> However, write_begin & write_end are covered by inode_lock, it could not be
> >> racy with inode size check in f2fs_sec_trim_file() as it hold inode_lock as
> >> well?
> > 
> > Like Daeho said, write_begin -> checkpoint -> power-cut can give bigger i_blocks
> > than i_size.
> 
> The path won't, cp only persists reserved block in dnode rather than written
> data block in segment, because data will be copied to page cache after write_begin.

Ah, you're talking about data validity, while I was doing block allocation in
this case. In either cases, I'd say secure_trim needs to trim whatever data
in valid block *address*.

> 
> I think truncation path could as Daeho said:
> 
> 1. truncate -> i_size update however blocks wasn't truncated yet -> checkpoint -> recovery
> 2. truncate failed -> i_size update however partial blocks was truncated -> fsync
> 
> > 
> >>
> >>>
> >>>>
> >>>> Thanks,
> >>>>
> >>>>> ending criteria?
> >>>>>
> >>>>>> +	else
> >>>>>> +		end_addr = range.start + range.len;
> >>>>>>  
> >>>>>>  	to_end = (end_addr == inode->i_size);
> >>>>>>  	if (!IS_ALIGNED(range.start, F2FS_BLKSIZE) ||
> >>>>>> -- 
> >>>>>> 2.27.0.383.g050319c2ae-goog
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Linux-f2fs-devel mailing list
> >>>>>> Linux-f2fs-devel@...ts.sourceforge.net
> >>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Linux-f2fs-devel mailing list
> >>>>> Linux-f2fs-devel@...ts.sourceforge.net
> >>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> >>>>> .
> >>>>>
> >>> .
> >>>
> > .
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ