lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ebe95970-b764-cb8d-18a4-38555ad99667@huawei.com>
Date:   Fri, 10 Jul 2020 15:29:58 +0800
From:   Chao Yu <yuchao0@...wei.com>
To:     Jaegeuk Kim <jaegeuk@...nel.org>
CC:     Daeho Jeong <daeho43@...il.com>,
        Daeho Jeong <daehojeong@...gle.com>, <kernel-team@...roid.com>,
        <linux-kernel@...r.kernel.org>,
        <linux-f2fs-devel@...ts.sourceforge.net>
Subject: Re: [f2fs-dev] [PATCH] f2fs: change the way of handling range.len in
 F2FS_IOC_SEC_TRIM_FILE

On 2020/7/10 14:46, Jaegeuk Kim wrote:
> On 07/10, Chao Yu wrote:
>> On 2020/7/10 11:52, Jaegeuk Kim wrote:
>>> On 07/10, Chao Yu wrote:
>>>> On 2020/7/10 11:31, Jaegeuk Kim wrote:
>>>>> On 07/10, Chao Yu wrote:
>>>>>> On 2020/7/10 11:02, Jaegeuk Kim wrote:
>>>>>>> On 07/10, Daeho Jeong wrote:
>>>>>>>> From: Daeho Jeong <daehojeong@...gle.com>
>>>>>>>>
>>>>>>>> Changed the way of handling range.len of F2FS_IOC_SEC_TRIM_FILE.
>>>>>>>>  1. Added -1 value support for range.len to signify the end of file.
>>>>>>>>  2. If the end of the range passes over the end of file, it means until
>>>>>>>>     the end of file.
>>>>>>>>  3. ignored the case of that range.len is zero to prevent the function
>>>>>>>>     from making end_addr zero and triggering different behaviour of
>>>>>>>>     the function.
>>>>>>>>
>>>>>>>> Signed-off-by: Daeho Jeong <daehojeong@...gle.com>
>>>>>>>> ---
>>>>>>>>  fs/f2fs/file.c | 16 +++++++---------
>>>>>>>>  1 file changed, 7 insertions(+), 9 deletions(-)
>>>>>>>>
>>>>>>>> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
>>>>>>>> index 368c80f8e2a1..1c4601f99326 100644
>>>>>>>> --- a/fs/f2fs/file.c
>>>>>>>> +++ b/fs/f2fs/file.c
>>>>>>>> @@ -3813,21 +3813,19 @@ static int f2fs_sec_trim_file(struct file *filp, unsigned long arg)
>>>>>>>>  	file_start_write(filp);
>>>>>>>>  	inode_lock(inode);
>>>>>>>>  
>>>>>>>> -	if (f2fs_is_atomic_file(inode) || f2fs_compressed_file(inode)) {
>>>>>>>> +	if (f2fs_is_atomic_file(inode) || f2fs_compressed_file(inode) ||
>>>>>>>> +			range.start >= inode->i_size) {
>>>>>>>>  		ret = -EINVAL;
>>>>>>>>  		goto err;
>>>>>>>>  	}
>>>>>>>>  
>>>>>>>> -	if (range.start >= inode->i_size) {
>>>>>>>> -		ret = -EINVAL;
>>>>>>>> +	if (range.len == 0)
>>>>>>>>  		goto err;
>>>>>>>> -	}
>>>>>>>>  
>>>>>>>> -	if (inode->i_size - range.start < range.len) {
>>>>>>>> -		ret = -E2BIG;
>>>>>>>> -		goto err;
>>>>>>>> -	}
>>>>>>>> -	end_addr = range.start + range.len;
>>>>>>>> +	if (range.len == (u64)-1 || inode->i_size - range.start < range.len)
>>>>>>>> +		end_addr = inode->i_size;
>>>>>>
>>>>>> We can remove 'range.len == (u64)-1' condition since later condition can cover
>>>>>> this?
>>>>>>
>>>>>>>
>>>>>>> Hmm, what if there are blocks beyond i_size? Do we need to check i_blocks for
>>>>>>
>>>>>> The blocks beyond i_size will never be written, there won't be any valid message
>>>>>> there, so we don't need to worry about that.
>>>>>
>>>>> I don't think we have a way to guarantee the order of i_size and block
>>>>> allocation in f2fs. See f2fs_write_begin and f2fs_write_end.
>>>>
>>>> However, write_begin & write_end are covered by inode_lock, it could not be
>>>> racy with inode size check in f2fs_sec_trim_file() as it hold inode_lock as
>>>> well?
>>>
>>> Like Daeho said, write_begin -> checkpoint -> power-cut can give bigger i_blocks
>>> than i_size.
>>
>> The path won't, cp only persists reserved block in dnode rather than written
>> data block in segment, because data will be copied to page cache after write_begin.
> 
> Ah, you're talking about data validity, while I was doing block allocation in
> this case. In either cases, I'd say secure_trim needs to trim whatever data
> in valid block *address*.

Yeah, I agreed, sec_trim should trim all data no matter locating inside or
beyond isize.

> 
>>
>> I think truncation path could as Daeho said:
>>
>> 1. truncate -> i_size update however blocks wasn't truncated yet -> checkpoint -> recovery
>> 2. truncate failed -> i_size update however partial blocks was truncated -> fsync
>>
>>>
>>>>
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>> ending criteria?
>>>>>>>
>>>>>>>> +	else
>>>>>>>> +		end_addr = range.start + range.len;
>>>>>>>>  
>>>>>>>>  	to_end = (end_addr == inode->i_size);
>>>>>>>>  	if (!IS_ALIGNED(range.start, F2FS_BLKSIZE) ||
>>>>>>>> -- 
>>>>>>>> 2.27.0.383.g050319c2ae-goog
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Linux-f2fs-devel mailing list
>>>>>>>> Linux-f2fs-devel@...ts.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Linux-f2fs-devel mailing list
>>>>>>> Linux-f2fs-devel@...ts.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>>>>> .
>>>>>>>
>>>>> .
>>>>>
>>> .
>>>
> .
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ