| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Dec 2020 12:16:18 -0500
From: Vivek Goyal <vgoyal@...hat.com>
To: Jeff Layton <jlayton@...nel.org>
Cc: Linux fsdevel mailing list <linux-fsdevel@...r.kernel.org>,
linux-unionfs@...r.kernel.org, linux-kernel@...r.kernel.org,
viro@...iv.linux.org.uk, miklos@...redi.hu, amir73il@...il.com,
willy@...radead.org, jack@...e.cz, sargun@...gun.me
Subject: Re: [PATCH] vfs, syncfs: Do not ignore return code from ->sync_fs()
On Wed, Dec 16, 2020 at 10:53:16AM -0500, Jeff Layton wrote:
> On Wed, 2020-12-16 at 10:44 -0500, Jeff Layton wrote:
> > On Wed, 2020-12-16 at 10:14 -0500, Vivek Goyal wrote:
> > > On Wed, Dec 16, 2020 at 09:57:49AM -0500, Jeff Layton wrote:
> > > > On Wed, 2020-12-16 at 09:38 -0500, Vivek Goyal wrote:
> > > > > I see that current implementation of __sync_filesystem() ignores the
> > > > > return code from ->sync_fs(). I am not sure why that's the case.
> > > > >
> > > > > Ignoring ->sync_fs() return code is problematic for overlayfs where
> > > > > it can return error if sync_filesystem() on upper super block failed.
> > > > > That error will simply be lost and sycnfs(overlay_fd), will get
> > > > > success (despite the fact it failed).
> > > > >
> > > > > I am assuming that we want to continue to call __sync_blockdev()
> > > > > despite the fact that there have been errors reported from
> > > > > ->sync_fs(). So I wrote this simple patch which captures the
> > > > > error from ->sync_fs() but continues to call __sync_blockdev()
> > > > > and returns error from sync_fs() if there is one.
> > > > >
> > > > > There might be some very good reasons to not capture ->sync_fs()
> > > > > return code, I don't know. Hence thought of proposing this patch.
> > > > > Atleast I will get to know the reason. I still need to figure
> > > > > a way out how to propagate overlay sync_fs() errors to user
> > > > > space.
> > > > >
> > > > > Signed-off-by: Vivek Goyal <vgoyal@...hat.com>
> > > > > ---
> > > > > fs/sync.c | 8 ++++++--
> > > > > 1 file changed, 6 insertions(+), 2 deletions(-)
> > > > >
> > > > > Index: redhat-linux/fs/sync.c
> > > > > ===================================================================
> > > > > --- redhat-linux.orig/fs/sync.c 2020-12-16 09:15:49.831565653 -0500
> > > > > +++ redhat-linux/fs/sync.c 2020-12-16 09:23:42.499853207 -0500
> > > > > @@ -30,14 +30,18 @@
> > > > > */
> > > > > static int __sync_filesystem(struct super_block *sb, int wait)
> > > > > {
> > > > > + int ret, ret2;
> > > > > +
> > > > > if (wait)
> > > > > sync_inodes_sb(sb);
> > > > > else
> > > > > writeback_inodes_sb(sb, WB_REASON_SYNC);
> > > > >
> > > > >
> > > > > if (sb->s_op->sync_fs)
> > > > > - sb->s_op->sync_fs(sb, wait);
> > > > > - return __sync_blockdev(sb->s_bdev, wait);
> > > > > + ret = sb->s_op->sync_fs(sb, wait);
> > > > > + ret2 = __sync_blockdev(sb->s_bdev, wait);
> > > > > +
> > > > > + return ret ? ret : ret2;
> > > > > }
> > > > >
> > > > >
> > > > > /*
> > > > >
> > > >
> > > > I posted a patchset that took a similar approach a couple of years ago,
> > > > and we decided not to go with it [1].
> > > >
> > > > While it's not ideal to ignore the error here, I think this is likely to
> > > > break stuff.
> > >
> > > So one side affect I see is that syncfs() might start returning errors
> > > in some cases which were not reported at all. I am wondering will that
> > > count as breakage.
> > >
> > > > What may be better is to just make sync_fs void return, so
> > > > people don't think that returned errors there mean anything.
> > >
> > > May be.
> > >
> > > But then question remains that how do we return error to user space
> > > in syncfs(fd) for overlayfs. I will not be surprised if other
> > > filesystems want to return errors as well.
> > >
> > > Shall I create new helpers and call these in case of syncfs(). But
> > > that too will start returning new errors on syncfs(). So it does
> > > not solve that problem (if it is a problem).
> > >
> > > Or we can define a new super block op say ->sync_fs2() and call that
> > > first and in that case capture return code. That way it will not
> > > impact existing cases and overlayfs can possibly make use of
> > > ->sync_fs2() and return error. IOW, impact will be limited to
> > > only file systems which chose to implement ->sync_fs2().
> > >
> > > Thanks
> > > Vivek
> > >
> >
> > Sure, it's possible to add a sb->sync_fs2, but the problem is that
> > sync_fs is a superblock op, and is missing a lot of important context
> > about how it got called.
> >
> > syncfs(2) syscall takes a file descriptor argument. I'd add a new f_op-
> > > syncfs vector and turn most of the current guts of the syncfs syscall
> > into a generic_syncfs() that gets called when f_op->syncfs isn't
> > defined.
> >
> > Overlayfs could then add a ->syncfs op that would give it control over
> > what error gets returned. With that, you could basically leave the old
> > sb->sync_fs routine alone.
> >
> > I think that's probably the safest approach for allowing overlayfs to
> > propagate syncfs errors from the upper layer to the overlay.
> >
>
> To be clear, I mean something like this (draft, untested) patch. You'd
> also need to add a new ->syncfs op for overlayfs, and that could just do
> a check_and_advance against the upper layer sb's errseq_t after calling
> sync_filesystem.
Hi Jeff,
This sounds interesting. Should work for overlayfs. Will make overlayfs
changes.
So basically a new file operations ->syncfs() which says sync filesystem
containing this file. Error code will be captured and returned to
user space. Also filesystem is responsible to check for writeback
errors.
Thanks
Vivek
>
> -----------------------8<-------------------------
>
> [PATCH] vfs: add new f_op->syncfs vector
>
> Signed-off-by: Jeff Layton <jlayton@...nel.org>
> ---
> fs/sync.c | 30 +++++++++++++++++++++---------
> include/linux/fs.h | 1 +
> 2 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/fs/sync.c b/fs/sync.c
> index 1373a610dc78..fc7f73762b9e 100644
> --- a/fs/sync.c
> +++ b/fs/sync.c
> @@ -155,27 +155,39 @@ void emergency_sync(void)
> }
> }
>
> +static int generic_syncfs(struct file *file)
> +{
> + int ret, ret2;
> + struct super_block *sb = file->f_path.dentry->d_sb;
> +
> + down_read(&sb->s_umount);
> + ret = sync_filesystem(sb);
> + up_read(&sb->s_umount);
> +
> + ret2 = errseq_check_and_advance(&sb->s_wb_err, &f.file->f_sb_err);
> +
> + fdput(f);
> + return ret ? ret : ret2;
> +}
> +
> /*
> * sync a single super
> */
> SYSCALL_DEFINE1(syncfs, int, fd)
> {
> struct fd f = fdget(fd);
> - struct super_block *sb;
> - int ret, ret2;
> + int ret;
>
> if (!f.file)
> return -EBADF;
> - sb = f.file->f_path.dentry->d_sb;
>
> - down_read(&sb->s_umount);
> - ret = sync_filesystem(sb);
> - up_read(&sb->s_umount);
> -
> - ret2 = errseq_check_and_advance(&sb->s_wb_err, &f.file->f_sb_err);
> + if (f.file->f_op->syncfs)
> + ret = f.file->f_op->syncfs(f.file);
> + else
> + ret = generic_syncfs(f.file);
>
> fdput(f);
> - return ret ? ret : ret2;
> + return ret;
> }
>
> /**
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 8667d0cdc71e..6710469b7e33 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1859,6 +1859,7 @@ struct file_operations {
> struct file *file_out, loff_t pos_out,
> loff_t len, unsigned int remap_flags);
> int (*fadvise)(struct file *, loff_t, loff_t, int);
> + int (*syncfs)(struct file *);
> } __randomize_layout;
>
> struct inode_operations {
> --
> 2.29.2
>
>
>
Powered by blists - more mailing lists