| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Jul 2021 14:52:19 -0700
From: Bart Van Assche <bvanassche@....org>
To: Bodo Stroesser <bostroesser@...il.com>,
Christoph Hellwig <hch@....de>
Cc: Joel Becker <jlbec@...lplan.org>, linux-kernel@...r.kernel.org,
"Martin K . Petersen" <martin.petersen@...cle.com>,
Yanko Kaneti <yaneti@...lera.com>,
Brendan Higgins <brendanhiggins@...gle.com>
Subject: Re: [PATCH 2/4] configfs: Fix writing at a non-zero offset
On 7/26/21 2:13 PM, Bodo Stroesser wrote:
> On 26.07.21 18:26, Bart Van Assche wrote:
>> On 7/26/21 7:58 AM, Bodo Stroesser wrote:
>>> On 23.07.21 23:23, Bart Van Assche wrote:
>>> Let's say user writes 5 times to configfs file while keeping it open.
>>> On every write() call it writes 1 character only, e.g. first "A",
>>> then "B", ...
>>>
>>> The original code before the changes 5 times called
>>> flush_write_buffer for the
>>> strings "A\0", "B\0", ... (with the '\0' not included in the count
>>> parameter,
>>> so count is 1 always, which is the length of the last write).
>>
>> Isn't that behavior a severe violation of how POSIX specifies that the
>> write() system call should be implemented?
>
> Hmm. I'm not sure which detail should violate POSIX spec? Is there any
> definition how data should be flushed from buffer internally? (I'm by
> far not a POSIX expert!)
>
> I would rather say the new behavior, to call flush_write_buffer during the
> first write() for the data of that write, and then on the second write to
> call flush_write_buffer for the concatenated data of the first and the
> second write, could be a violation of POSIX, because the one times written
> data of the first write is flushed twice.
>
> I don't like the idea of breaking the "one write, one flush" principle that
> was implemented before. The old comment:
> "There is no easy way for us to know if userspace is only doing a partial
> write, so we don't support them. We expect the entire buffer to come on the
> first write."
> as I interpret it, makes clear that configfs code has to work according to
> that principle. (Or even block all but the first write, but that would even
> more break compatibility to old implementation.)
Hi Bodo,
The private email that you sent me made it clear that you would like to
keep the behavior from kernel 5.13. That means passing "A\0", "B\0", ...
to the configfs store callback function if "AB..." is witten one byte at
a time. What is not clear to me is how a store callback with argument
"B\0" can know at which offset that write happened? From
<linux/configfs.h> (I have added argument names):
ssize_t (*store)(struct config_item *item, const char *page,
size_t count);
My understanding of the POSIX specification [1] is that writes should
happen at the proper offset. If user space software writes "A" at offset
0 and "B" at offset 1 then the string "AB" should be passed to the
configfs store callback.
Regarding the "action" attribute from your tcmu patch, how about
checking the last character of the string written into that attribute
instead of the first character? Would that be sufficient to write twice
into that attribute without having to call close() and open() between
the two write actions?
To me the following comment: "There is no easy way for us to know if
userspace is only doing a partial write, so we don't support them. We
expect the entire buffer to come on the first write." means that writing
"ABCD" by first writing "AB" and next "CD" will trigger two
item->store() calls. Triggering a single item->store() call for partial
writes is not supported.
Thanks,
Bart.
[1] https://pubs.opengroup.org/onlinepubs/9699919799/
Powered by blists - more mailing lists