| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Dec 2021 07:33:52 +0200
From: Amir Goldstein <amir73il@...il.com>
To: Chengguang Xu <cgxu519@...ernel.net>
Cc: Jan Kara <jack@...e.cz>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
overlayfs <linux-unionfs@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
ronyjin <ronyjin@...cent.com>,
charliecgxu <charliecgxu@...cent.com>,
Vivek Goyal <vgoyal@...hat.com>,
Miklos Szeredi <miklos@...redi.hu>
Subject: Re: [RFC PATCH v5 06/10] ovl: implement overlayfs' ->write_inode operation
On Sun, Dec 5, 2021 at 4:07 PM Chengguang Xu <cgxu519@...ernel.net> wrote:
>
> ---- 在 星期四, 2021-12-02 06:47:25 Amir Goldstein <amir73il@...il.com> 撰写 ----
> > On Wed, Dec 1, 2021 at 6:24 PM Chengguang Xu <cgxu519@...ernel.net> wrote:
> > >
> > > ---- 在 星期三, 2021-12-01 21:46:10 Jan Kara <jack@...e.cz> 撰写 ----
> > > > On Wed 01-12-21 09:19:17, Amir Goldstein wrote:
> > > > > On Wed, Dec 1, 2021 at 8:31 AM Chengguang Xu <cgxu519@...ernel.net> wrote:
> > > > > > So the final solution to handle all the concerns looks like accurately
> > > > > > mark overlay inode diry on modification and re-mark dirty only for
> > > > > > mmaped file in ->write_inode().
> > > > > >
> > > > > > Hi Miklos, Jan
> > > > > >
> > > > > > Will you agree with new proposal above?
> > > > > >
> > > > >
> > > > > Maybe you can still pull off a simpler version by remarking dirty only
> > > > > writably mmapped upper AND inode_is_open_for_write(upper)?
> > > >
> > > > Well, if inode is writeably mapped, it must be also open for write, doesn't
> > > > it? The VMA of the mapping will hold file open. So remarking overlay inode
> > > > dirty during writeback while inode_is_open_for_write(upper) looks like
> > > > reasonably easy and presumably there won't be that many inodes open for
> > > > writing for this to become big overhead?
> >
> > I think it should be ok and a good tradeoff of complexity vs. performance.
>
> IMO, mark dirtiness on write is relatively simple, so I think we can mark the
> overlayfs inode dirty during real write behavior and only remark writable mmap
> unconditionally in ->write_inode().
>
If by "on write" you mean on write/copy_file_range/splice_write/...
then yes I agree
since we have to cover all other mnt_want_write() cases anyway.
>
> >
> > > >
> > > > > If I am not mistaken, if you always mark overlay inode dirty on ovl_flush()
> > > > > of FMODE_WRITE file, there is nothing that can make upper inode dirty
> > > > > after last close (if upper is not mmaped), so one more inode sync should
> > > > > be enough. No?
> > > >
> > > > But we still need to catch other dirtying events like timestamp updates,
> > > > truncate(2) etc. to mark overlay inode dirty. Not sure how reliably that
> > > > can be done...
> > > >
> >
> > Oh yeh, we have those as well :)
> > All those cases should be covered by ovl_copyattr() that updates the
> > ovl inode ctime/mtime, so always dirty in ovl_copyattr() should be good.
>
> Currently ovl_copyattr() does not cover all the cases, so I think we still need to carefully
> check all the places of calling mnt_want_write().
>
Careful audit is always good, but if we do not have ovl_copyattr() in
a call site
that should mark inode dirty, then it sounds like a bug, because ovl inode ctime
will not get updated. Do you know of any such cases?
Thanks,
Amir.
Powered by blists - more mailing lists