| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241124234111.GD3387508@ZenIV> Date: Sun, 24 Nov 2024 23:41:11 +0000 From: Al Viro <viro@...iv.linux.org.uk> To: Mateusz Guzik <mjguzik@...il.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "Darrick J. Wong" <djwong@...nel.org>, Hao-ran Zheng <zhenghaoran@...a.edu.cn>, brauner@...nel.org, jack@...e.cz, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, baijiaju1990@...il.com, 21371365@...a.edu.cn Subject: Re: [RFC] metadata updates vs. fetches (was Re: [PATCH v4] fs: Fix data race in inode_set_ctime_to_ts) On Mon, Nov 25, 2024 at 12:19:44AM +0100, Mateusz Guzik wrote: > + * > + * DONTFIXME: no effort is put into ensuring a consistent snapshot of the > + * metadata read below. For example a call racing against parallel setattr() > + * can end up with a mixture of old and new attributes. This is not considered > + * enough to warrant fixing. > */ > void generic_fillattr(struct mnt_idmap *idmap, u32 request_mask, > struct inode *inode, struct kstat *stat) > > not an actual patch submission, any party is free to take the comment > and tweak in whatever capacity without credit. > > What I am after here is preventing more people from spotting the > problem and thinking it is new. getattr() is not the only reader for those - permission() is *much* hotter; for uid/gid issues, if somebody can think of any scenario where it's a real problem, permission() would be the main source of headache.
Powered by blists - more mailing lists