From: Dave Chinner <david@fromorbit.com>
To: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Marco Stornelli <marco.stornelli@gmail.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH v3] Check for immutable/append flag in fallocate path
Date: Wed, 9 Mar 2011 12:30:41 +1100 [thread overview]
Message-ID: <20110309013041.GH1956@dastard> (raw)
In-Reply-To: <92E5B019-756F-4CBE-829C-724564D4D650@dilger.ca>
On Mon, Mar 07, 2011 at 10:38:37PM -0700, Andreas Dilger wrote:
> On 2011-03-07, at 10:11 PM, Dave Chinner wrote:
> > On Sat, Mar 05, 2011 at 10:37:45AM +0100, Marco Stornelli wrote:
> >> From: Marco Stornelli <marco.stornelli@gmail.com>
> >>
> >> In the fallocate path the kernel doesn't check for the immutable/append
> >> flag. It's possible to have a race condition in this scenario: an
> >> application open a file in read/write and it does something, meanwhile
> >> root set the immutable flag on the file, the application at that point
> >> can call fallocate with success. In addition, we don't allow to do any
> >> unreserve operation on an append only file but only the reserve one.
> >>
> >> Signed-off-by: Marco Stornelli <marco.stornelli@gmail.com>
> >> ---
> >> Patch is against 2.6.38-rc7
> >>
> >> ChangeLog:
> >> v3: Modified do_fallocate instead of every single fs
> >> v2: Added the check for append-only file for XFS
> >> v1: First draft
> >>
> >> --- open.c.orig 2011-03-01 22:55:12.000000000 +0100
> >> +++ open.c 2011-03-04 15:28:43.000000000 +0100
> >> @@ -233,6 +233,14 @@ int do_fallocate(struct file *file, int
> >>
> >> if (!(file->f_mode & FMODE_WRITE))
> >> return -EBADF;
> >> +
> >> + /* It's not possible punch hole on append only file */
> >> + if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode))
> >> + return -EPERM;
> >
> > Seeing as I didn't get an answer in before you reposted, I still
> > think punching an append-only file is a valid thing to want to do.
> >
> > I've seen this done in the past for application-level transaction
> > journal files. The journal file is append only so new transactions
> > can only be written at the end of the file i.e. you cannot overwrite
> > (and therefore corrupt) existing transactions. However, once a
> > transaction is complete and the changes flushed to disk, the
> > transaction is punched out of the file to zero the range so it
> > doesn't get replayed during recovery after a system crash.
>
> To my thinking "append only" means just that - only new data can
> be written at the end of the file, and existing data cannot be
> modified. Allowing hole punch on such a file (e.g. range 0 .. ~0)
> would allow erasing all of the data, entirely bypassing the
> append-only flag.
Not worth arguing over. XFS_IOC_UNRESVSP won't get changed, so the
applications already doing this can just keep using that interface...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
prev parent reply other threads:[~2011-03-09 1:30 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-21 8:26 [PATCH] Check for immutable flag in fallocate path Marco Stornelli
2011-02-21 8:26 ` Marco Stornelli
2011-02-21 12:46 ` [Cluster-devel] " Christoph Hellwig
2011-02-21 12:46 ` Christoph Hellwig
2011-02-21 12:46 ` Christoph Hellwig
2011-02-21 16:50 ` Marco Stornelli
2011-02-21 16:50 ` Marco Stornelli
2011-02-27 22:49 ` Ted Ts'o
2011-02-27 22:49 ` Ted Ts'o
2011-02-28 7:53 ` Marco Stornelli
2011-02-28 7:53 ` Marco Stornelli
2011-02-28 7:53 ` Marco Stornelli
2011-02-28 7:53 ` Marco Stornelli
2011-02-28 7:53 ` Marco Stornelli
2011-03-02 8:19 ` Marco Stornelli
2011-03-02 8:19 ` Marco Stornelli
2011-03-02 8:19 ` Marco Stornelli
2011-03-02 8:19 ` Marco Stornelli
2011-02-26 14:59 ` Marco Stornelli
2011-02-26 14:59 ` Marco Stornelli
2011-03-03 8:42 ` [PATCH v2] " Marco Stornelli
2011-03-03 8:42 ` Marco Stornelli
2011-03-03 21:39 ` Dave Chinner
2011-03-03 21:39 ` Dave Chinner
2011-03-04 8:17 ` Marco Stornelli
2011-03-04 8:17 ` Marco Stornelli
2011-03-04 12:18 ` Marco Stornelli
2011-03-04 12:18 ` Marco Stornelli
2011-03-14 10:24 ` [Cluster-devel] " Christoph Hellwig
2011-03-14 10:24 ` Christoph Hellwig
2011-03-14 10:24 ` Christoph Hellwig
2011-03-14 10:40 ` Marco Stornelli
2011-03-14 10:40 ` Marco Stornelli
2011-03-14 10:40 ` Marco Stornelli
2011-03-14 10:40 ` Marco Stornelli
2011-03-05 9:37 ` [PATCH v3] Check for immutable/append " Marco Stornelli
2011-03-05 10:00 ` Sedat Dilek
2011-03-05 10:10 ` [PATCH v3][RESEND] " Marco Stornelli
2011-03-09 19:42 ` Marco Stornelli
2011-03-09 21:27 ` Greg KH
2011-03-10 12:03 ` Marco Stornelli
2011-03-08 5:11 ` [PATCH v3] " Dave Chinner
2011-03-08 5:38 ` Andreas Dilger
2011-03-08 7:35 ` Marco Stornelli
2011-03-08 7:35 ` Marco Stornelli
2011-03-09 1:30 ` Dave Chinner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110309013041.GH1956@dastard \
--to=david@fromorbit.com \
--cc=adilger.kernel@dilger.ca \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marco.stornelli@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.