From: Eric Biggers <ebiggers@kernel.org>
To: Gabriel Krisman Bertazi <krisman@suse.de>
Cc: linux-ext4@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH 1/3] ext4: reject casefold inode flag without casefold feature
Date: Mon, 14 Aug 2023 12:24:06 -0700 [thread overview]
Message-ID: <20230814192406.GD1171@sol.localdomain> (raw)
In-Reply-To: <87jztx5tle.fsf@suse.de>
On Mon, Aug 14, 2023 at 03:09:33PM -0400, Gabriel Krisman Bertazi wrote:
> Eric Biggers <ebiggers@kernel.org> writes:
>
> > From: Eric Biggers <ebiggers@google.com>
> >
> > It is invalid for the casefold inode flag to be set without the casefold
> > superblock feature flag also being set. e2fsck already considers this
> > case to be invalid and handles it by offering to clear the casefold flag
> > on the inode. __ext4_iget() also already considered this to be invalid,
> > sort of, but it only got so far as logging an error message; it didn't
> > actually reject the inode. Make it reject the inode so that other code
> > doesn't have to handle this case. This matches what f2fs does.
> >
> > Note: we could check 's_encoding != NULL' instead of
> > ext4_has_feature_casefold(). This would make the check robust against
> > the casefold feature being enabled by userspace writing to the page
> > cache of the mounted block device. However, it's unsolvable in general
> > for filesystems to be robust against concurrent writes to the page cache
> > of the mounted block device. Though this very particular scenario
> > involving the casefold feature is solvable, we should not pretend that
> > we can support this model, so let's just check the casefold feature.
> > tune2fs already forbids enabling casefold on a mounted filesystem.
>
> just because we can't fix the general issue for the entire filesystem
> doesn't mean this case *must not* ever be addressed. What is the
> advantage of making the code less robust against the syzbot code? Just
> check sb->s_encoding and be safe later knowing the unicode map is
> available.
>
Just to make sure, it sounds like you agree that the late checks of ->s_encoding
are not needed and only __ext4_iget() should handle it, right? That simplifies
the code so it is obviously beneficial if we can do it.
As for whether __ext4_iget() should check the casefold feature or ->s_encoding,
we should simply go with the one that makes the code clearer, as per what I've
said. I think it's casefold, but it could be ->s_encoding if others prefer.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Gabriel Krisman Bertazi <krisman@suse.de>
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
Theodore Ts'o <tytso@mit.edu>,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH 1/3] ext4: reject casefold inode flag without casefold feature
Date: Mon, 14 Aug 2023 12:24:06 -0700 [thread overview]
Message-ID: <20230814192406.GD1171@sol.localdomain> (raw)
In-Reply-To: <87jztx5tle.fsf@suse.de>
On Mon, Aug 14, 2023 at 03:09:33PM -0400, Gabriel Krisman Bertazi wrote:
> Eric Biggers <ebiggers@kernel.org> writes:
>
> > From: Eric Biggers <ebiggers@google.com>
> >
> > It is invalid for the casefold inode flag to be set without the casefold
> > superblock feature flag also being set. e2fsck already considers this
> > case to be invalid and handles it by offering to clear the casefold flag
> > on the inode. __ext4_iget() also already considered this to be invalid,
> > sort of, but it only got so far as logging an error message; it didn't
> > actually reject the inode. Make it reject the inode so that other code
> > doesn't have to handle this case. This matches what f2fs does.
> >
> > Note: we could check 's_encoding != NULL' instead of
> > ext4_has_feature_casefold(). This would make the check robust against
> > the casefold feature being enabled by userspace writing to the page
> > cache of the mounted block device. However, it's unsolvable in general
> > for filesystems to be robust against concurrent writes to the page cache
> > of the mounted block device. Though this very particular scenario
> > involving the casefold feature is solvable, we should not pretend that
> > we can support this model, so let's just check the casefold feature.
> > tune2fs already forbids enabling casefold on a mounted filesystem.
>
> just because we can't fix the general issue for the entire filesystem
> doesn't mean this case *must not* ever be addressed. What is the
> advantage of making the code less robust against the syzbot code? Just
> check sb->s_encoding and be safe later knowing the unicode map is
> available.
>
Just to make sure, it sounds like you agree that the late checks of ->s_encoding
are not needed and only __ext4_iget() should handle it, right? That simplifies
the code so it is obviously beneficial if we can do it.
As for whether __ext4_iget() should check the casefold feature or ->s_encoding,
we should simply go with the one that makes the code clearer, as per what I've
said. I think it's casefold, but it could be ->s_encoding if others prefer.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2023-08-14 19:24 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-14 18:29 [PATCH 0/3] Simplify rejection of unexpected casefold inode flag Eric Biggers
2023-08-14 18:29 ` [f2fs-dev] " Eric Biggers
2023-08-14 18:29 ` [PATCH 1/3] ext4: reject casefold inode flag without casefold feature Eric Biggers
2023-08-14 18:29 ` [f2fs-dev] " Eric Biggers
2023-08-14 19:09 ` Gabriel Krisman Bertazi
2023-08-14 19:09 ` [f2fs-dev] " Gabriel Krisman Bertazi
2023-08-14 19:24 ` Eric Biggers [this message]
2023-08-14 19:24 ` Eric Biggers
2023-08-14 19:52 ` Gabriel Krisman Bertazi
2023-08-14 19:52 ` [f2fs-dev] " Gabriel Krisman Bertazi
2023-08-14 18:29 ` [PATCH 2/3] ext4: remove redundant checks of s_encoding Eric Biggers
2023-08-14 18:29 ` [f2fs-dev] " Eric Biggers
2023-08-14 18:29 ` [PATCH 3/3] libfs: " Eric Biggers
2023-08-14 18:29 ` [f2fs-dev] " Eric Biggers
2023-08-24 4:53 ` [PATCH 0/3] Simplify rejection of unexpected casefold inode flag Theodore Ts'o
2023-08-24 4:53 ` [f2fs-dev] " Theodore Ts'o
2023-09-04 18:11 ` patchwork-bot+f2fs
2023-09-04 18:11 ` patchwork-bot+f2fs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230814192406.GD1171@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=krisman@suse.de \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.