From: Shaya Potter <spotter@cs.columbia.edu>
To: ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [RFC] The reflink(2) system call v4.
Date: Fri, 15 May 2009 13:01:10 -0400 [thread overview]
Message-ID: <4A0D9FD6.7070307@cs.columbia.edu> (raw)
In-Reply-To: <20090515164209.GD31454@mail.oracle.com>
Joel Becker wrote:
> On Fri, May 15, 2009 at 11:55:25AM -0400, Stephen Smalley wrote:
>>> I wasn't being specific to injected code. Assume we have a
>>> deliberate flag to reflinkat(2). Then we provide reflink(3) in
>>> userspace that does the fallback, keeping it out of the kernel. Doesn't
>>> that have the exact same problem?
>> You wouldn't always do the fallback in reflink(3), but instead provide a
>> helper interface that would perform the fallback for applications that
>> want that behavior.
>
> But isn't that reflink(3)? And the application that wants to
> know uses reflinkat(2)?
>> Consider a program that wants to always preserve attributes on the
>> reflinks it creates. If the interface allows the program to explicitly
>> request that behavior and returns an error when the request cannot be
>> honored, then the program knows that upon a successful return, the
>> attributes were in fact preserved. If the interface instead silently
>> selects a behavior based on the current privileges of the process and
>> gives no indication to the caller as to what behavior was selected, then
>> the opportunity for error is great.
>
> I get that. I'm looking at what the programming interface is.
> What's the standard function for "I want the fallback behavior" called?
> What's the standard function for "I want preserve security" called?
> "int reflink(oldpath, newpath)" has to pick one of the behaviors. Which
> is it?
whenever there's hidden fallback behavior that changes the security
semantics you will cause programming error.
the only correct way for an application to code that want the fallback
functionality
if (initial_behavior()) {
if (fallback_behavior()) {
some sort of error
}
}
as that way the application knows what occured. if that logic is
wrapped in a single function (like , you would have to dosomething like
if (ret == initial_and_fallbakc()) {
if (ret == 0) {
fallback = 0;
} else if (ret == 1) {
fallback == 1;
} else {
some sort of error
}
}
which is much more prone to error.
at the end of the day, a single function that has hidden fallback
behavior does not really save lines of code in a well written
application. it does however make it easier to write a poorly written
application that can cause security problems.
next prev parent reply other threads:[~2009-05-15 17:01 UTC|newest]
Thread overview: 304+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-03 6:15 [Ocfs2-devel] [RFC] The reflink(2) system call Joel Becker
2009-05-03 6:15 ` Joel Becker
2009-05-03 6:15 ` [Ocfs2-devel] [PATCH 1/3] fs: Document the " Joel Becker
2009-05-03 6:15 ` Joel Becker
2009-05-03 8:01 ` [Ocfs2-devel] " Christoph Hellwig
2009-05-03 8:01 ` Christoph Hellwig
2009-05-04 2:46 ` [Ocfs2-devel] " Joel Becker
2009-05-04 2:46 ` Joel Becker
2009-05-04 6:36 ` [Ocfs2-devel] " Michael Kerrisk
2009-05-04 6:36 ` Michael Kerrisk
2009-05-04 7:12 ` [Ocfs2-devel] " Joel Becker
2009-05-04 7:12 ` Joel Becker
2009-05-03 13:08 ` [Ocfs2-devel] " Boaz Harrosh
2009-05-03 13:08 ` Boaz Harrosh
2009-05-03 23:08 ` [Ocfs2-devel] " Al Viro
2009-05-03 23:08 ` Al Viro
2009-05-04 2:49 ` [Ocfs2-devel] " Joel Becker
2009-05-04 2:49 ` Joel Becker
2009-05-03 23:45 ` [Ocfs2-devel] " Theodore Tso
2009-05-03 23:45 ` Theodore Tso
2009-05-04 1:44 ` [Ocfs2-devel] " Tao Ma
2009-05-04 1:44 ` Tao Ma
2009-05-04 18:25 ` [Ocfs2-devel] " Joel Becker
2009-05-04 18:25 ` Joel Becker
2009-05-04 21:18 ` [Ocfs2-devel] " Joel Becker
2009-05-04 21:18 ` Joel Becker
2009-05-04 22:23 ` Theodore Tso
2009-05-04 22:23 ` Theodore Tso
2009-05-05 6:55 ` Joel Becker
2009-05-05 6:55 ` Joel Becker
2009-05-05 1:07 ` Jamie Lokier
2009-05-05 1:07 ` Jamie Lokier
2009-05-05 7:16 ` [Ocfs2-devel] " Joel Becker
2009-05-05 7:16 ` Joel Becker
2009-05-05 8:09 ` [Ocfs2-devel] " Andreas Dilger
2009-05-05 8:09 ` Andreas Dilger
2009-05-05 16:56 ` [Ocfs2-devel] " Joel Becker
2009-05-05 16:56 ` Joel Becker
2009-05-05 21:24 ` [Ocfs2-devel] " Andreas Dilger
2009-05-05 21:24 ` Andreas Dilger
2009-05-05 21:32 ` [Ocfs2-devel] " Joel Becker
2009-05-05 21:32 ` Joel Becker
2009-05-06 7:15 ` [Ocfs2-devel] " Theodore Tso
2009-05-06 7:15 ` Theodore Tso
2009-05-06 14:24 ` jim owens
2009-05-06 14:24 ` jim owens
2009-05-06 14:30 ` jim owens
2009-05-06 14:30 ` jim owens
2009-05-06 17:50 ` jim owens
2009-05-06 17:50 ` jim owens
2009-05-12 19:20 ` Jamie Lokier
2009-05-12 19:20 ` Jamie Lokier
2009-05-12 19:30 ` Jamie Lokier
2009-05-12 19:30 ` Jamie Lokier
2009-05-12 19:11 ` Jamie Lokier
2009-05-12 19:11 ` Jamie Lokier
2009-05-12 19:37 ` jim owens
2009-05-12 19:37 ` jim owens
2009-05-12 20:11 ` Jamie Lokier
2009-05-12 20:11 ` Jamie Lokier
2009-05-05 13:01 ` Theodore Tso
2009-05-05 13:01 ` Theodore Tso
2009-05-05 13:19 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 13:19 ` Jamie Lokier
2009-05-05 13:39 ` [Ocfs2-devel] " Chris Mason
2009-05-05 13:39 ` Chris Mason
2009-05-05 15:36 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 15:36 ` Jamie Lokier
2009-05-05 15:41 ` [Ocfs2-devel] " Chris Mason
2009-05-05 15:41 ` Chris Mason
2009-05-05 16:03 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 16:03 ` Jamie Lokier
2009-05-05 16:18 ` [Ocfs2-devel] " Chris Mason
2009-05-05 16:18 ` Chris Mason
2009-05-05 20:48 ` [Ocfs2-devel] " jim owens
2009-05-05 20:48 ` jim owens
2009-05-05 21:57 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 21:57 ` Jamie Lokier
2009-05-05 22:04 ` [Ocfs2-devel] " Joel Becker
2009-05-05 22:04 ` Joel Becker
2009-05-05 22:11 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 22:11 ` Jamie Lokier
2009-05-05 22:24 ` [Ocfs2-devel] " Joel Becker
2009-05-05 22:24 ` Joel Becker
2009-05-05 23:14 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 23:14 ` Jamie Lokier
2009-05-05 22:12 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 22:12 ` Jamie Lokier
2009-05-05 22:21 ` [Ocfs2-devel] " Joel Becker
2009-05-05 22:21 ` Joel Becker
2009-05-05 22:32 ` [Ocfs2-devel] " James Morris
2009-05-05 22:32 ` James Morris
2009-05-05 22:39 ` [Ocfs2-devel] " Joel Becker
2009-05-05 22:39 ` Joel Becker
2009-05-12 19:40 ` [Ocfs2-devel] " Jamie Lokier
2009-05-12 19:40 ` Jamie Lokier
2009-05-05 22:28 ` [Ocfs2-devel] " jim owens
2009-05-05 22:28 ` jim owens
2009-05-05 23:12 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 23:12 ` Jamie Lokier
2009-05-05 16:46 ` [Ocfs2-devel] " Jörn Engel
2009-05-05 16:46 ` Jörn Engel
2009-05-05 16:54 ` [Ocfs2-devel] " Jörn Engel
2009-05-05 16:54 ` Jörn Engel
2009-05-05 22:03 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 22:03 ` Jamie Lokier
2009-05-05 21:44 ` [Ocfs2-devel] copyfile semantics Andreas Dilger
2009-05-05 21:44 ` Andreas Dilger
2009-05-05 21:48 ` [Ocfs2-devel] " Matthew Wilcox
2009-05-05 21:48 ` Matthew Wilcox
2009-05-05 22:25 ` [Ocfs2-devel] " Trond Myklebust
2009-05-05 22:25 ` Trond Myklebust
2009-05-05 22:06 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 22:06 ` Jamie Lokier
2009-05-06 5:57 ` [Ocfs2-devel] " Jörn Engel
2009-05-06 5:57 ` Jörn Engel
2009-05-05 14:21 ` [Ocfs2-devel] [PATCH 1/3] fs: Document the reflink(2) system call Theodore Tso
2009-05-05 14:21 ` Theodore Tso
2009-05-05 15:32 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 15:32 ` Jamie Lokier
2009-05-05 22:49 ` [Ocfs2-devel] " James Morris
2009-05-05 22:49 ` James Morris
2009-05-05 17:05 ` [Ocfs2-devel] " Joel Becker
2009-05-05 17:05 ` Joel Becker
2009-05-05 17:00 ` [Ocfs2-devel] " Joel Becker
2009-05-05 17:00 ` Joel Becker
2009-05-05 17:29 ` [Ocfs2-devel] " Theodore Tso
2009-05-05 17:29 ` Theodore Tso
2009-05-05 22:36 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 22:36 ` Jamie Lokier
2009-05-05 22:30 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 22:30 ` Jamie Lokier
2009-05-05 22:37 ` [Ocfs2-devel] " Joel Becker
2009-05-05 22:37 ` Joel Becker
2009-05-05 23:08 ` [Ocfs2-devel] " jim owens
2009-05-05 23:08 ` jim owens
2009-05-05 13:01 ` [Ocfs2-devel] " Jamie Lokier
2009-05-05 13:01 ` Jamie Lokier
2009-05-05 17:09 ` [Ocfs2-devel] " Joel Becker
2009-05-05 17:09 ` Joel Becker
2009-05-03 6:15 ` [Ocfs2-devel] [PATCH 2/3] fs: Add vfs_reflink() and the ->reflink() inode operation Joel Becker
2009-05-03 6:15 ` Joel Becker
2009-05-03 8:03 ` [Ocfs2-devel] " Christoph Hellwig
2009-05-03 8:03 ` Christoph Hellwig
2009-05-04 2:51 ` [Ocfs2-devel] " Joel Becker
2009-05-04 2:51 ` Joel Becker
2009-05-03 6:15 ` [Ocfs2-devel] [PATCH 3/3] fs: Add the reflink(2) system call Joel Becker
2009-05-03 6:15 ` Joel Becker
2009-05-03 6:27 ` [Ocfs2-devel] " Matthew Wilcox
2009-05-03 6:27 ` Matthew Wilcox
2009-05-03 6:39 ` [Ocfs2-devel] " Al Viro
2009-05-03 6:39 ` Al Viro
2009-05-03 7:48 ` [Ocfs2-devel] " Christoph Hellwig
2009-05-03 7:48 ` Christoph Hellwig
2009-05-03 11:16 ` [Ocfs2-devel] " Al Viro
2009-05-03 11:16 ` Al Viro
2009-05-04 2:53 ` [Ocfs2-devel] " Joel Becker
2009-05-04 2:53 ` Joel Becker
2009-05-04 2:53 ` [Ocfs2-devel] " Joel Becker
2009-05-04 2:53 ` Joel Becker
2009-05-03 8:04 ` [Ocfs2-devel] " Christoph Hellwig
2009-05-03 8:04 ` Christoph Hellwig
2009-05-07 22:15 ` [Ocfs2-devel] [RFC] The reflink(2) system call v2 Joel Becker
2009-05-07 22:15 ` Joel Becker
2009-05-08 1:39 ` [Ocfs2-devel] " James Morris
2009-05-08 1:39 ` James Morris
2009-05-08 1:49 ` [Ocfs2-devel] " Joel Becker
2009-05-08 1:49 ` Joel Becker
2009-05-08 13:01 ` Tetsuo Handa
2009-05-08 2:59 ` [Ocfs2-devel] " jim owens
2009-05-08 2:59 ` jim owens
2009-05-08 3:10 ` [Ocfs2-devel] " Joel Becker
2009-05-08 3:10 ` Joel Becker
2009-05-08 11:53 ` [Ocfs2-devel] " jim owens
2009-05-08 11:53 ` jim owens
2009-05-08 12:16 ` [Ocfs2-devel] " jim owens
2009-05-08 12:16 ` jim owens
2009-05-08 14:11 ` [Ocfs2-devel] " jim owens
2009-05-08 14:11 ` jim owens
2009-05-11 20:40 ` [Ocfs2-devel] [RFC] The reflink(2) system call v4 Joel Becker
2009-05-11 20:40 ` Joel Becker
2009-05-11 22:27 ` [Ocfs2-devel] " James Morris
2009-05-11 22:27 ` James Morris
2009-05-11 22:34 ` [Ocfs2-devel] " Joel Becker
2009-05-11 22:34 ` Joel Becker
2009-05-12 1:12 ` [Ocfs2-devel] " James Morris
2009-05-12 1:12 ` James Morris
2009-05-12 12:18 ` [Ocfs2-devel] " Stephen Smalley
2009-05-12 12:18 ` Stephen Smalley
2009-05-12 17:22 ` [Ocfs2-devel] " Joel Becker
2009-05-12 17:22 ` Joel Becker
2009-05-12 17:32 ` [Ocfs2-devel] " Stephen Smalley
2009-05-12 17:32 ` Stephen Smalley
2009-05-12 18:03 ` [Ocfs2-devel] " Joel Becker
2009-05-12 18:03 ` Joel Becker
2009-05-12 18:04 ` [Ocfs2-devel] " Stephen Smalley
2009-05-12 18:04 ` Stephen Smalley
2009-05-12 18:28 ` [Ocfs2-devel] " Joel Becker
2009-05-12 18:28 ` Joel Becker
2009-05-12 18:37 ` [Ocfs2-devel] " Stephen Smalley
2009-05-12 18:37 ` Stephen Smalley
2009-05-14 18:06 ` [Ocfs2-devel] " Stephen Smalley
2009-05-14 18:06 ` Stephen Smalley
2009-05-14 18:25 ` [Ocfs2-devel] " Stephen Smalley
2009-05-14 18:25 ` Stephen Smalley
2009-05-14 23:25 ` [Ocfs2-devel] " James Morris
2009-05-14 23:25 ` James Morris
2009-05-15 11:54 ` [Ocfs2-devel] " Stephen Smalley
2009-05-15 11:54 ` Stephen Smalley
2009-05-15 13:35 ` [Ocfs2-devel] " James Morris
2009-05-15 13:35 ` James Morris
2009-05-15 15:44 ` [Ocfs2-devel] " Stephen Smalley
2009-05-15 15:44 ` Stephen Smalley
2009-05-13 1:47 ` [Ocfs2-devel] " Casey Schaufler
2009-05-13 1:47 ` Casey Schaufler
2009-05-13 16:43 ` [Ocfs2-devel] " Joel Becker
2009-05-13 16:43 ` Joel Becker
2009-05-13 17:23 ` [Ocfs2-devel] " Stephen Smalley
2009-05-13 17:23 ` Stephen Smalley
2009-05-13 18:27 ` [Ocfs2-devel] " Joel Becker
2009-05-13 18:27 ` Joel Becker
2009-05-12 12:01 ` [Ocfs2-devel] " Stephen Smalley
2009-05-12 12:01 ` Stephen Smalley
2009-05-11 23:11 ` [Ocfs2-devel] " jim owens
2009-05-11 23:11 ` jim owens
2009-05-11 23:42 ` [Ocfs2-devel] " Joel Becker
2009-05-11 23:42 ` Joel Becker
2009-05-12 11:31 ` [Ocfs2-devel] " Jörn Engel
2009-05-12 11:31 ` Jörn Engel
2009-05-12 13:12 ` [Ocfs2-devel] " jim owens
2009-05-12 13:12 ` jim owens
2009-05-12 20:24 ` [Ocfs2-devel] " Jamie Lokier
2009-05-12 20:24 ` Jamie Lokier
2009-05-14 18:43 ` [Ocfs2-devel] " Jörn Engel
2009-05-14 18:43 ` Jörn Engel
2009-05-12 15:04 ` [Ocfs2-devel] " Sage Weil
2009-05-12 15:04 ` Sage Weil
2009-05-12 15:23 ` [Ocfs2-devel] " jim owens
2009-05-12 15:23 ` jim owens
2009-05-12 16:16 ` [Ocfs2-devel] " Sage Weil
2009-05-12 16:16 ` Sage Weil
2009-05-12 17:45 ` [Ocfs2-devel] " jim owens
2009-05-12 17:45 ` jim owens
2009-05-12 20:29 ` [Ocfs2-devel] " Jamie Lokier
2009-05-12 20:29 ` Jamie Lokier
2009-05-12 17:28 ` [Ocfs2-devel] " Joel Becker
2009-05-12 17:28 ` Joel Becker
2009-05-13 4:30 ` [Ocfs2-devel] " Sage Weil
2009-05-13 4:30 ` Sage Weil
2009-05-14 3:57 ` [Ocfs2-devel] " Andy Lutomirski
2009-05-14 3:57 ` Andy Lutomirski
2009-05-14 18:12 ` [Ocfs2-devel] " Stephen Smalley
2009-05-14 18:12 ` Stephen Smalley
2009-05-14 22:00 ` [Ocfs2-devel] " Joel Becker
2009-05-14 22:00 ` Joel Becker
2009-05-15 1:20 ` Jamie Lokier
2009-05-15 1:20 ` [Ocfs2-devel] " Jamie Lokier
2009-05-15 12:01 ` Stephen Smalley
2009-05-15 12:01 ` Stephen Smalley
2009-05-15 15:22 ` [Ocfs2-devel] " Joel Becker
2009-05-15 15:22 ` Joel Becker
2009-05-15 15:55 ` [Ocfs2-devel] " Stephen Smalley
2009-05-15 15:55 ` Stephen Smalley
2009-05-15 16:42 ` [Ocfs2-devel] " Joel Becker
2009-05-15 16:42 ` Joel Becker
2009-05-15 17:01 ` Shaya Potter
2009-05-15 17:01 ` Shaya Potter [this message]
2009-05-15 20:53 ` [Ocfs2-devel] " Joel Becker
2009-05-15 20:53 ` Joel Becker
2009-05-18 9:17 ` Jörn Engel
2009-05-18 9:17 ` Jörn Engel
2009-05-18 13:02 ` Stephen Smalley
2009-05-18 13:02 ` Stephen Smalley
2009-05-18 14:33 ` Stephen Smalley
2009-05-18 14:33 ` Stephen Smalley
2009-05-18 17:15 ` Stephen Smalley
2009-05-18 17:15 ` Stephen Smalley
2009-05-18 18:26 ` Joel Becker
2009-05-18 18:26 ` Joel Becker
2009-05-19 16:32 ` [Ocfs2-devel] " Sage Weil
2009-05-19 16:32 ` Sage Weil
2009-05-19 19:20 ` Jonathan Corbet
2009-05-19 19:32 ` Joel Becker
2009-05-19 19:41 ` Jonathan Corbet
2009-05-19 19:41 ` Jonathan Corbet
2009-05-19 19:33 ` Jonathan Corbet
2009-05-19 20:15 ` Jamie Lokier
2009-05-25 7:44 ` [Ocfs2-devel] [RFC] The reflink(2) system call v4. - Question for suitability Mihail Daskalov
2009-05-25 20:42 ` Joel Becker
2009-05-28 0:24 ` [RFC] The reflink(2) system call v5 Joel Becker
2009-05-28 0:24 ` [Ocfs2-devel] " Joel Becker
2009-09-14 22:24 ` Joel Becker
2009-09-14 22:24 ` Joel Becker
2009-09-14 22:24 ` Joel Becker
2009-05-11 20:49 ` [Ocfs2-devel] [RFC] The reflink(2) system call v2 Joel Becker
2009-05-11 20:49 ` Joel Becker
2009-05-11 22:49 ` [Ocfs2-devel] " jim owens
2009-05-11 22:49 ` jim owens
2009-05-11 23:46 ` [Ocfs2-devel] " Joel Becker
2009-05-11 23:46 ` Joel Becker
2009-05-12 0:54 ` [Ocfs2-devel] " Chris Mason
2009-05-12 0:54 ` Chris Mason
2009-05-12 20:36 ` [Ocfs2-devel] " Jamie Lokier
2009-05-12 20:36 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A0D9FD6.7070307@cs.columbia.edu \
--to=spotter@cs.columbia.edu \
--cc=ocfs2-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.