From: Akira Fujita <a-fujita@rs.jp.nec.com>
To: Andreas Dilger <adilger@sun.com>
Cc: linux-ext4@vger.kernel.org, Theodore Tso <tytso@mit.edu>,
Mingming Cao <cmm@us.ibm.com>,
hch@infradead.org
Subject: Re: [RFC][PATCH 7/9]ext4: Add the EXT4_IOC_FIEMAP_INO ioctl
Date: Fri, 31 Oct 2008 18:46:12 +0900 [thread overview]
Message-ID: <490AD3E4.1010908@rs.jp.nec.com> (raw)
In-Reply-To: <20081027195524.GN3184@webber.adilger.int>
Andreas Dilger Wrote:
> On Oct 27, 2008 19:21 +0900, Akira Fujita wrote:
>> Andreas Dilger wrote:
>>> On Oct 24, 2008 19:09 +0900, Akira Fujita wrote:
>>>> The EXT4_IOC_FIEMAP_INO is used to get extents information of
>>>> inode which set to ioctl.
>>>> The defragger uses this ioctl to check the fragment condition
>>>> and to get extents information in the specified block group.
>>> Instead of having a separate IOC number for each such ioctl, instead
>>> we implemented EXT4_IOC_WRAPPER, which is an root-specific ioctl that
>>> passes in an inode number and a second IOC number so that arbitrary file
>>> ioctls can be run on any inode by root.
>> The EXT4_IOC_WRAPPER ioctl seems to be usuful for many situations.
>> But the EXT4_IOC_FIEMAP_INO ioctl is used not only root user but also
>> non-root user to call fiemap,
>> so we cannot use the current EXT4_IOC_WRAPPER ioctl for defrag.
>
> Why does a regular user need to do the ioctl on a file that it may not
> have read permission to access? I can see this is useful for root
> doing a defrag of the whole filesystem instead of opening and closing
> all of the files, but for regular users we need to validate via the
> full path to ensure they can even access the file before defragmenting it.
The FIEMAP_INO ioctl just passes a inode number belongs to
the target block group from user space to kernel space
and then the owner check is done in the kernel space.
If the regular user (defrag -f excecutant) is owner of a file,
defrag handles this file as the candidate of victim file which would be moved
to the other block group to make free space.
So I think the full path check is unneeded because the owner check
is done in the kernel space (I'm not sure it's good enough).
If it's not good in the security point of view,
I will make defrag -f mode be done only by root user.
>>> This was mentioned last time these patches were posted, but there was
>>> no reply from you. Christoph suggested a more generic VFS open-by-inum,
>>> which isn't impossible to do but would cause a lot of controversy I
>>> think, while the EXT4_IOC_WRAPPER is at least contained within ext4,
>>> but is more generically useful than EXT4_IOC_FIEMAP_INO.
>> Do you plan to add EXT4_IOC_WRAPPER into the ext4 patch queue?
>
> If there is interest, yes.
How do the other ext4 developers think about
implementing EXT4_IOC_WRAPPER?
Will it be used only for defrag so far?
Regards,
Akira Fujita
next prev parent reply other threads:[~2008-10-31 9:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-24 10:09 [RFC][PATCH 7/9]ext4: Add the EXT4_IOC_FIEMAP_INO ioctl Akira Fujita
2008-10-26 8:40 ` Andreas Dilger
2008-10-26 8:48 ` Christoph Hellwig
2008-10-26 8:49 ` Christoph Hellwig
2008-10-31 10:05 ` Christoph Hellwig
2008-11-06 7:39 ` Akira Fujita
2008-11-06 16:15 ` Theodore Tso
2008-10-27 10:21 ` Akira Fujita
2008-10-27 19:55 ` Andreas Dilger
2008-10-31 9:46 ` Akira Fujita [this message]
2008-11-04 21:42 ` Andreas Dilger
-- strict thread matches above, loose matches on Subject: below --
2008-11-13 11:34 Akira Fujita
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=490AD3E4.1010908@rs.jp.nec.com \
--to=a-fujita@rs.jp.nec.com \
--cc=adilger@sun.com \
--cc=cmm@us.ibm.com \
--cc=hch@infradead.org \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).