From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: Arnd Bergmann <arnd@arndb.de>
Cc: hooanon05@yahoo.co.jp, Jamie Lokier <jamie@shareable.org>,
Phillip Lougher <phillip@lougher.demon.co.uk>,
David Newall <davidn@davidnewall.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
hch@lst.de
Subject: Re: [RFC 0/7] [RFC] cramfs: fake write support
Date: Mon, 2 Jun 2008 18:54:05 +0400 [thread overview]
Message-ID: <20080602145404.GA22400@2ka.mipt.ru> (raw)
In-Reply-To: <200806021315.41211.arnd@arndb.de>
Hi Arnd.
On Mon, Jun 02, 2008 at 01:15:40PM +0200, Arnd Bergmann (arnd@arndb.de) wrote:
> This is a very complicated approach, and I'm not sure if it even addresses
> the case where you have a shared mmap on both files. With VFS based union
> mounts, they share one inode, so you don't need to use idiotify in the first
> place, and it automatically works on shared mmaps.
Inotify has nothing common with that - it notifies about inode update,
which is only thing needed for unionfs. VM and aufs vmops will take care of
reads and writes, since there is no duplication of the data here.
> I mean having your own dentry and inode object is duplication. The
> underlying file system already has them, so if you have your own,
> you need to keep them synchronized. I guess that in order to do
> a lookup on a file, you need the steps of
>
> 1. lookup in aufs dentry cache -> fail
> 2. lookup in underlying dentry cache -> fail
> 3. try to read dentry from disk -> fail
> 4. repeat 2-3 until found, or arrive at lowest level
> 5. create an inode in memory for the lower file system
> 6. create dentry in memory on lower file system, pointing
> to that
> 7. create an aufs specific inode pointing to the underlying
> inode
> 8. create an aufs specific dentry object to point to that
> 9. create a struct inode representing the aufs inode
> 10. create another VFS dentry to point to that
>
> when you really should just return the dentry found by the
> lower file system.
Or it is a feature, and you should not return dentry for lower file
system, when you can have different objects pointing to the
same object.
> It's not so much a practical limitation as an exploitable feature.
> E.g. an unpriviledged user may use this to get an application into
> an error condition by asking for an invalid file name.
Hmm... I believe if exploit wants to do bad things and system prevents
it, it is actually a right decision? But since you asked, I'm not sure
anymore...
> Posix reserves a well-defined set of invalid file names, and
> deviation from this means that you are not compliant, and that
> in a potentially unexpected way.
Everything has own limitation. 256 bytes per name is much stronger
problem, but everyone works with that.
It is a limitation, buts rather nonsignificant IMO.
> I personally think that a policy other than writing to the top is crazy
> enough, but randomly writing to multiple places is much worse, as it
> becomes unpredictable what the file system does, not just unexpected.
Is this a double rot13 encoded "people will never use computers with
more than 640 kb of ram" phrase? :)
While working VFS union mounting does not exist, AUFS does work.
It is just another filesystem, which works and has big userbase. Any VFS
approach (when implemented) will work on its own and its implementation
does not depend on this particular fs.
--
Evgeniy Polyakov
next prev parent reply other threads:[~2008-06-02 15:07 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-31 15:37 [RFC 0/7] [RFC] cramfs: fake write support arnd
2008-05-31 18:56 ` David Newall
2008-05-31 20:40 ` Arnd Bergmann
2008-06-01 3:54 ` Phillip Lougher
2008-06-01 8:52 ` Arnd Bergmann
2008-06-01 12:28 ` Jamie Lokier
2008-06-01 21:49 ` Arnd Bergmann
2008-06-02 2:48 ` hooanon05
2008-06-02 3:25 ` Erez Zadok
2008-06-02 7:51 ` Arnd Bergmann
2008-06-02 18:13 ` Erez Zadok
2008-06-03 2:02 ` Phillip Lougher
2008-06-02 3:51 ` Erez Zadok
2008-06-02 11:07 ` Jamie Lokier
2008-06-02 4:37 ` Erez Zadok
2008-06-02 6:07 ` Bharata B Rao
2008-06-02 7:17 ` Jan Engelhardt
2008-06-02 7:12 ` Arnd Bergmann
2008-06-02 10:36 ` hooanon05
2008-06-02 11:15 ` Arnd Bergmann
2008-06-02 12:56 ` hooanon05
2008-06-02 14:13 ` Arnd Bergmann
2008-06-02 14:33 ` hooanon05
2008-06-02 15:01 ` Arnd Bergmann
2008-06-03 11:04 ` hooanon05
2008-06-02 14:54 ` Evgeniy Polyakov [this message]
2008-06-02 17:42 ` Arnd Bergmann
2008-06-02 15:35 ` Erez Zadok
2008-06-01 6:02 ` David Newall
2008-06-01 9:11 ` Jan Engelhardt
2008-06-01 16:25 ` Jörn Engel
2008-06-01 3:19 ` Phillip Lougher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080602145404.GA22400@2ka.mipt.ru \
--to=johnpol@2ka.mipt.ru \
--cc=arnd@arndb.de \
--cc=davidn@davidnewall.com \
--cc=hch@lst.de \
--cc=hooanon05@yahoo.co.jp \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=phillip@lougher.demon.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).