From: Sergei Antonov <saproj@gmail.com>
To: Anton Altaparmakov <anton@tuxera.com>
Cc: "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Anton Altaparmakov <aia21@cantab.net>
Subject: Re: [PATCH] ntfs: add code to make FIBMAP ioctl work
Date: Thu, 16 Oct 2014 22:03:28 +0200 [thread overview]
Message-ID: <CABikg9yT99jfrnP1Sm8NTi1en8vLdEEWUGMc29Y2-VCTCOuLBA@mail.gmail.com> (raw)
In-Reply-To: <A7ECFB4E-A50C-4EEB-99BF-F390A2E0845D@tuxera.com>
On 16 October 2014 17:36, Anton Altaparmakov <anton@tuxera.com> wrote:
> Hi Sergei,
>
> On 16 Oct 2014, at 16:07, Sergei Antonov <saproj@gmail.com> wrote:
>> I looked at your code and do not quite understand the handling of
>> initialized size. You read it into a local copy while holding the
>> lock, but then after the lock is released it may change and, I'm
>> afraid, cause the same problems you mentioned.
>
> Correct. That is why FIBMAP is a stupid interface! However initialized_size can only ever go up and not down so in the worst case you will get result zero, i.e. hole instead of the now real sector number you could access.
>
> The only time it can shrink is when the file size shrinks and I am afraid if anyone is using FIBMAP against a file that can be truncated they will corrupt the file system!
I've tried to merge all your arguments in my head :) and concluded
that a practical importance of the check against initialized_size is
exaggerated :).
It is not a reliable protection (API safety issues) implemented in a
way that it may not always work (limited locking scope). Can be an
indicator of programmer's diligence, though - "you see, I care about
it!". Sorry for this ramble. Your patch will do the job.
>> What is an example of a platform with 32-bit sector_t? Interesting to know.
>
> Any 32-bit system that does not configure the kernel for 64-bit sector_t. Sorry can't remember the .config option name at the moment. Would need to look it up.
Thanks. Found it. It is CONFIG_LBDAF.
>> Is it really possible that ntfs_bmap() is called for non-data
>> attributes? In other words, what other attributes are accessible as
>> files? Just curious.
>
> I admit in current kernel driver it cannot. It might in future - reparse points for example are very odd in many ways and though they are often indicated as directories rather than files they could not always be and what attributes a reparse point has is anyones guess - depends on the reparse point.
>
> Then there are system files that do not have an unnamed $DATA attribute at all so in a way the check should probably be extended to ensure the attribute is $DATA _and_ unnamed but again anyone using FIBMAP on a system file is asking to cause problems...
Aren't those files handled by 'ntfs_mst_aops' (the one without a bmap
function) rather than 'ntfs_normal_aops'?
next prev parent reply other threads:[~2014-10-16 20:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-15 19:19 [PATCH] ntfs: add code to make FIBMAP ioctl work Sergei Antonov
2014-10-15 23:12 ` Andreas Dilger
2014-10-16 11:37 ` Sergei Antonov
2014-10-16 13:23 ` Anton Altaparmakov
2014-10-16 13:20 ` Anton Altaparmakov
2014-10-16 15:07 ` Sergei Antonov
2014-10-16 15:36 ` Anton Altaparmakov
2014-10-16 20:03 ` Sergei Antonov [this message]
2014-10-16 20:43 ` Anton Altaparmakov
2014-10-16 21:55 ` Anton Altaparmakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABikg9yT99jfrnP1Sm8NTi1en8vLdEEWUGMc29Y2-VCTCOuLBA@mail.gmail.com \
--to=saproj@gmail.com \
--cc=aia21@cantab.net \
--cc=anton@tuxera.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).