From: Brian Foster <bfoster@redhat.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: xfs@oss.sgi.com
Subject: Re: [PATCH v2 1/2] xfs: fix tmpfile/selinux deadlock and initialize security/acl
Date: Thu, 10 Apr 2014 08:19:48 -0400 [thread overview]
Message-ID: <20140410121947.GA14124@bfoster.bfoster> (raw)
In-Reply-To: <20140410102421.GA17641@infradead.org>
On Thu, Apr 10, 2014 at 03:24:21AM -0700, Christoph Hellwig wrote:
> On Wed, Apr 09, 2014 at 03:21:50PM -0400, Brian Foster wrote:
> > xfs_vn_tmpfile() also fails to initialize security or default acls on
> > the newly created inode.
>
> Which it doesn't have to, as it is never available in the filesystem
> namespace.
>
Are you saying it doesn't have to initialize security or the default
acl, or both?
The intent here was to have the case covered where the inode happens to
be linked back into the namespace since we don't do this work in the
link path.
> > The d_tmpfile() call is removed from xfs_create_tmpfile() and pulled up
> > into the new handler to address the deadlock. E.g., xfs_create_tmpfile()
> > has committed the create transaction and unlocked the inode prior to
> > mapping the inode to the dentry.
>
> This part of the patch looks sane, although the window where the XFS
> inode and VFS inode i_nlink are out of sync worries me a little.
>
> I don't think the other refactoring belongs into the same patch.
>
> If we decide that we want it please avoid the useless ACL inheritance
> for tmpfiles.
The bulk of the refactoring was with the idea that the inode setup for
the tmpfile case is generally equivalent for the traditional create
case. The original version was posted here:
http://oss.sgi.com/archives/xfs/2014-04/msg00149.html
... and it just fixes the deadlock and adds the security initialization.
I suppose I could still break that out into multiple patches, but that
aside, is that behavior preferred?
Brian
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2014-04-10 12:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-09 19:21 [PATCH v2 0/2] xfs: tmpfile fixes for inode security/acl Brian Foster
2014-04-09 19:21 ` [PATCH v2 1/2] xfs: fix tmpfile/selinux deadlock and initialize security/acl Brian Foster
2014-04-10 10:24 ` Christoph Hellwig
2014-04-10 12:19 ` Brian Foster [this message]
2014-04-10 12:29 ` Christoph Hellwig
2014-04-15 17:52 ` Christoph Hellwig
2014-04-15 19:31 ` Andreas Gruenbacher
2014-04-16 11:14 ` Christoph Hellwig
2014-04-16 17:29 ` Andreas Gruenbacher
2014-04-18 16:39 ` Christoph Hellwig
2014-04-30 12:02 ` Christoph Hellwig
2014-04-09 19:21 ` [PATCH v2 2/2] xfs: fold xfs_create_tmpfile() into xfs_create() Brian Foster
2014-04-10 10:29 ` Christoph Hellwig
2014-04-10 12:19 ` Brian Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140410121947.GA14124@bfoster.bfoster \
--to=bfoster@redhat.com \
--cc=hch@infradead.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).