From: Dave Chinner <david@fromorbit.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-xfs@vger.kernel.org, linux-security-module@vger.kernel.org,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH] [RFC] xfs: initialise attr fork on inode create
Date: Tue, 8 Dec 2020 07:42:50 +1100 [thread overview]
Message-ID: <20201207204250.GU3913616@dread.disaster.area> (raw)
In-Reply-To: <20201207173111.GA21651@infradead.org>
On Mon, Dec 07, 2020 at 05:31:11PM +0000, Christoph Hellwig wrote:
> Btw, while looking at the code before replying to Casey I noticed
> something else in this area of code which we should probably fix
> if we touch all this. We are really supposed to create the ACLs
> and security labels atomically with the actual inode creation. And
> I think we have all the infrastructure to do this without too much
> pain now for ACLs. Security labels with the weird
> security_inode_init_security interface might be a little harder but
> not impossible.
Yes, that's long been a known problem - it was a problem way back in
the day for DMF and the DMAPI attributes that needed to be added at
create time. That's where XFS_TRANS_RESERVE originally came from, so
that ENOSPC didn't prevent the dmapi xattr from being added to a
newly created inode.
This atomicity problem is one of the things that Allison's attribute
defer-op rework is intended to address. i.e. being able to
atomically create xattrs at inode create time and have them fully
recoverable by intent replay if the initial inode allocation and
directory linkage transaction succeeds.
Essential the transaction context would start in
xfs_generic_create(), not xfs_create(), and roll through to the
xattr creations for ACLs and security contexts...
> And I suspect security_inode_init_security might be right thing
> to reuse for the helper to figure out what attrs would be set.
Problem is that it appears to need an inode to already be allocated
and instantiated to work....
> If
> security_inode_init_security with an idempotent callback is
> idempotent itself we might be able to use it directly, but all the
> weird hooking makes it rather hard to read.
Yeah, it's like a layer of inscrutible obscurity has been added to a
simple ops table... :/
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
prev parent reply other threads:[~2020-12-07 20:43 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 23:27 [PATCH] [RFC] xfs: initialise attr fork on inode create Dave Chinner
2020-12-03 8:40 ` Christoph Hellwig
2020-12-03 21:44 ` Dave Chinner
2020-12-04 7:54 ` Christoph Hellwig
2020-12-07 17:22 ` Casey Schaufler
2020-12-07 17:25 ` Christoph Hellwig
2020-12-07 20:49 ` Dave Chinner
2020-12-04 12:31 ` Brian Foster
2020-12-04 21:22 ` Dave Chinner
2020-12-05 11:34 ` Brian Foster
2020-12-06 23:33 ` Dave Chinner
2020-12-07 16:30 ` Brian Foster
2020-12-07 17:18 ` Darrick J. Wong
2020-12-07 17:12 ` Darrick J. Wong
2020-12-07 17:31 ` Christoph Hellwig
2020-12-07 20:42 ` Dave Chinner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201207204250.GU3913616@dread.disaster.area \
--to=david@fromorbit.com \
--cc=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox