From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: linux-xfs@vger.kernel.org, chandan.babu@oracle.com,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/3] xfs: use vfs helper to update file attributes after fallocate
Date: Mon, 31 Jan 2022 09:30:28 +1100 [thread overview]
Message-ID: <20220130223028.GV59729@dread.disaster.area> (raw)
In-Reply-To: <164351876914.4177728.15972280389302582854.stgit@magnolia>
On Sat, Jan 29, 2022 at 08:59:29PM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> In XFS, we always update the inode change and modification time when any
> preallocation operation succeeds. Furthermore, as various fallocate
> modes can change the file contents (extending EOF, punching holes,
> zeroing things, shifting extents), we should drop file privileges like
> suid just like we do for a regular write(). There's already a VFS
> helper that figures all this out for us, so use that.
>
> The net effect of this is that we no longer drop suid/sgid if the caller
> is root, but we also now drop file capabilities.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> ---
> fs/xfs/xfs_file.c | 20 +++++++++++++++++---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
>
> diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> index 22ad207bedf4..3b0d026396e5 100644
> --- a/fs/xfs/xfs_file.c
> +++ b/fs/xfs/xfs_file.c
> @@ -1057,12 +1057,26 @@ xfs_file_fallocate(
> }
> }
>
> + /* Update [cm]time and drop file privileges like a regular write. */
> + error = file_modified(file);
> + if (error)
> + goto out_unlock;
> +
> + /*
> + * If we need to change the PREALLOC flag or flush the log, do so.
> + * We already updated the timestamps and cleared the suid flags, so we
> + * don't need to do that again. This must be committed before the size
> + * change so that we don't trim post-EOF preallocations.
> + */
> if (file->f_flags & O_DSYNC)
> flags |= XFS_PREALLOC_SYNC;
> + if (flags) {
> + flags |= XFS_PREALLOC_INVISIBLE;
> - error = xfs_update_prealloc_flags(ip, flags);
> - if (error)
> - goto out_unlock;
> + error = xfs_update_prealloc_flags(ip, flags);
> + if (error)
> + goto out_unlock;
> + }
That's a change of behaviour in that if O_DSYNC is not used, we
won't call xfs_update_prealloc_flags() and so won't always log the
inode here, regardless of whether the timestamps are changed or not.
Regardless, the only other caller of xfs_update_prealloc_flags() is
xfs_fs_map_blocks(), and that clearly modifies the layout of the
file so it has the same issue w.r.t. stripping privileges via
xfs_update_prealloc_flags(). So it should really also
and not the open coded stripping done in
xfs_update_prealloc_flags().
As such, I think that the use of XFS_PREALLOC_INVISIBLE here is not
a very nice workaround to avoid repeating the work done by
file_modified(). All the code that does direct extent modification
should perform the same actions for the same reasons. And if you
xfs_fs_map_blocks() to use xfs_log_force_inode() like patch 3 in
this series does for fallocate(), then XFS_PREALLOC_SYNC and that
code in xfs_update_prealloc_flags() can go away as well....
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2022-01-30 22:30 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-30 4:59 [PATCHSET v2 0/3] xfs: fix permission drop and flushing in fallocate Darrick J. Wong
2022-01-30 4:59 ` [PATCH 1/3] xfs: use vfs helper to update file attributes after fallocate Darrick J. Wong
2022-01-30 22:30 ` Dave Chinner [this message]
2022-01-30 4:59 ` [PATCH 2/3] xfs: flush log after fallocate for sync mounts and sync inodes Darrick J. Wong
2022-01-30 4:59 ` [PATCH 3/3] xfs: ensure log flush at the end of a synchronous fallocate call Darrick J. Wong
2022-01-30 21:59 ` Dave Chinner
2022-01-31 6:43 ` [PATCH 0/5] xfs: fallocate() vs xfs_update_prealloc_flags() Dave Chinner
2022-01-31 6:43 ` [PATCH 1/5] xfs: remove XFS_PREALLOC_SYNC Dave Chinner
2022-01-31 17:25 ` Darrick J. Wong
2022-01-31 6:43 ` [PATCH 2/5] xfs: fallocate() should call file_modified() Dave Chinner
2022-01-31 17:27 ` Darrick J. Wong
2022-01-31 6:43 ` [PATCH 3/5] xfs: set prealloc flag in xfs_alloc_file_space() Dave Chinner
2022-01-31 7:02 ` [PATCH v1.1 " Dave Chinner
2022-01-31 17:30 ` Darrick J. Wong
2022-01-31 6:43 ` [PATCH 4/5] xfs: move xfs_update_prealloc_flags() to xfs_pnfs.c Dave Chinner
2022-01-31 17:37 ` Darrick J. Wong
2022-01-31 6:43 ` [PATCH 5/5] xfs: ensure log flush at the end of a synchronous fallocate call Dave Chinner
2022-02-01 16:37 ` Darrick J. Wong
-- strict thread matches above, loose matches on Subject: below --
2022-01-26 2:18 [PATCHSET 0/3] xfs: fix permission drop and flushing in fallocate Darrick J. Wong
2022-01-26 2:18 ` [PATCH 1/3] xfs: use vfs helper to update file attributes after fallocate Darrick J. Wong
2022-01-28 9:32 ` Chandan Babu R
2022-01-28 22:23 ` Darrick J. Wong
2022-01-29 7:43 ` Chandan Babu R
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220130223028.GV59729@dread.disaster.area \
--to=david@fromorbit.com \
--cc=chandan.babu@oracle.com \
--cc=djwong@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox