From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: linux-xfs@vger.kernel.org, allison.henderson@oracle.com,
chandan.babu@oracle.com
Subject: Re: [PATCH 1/3] xfs: fix TOCTOU race involving the new logged xattrs control knob
Date: Mon, 20 Jun 2022 09:52:46 +1000 [thread overview]
Message-ID: <20220619235246.GL227878@dread.disaster.area> (raw)
In-Reply-To: <165463578858.417102.15324992106006793982.stgit@magnolia>
On Tue, Jun 07, 2022 at 02:03:08PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> I found a race involving the larp control knob, aka the debugging knob
> that lets developers enable logging of extended attribute updates:
>
> Thread 1 Thread 2
>
> echo 0 > /sys/fs/xfs/debug/larp
> setxattr(REPLACE)
> xfs_has_larp (returns false)
> xfs_attr_set
>
> echo 1 > /sys/fs/xfs/debug/larp
>
> xfs_attr_defer_replace
> xfs_attr_init_replace_state
> xfs_has_larp (returns true)
> xfs_attr_init_remove_state
>
> <oops, wrong DAS state!>
>
> This isn't a particularly severe problem right now because xattr logging
> is only enabled when CONFIG_XFS_DEBUG=y, and developers *should* know
> what they're doing.
>
> However, the eventual intent is that callers should be able to ask for
> the assistance of the log in persisting xattr updates. This capability
> might not be required for /all/ callers, which means that dynamic
> control must work correctly. Once an xattr update has decided whether
> or not to use logged xattrs, it needs to stay in that mode until the end
> of the operation regardless of what subsequent parallel operations might
> do.
>
> Therefore, it is an error to continue sampling xfs_globals.larp once
> xfs_attr_change has made a decision about larp, and it was not correct
> for me to have told Allison that ->create_intent functions can sample
> the global log incompat feature bitfield to decide to elide a log item.
>
> Instead, create a new op flag for the xfs_da_args structure, and convert
> all other callers of xfs_has_larp and xfs_sb_version_haslogxattrs within
> the attr update state machine to look for the operations flag.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Looks fine now.
Reviewed-by: Dave Chinner <dchinner@redhat.com>
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2022-06-19 23:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 21:03 [PATCHSET v2 0/3] xfs: random fixes for 5.19-rc2 Darrick J. Wong
2022-06-07 21:03 ` [PATCH 1/3] xfs: fix TOCTOU race involving the new logged xattrs control knob Darrick J. Wong
2022-06-15 18:13 ` Darrick J. Wong
2022-06-15 22:31 ` Alli
2022-06-19 23:52 ` Dave Chinner [this message]
2022-06-07 21:03 ` [PATCH 2/3] xfs: fix variable state usage Darrick J. Wong
2022-06-15 22:32 ` Alli
2022-06-07 21:03 ` [PATCH 3/3] xfs: preserve DIFLAG2_NREXT64 when setting other inode attributes Darrick J. Wong
2022-06-15 22:32 ` Alli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220619235246.GL227878@dread.disaster.area \
--to=david@fromorbit.com \
--cc=allison.henderson@oracle.com \
--cc=chandan.babu@oracle.com \
--cc=djwong@kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox