From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
To: Namjae Jeon <linkinjeon@gmail.com>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
Ravishankar N <cyberax82@gmail.com>,
Amit Sahrawat <amit.sahrawat83@gmail.com>
Subject: Re: [PATCH] fat: Support fallocate on fat.
Date: Mon, 09 Jul 2012 20:32:32 +0900 [thread overview]
Message-ID: <87wr2dnp9r.fsf@devron.myhome.or.jp> (raw)
In-Reply-To: <CAKYAXd-OD_3Z8=6mBQMvBApje9sN0EiPX8drMXc6pSeMgG8Nnw@mail.gmail.com> (Namjae Jeon's message of "Mon, 9 Jul 2012 20:14:50 +0900")
Namjae Jeon <linkinjeon@gmail.com> writes:
> 2012/7/9, OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>:
>> Namjae Jeon <linkinjeon@gmail.com> writes:
>>
>>>>> + /*
>>>>> + * calculate i_blocks and mmu_private from the actual number of
>>>>> + * allocated clusters instead of doing it from file size.This ensures
>>>>> + * that the preallocated disk space using FALLOC_FL_KEEP_SIZE is
>>>>> + * persistent across remounts and writes go into the allocated
>>>>> clusters.
>>>>> + */
>>>>> + fat_calc_dir_size(inode);
>>>>
>>>> Looks like the wrong. If you didn't initialize preallocated space, the
>>>> data never be exposed to userland. It is security bug.
>>> As explained above, if we do append write instead of seeking into a
>>> random offset, there is no security risk.
>>
>> So it means? - if we didn't, there is.
> Yes, right.
>>
>>> The main disadvantage with initializing the preallocated space (as is
>>> done in case of without FALLOC_FL_KEEP_SIZE ) is it takes long time
>>> for bigger allocation sizes. It took ~70 seconds to preallocate 2GB on
>>> our target if FALLOC_FL_KEEP_SIZE is not set.
>>
>> It doesn't become the reason to expose uninitialized data.
> I agree.. If I try to change code for initializing the preallocated
> space, Is this patch acceptable ?
I guess, if Windows truncates the above clusters than file size, it may
be prefer to truncate on linux too. We really need it over umount?
We never know the file whether corrupted or preallocated.
And at least for now, it would be better to put under CONFIG_FAT_FALLOC
or such, and warn it as unofficial way to preallocation on the
explanation of CONFIG_FAT_FALLOC.
Sorry, I'm still not reviewing the detail of code yet, like locking. And
I'm still not convinced whether we should add this hack (unofficial way)...
Thanks.
--
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
next prev parent reply other threads:[~2012-07-09 11:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-08 3:07 [PATCH] fat: Support fallocate on fat Namjae Jeon
2012-07-08 13:06 ` OGAWA Hirofumi
2012-07-09 6:43 ` Namjae Jeon
2012-07-09 10:55 ` OGAWA Hirofumi
2012-07-09 11:14 ` Namjae Jeon
2012-07-09 11:32 ` OGAWA Hirofumi [this message]
2012-07-11 4:22 ` Namjae Jeon
2012-07-12 10:13 ` OGAWA Hirofumi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wr2dnp9r.fsf@devron.myhome.or.jp \
--to=hirofumi@mail.parknet.co.jp \
--cc=akpm@linux-foundation.org \
--cc=amit.sahrawat83@gmail.com \
--cc=cyberax82@gmail.com \
--cc=linkinjeon@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox