[PATCH] vfs: allow FILE_EXTENT_SAME (dedupe_file_range) on a file opened ro

[PATCH] vfs: allow FILE_EXTENT_SAME (dedupe_file_range) on a file opened ro

[Adam Borowski]

Instead of checking the mode of the file descriptor, let's check whether it
could have been opened rw.  This allows fixing intermittent exec failures
when deduping a live system: anyone trying to exec a file currently being
deduped gets ETXTBSY.

Issuing this ioctl on a ro file was already allowed for root/cap.

Tested on btrfs and not-yet-merged xfs, as only them implement this ioctl.

Signed-off-by: Adam Borowski <kilobyte@angband.pl>
---
 fs/read_write.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/read_write.c b/fs/read_write.c
index 933b53a..df59dc6 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -1723,7 +1723,7 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same)
 
 		if (info->reserved) {
 			info->status = -EINVAL;
-		} else if (!(is_admin || (dst_file->f_mode & FMODE_WRITE))) {
+		} else if (!(is_admin || !inode_permission(dst, MAY_WRITE))) {
 			info->status = -EINVAL;
 		} else if (file->f_path.mnt != dst_file->f_path.mnt) {
 			info->status = -EXDEV;
-- 
2.8.1

Re: [PATCH] vfs: allow FILE_EXTENT_SAME (dedupe_file_range) on a file opened ro

[Adam Borowski]

On Mon, Jul 18, 2016 at 12:13:38AM +0200, Adam Borowski wrote:
> Instead of checking the mode of the file descriptor, let's check whether it
> could have been opened rw.  This allows fixing intermittent exec failures
> when deduping a live system: anyone trying to exec a file currently being
> deduped gets ETXTBSY.
> 
> Issuing this ioctl on a ro file was already allowed for root/cap.
> 
> Tested on btrfs and not-yet-merged xfs, as only them implement this ioctl.

This is a resend of a patch I've targetted at the wrong maintainer (btrfs
guys rather than Al Viro/vfs).  Since then, I've tested it on xfs-devel
(f0b34b677df10d9e3deffcd0b1c1aaaaf0234b80 atop of 4.7-rc5 and -rc7).

Review so far:
http://thread.gmane.org/gmane.comp.file-systems.btrfs/56563

An idea to relax the check and allow dedupe to everyone who can read the
file was shot down because of concerns that in some edge cases it might be
possible to clobber a targetted file.  Thus, we're back to the original
patch, requiring ro descriptor but rw permission.


Meow!
-- 
An imaginary friend squared is a real enemy.

Re: [PATCH] vfs: allow FILE_EXTENT_SAME (dedupe_file_range) on a file opened ro

[Mark Fasheh]

On Mon, Jul 18, 2016 at 12:13:38AM +0200, Adam Borowski wrote:
> Instead of checking the mode of the file descriptor, let's check whether it
> could have been opened rw.  This allows fixing intermittent exec failures
> when deduping a live system: anyone trying to exec a file currently being
> deduped gets ETXTBSY.
> 
> Issuing this ioctl on a ro file was already allowed for root/cap.
> 
> Tested on btrfs and not-yet-merged xfs, as only them implement this ioctl.
> 
> Signed-off-by: Adam Borowski <kilobyte@angband.pl>

Reviewed-by: Mark Fasheh <mfasheh@suse.de>
	--Mark

--
Mark Fasheh

Re: [PATCH] vfs: allow FILE_EXTENT_SAME (dedupe_file_range) on a file opened ro

[Darrick J. Wong]

On Mon, Jul 18, 2016 at 12:13:38AM +0200, Adam Borowski wrote:
> Instead of checking the mode of the file descriptor, let's check whether it
> could have been opened rw.  This allows fixing intermittent exec failures
> when deduping a live system: anyone trying to exec a file currently being
> deduped gets ETXTBSY.
> 
> Issuing this ioctl on a ro file was already allowed for root/cap.
> 
> Tested on btrfs and not-yet-merged xfs, as only them implement this ioctl.
> 
> Signed-off-by: Adam Borowski <kilobyte@angband.pl>

Could you please send an xfstest to test this aspect of the dedupe ioctl?

--D

> ---
>  fs/read_write.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/read_write.c b/fs/read_write.c
> index 933b53a..df59dc6 100644
> --- a/fs/read_write.c
> +++ b/fs/read_write.c
> @@ -1723,7 +1723,7 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same)
>  
>  		if (info->reserved) {
>  			info->status = -EINVAL;
> -		} else if (!(is_admin || (dst_file->f_mode & FMODE_WRITE))) {
> +		} else if (!(is_admin || !inode_permission(dst, MAY_WRITE))) {
>  			info->status = -EINVAL;
>  		} else if (file->f_path.mnt != dst_file->f_path.mnt) {
>  			info->status = -EXDEV;
> -- 
> 2.8.1
> 

Re: [PATCH] vfs: allow FILE_EXTENT_SAME (dedupe_file_range) on a file opened ro

[Adam Borowski]

On Mon, Jul 18, 2016 at 07:41:30PM -0700, Darrick J. Wong wrote:
> On Mon, Jul 18, 2016 at 12:13:38AM +0200, Adam Borowski wrote:
> > Instead of checking the mode of the file descriptor, let's check whether it
> > could have been opened rw.  This allows fixing intermittent exec failures
> > when deduping a live system: anyone trying to exec a file currently being
> > deduped gets ETXTBSY.
> > 
> > Issuing this ioctl on a ro file was already allowed for root/cap.
> > 
> > Tested on btrfs and not-yet-merged xfs, as only them implement this ioctl.
> > 
> > Signed-off-by: Adam Borowski <kilobyte@angband.pl>
> 
> Could you please send an xfstest to test this aspect of the dedupe ioctl?

(Sorry for a late answer, at the time I kept thinking about possible other
tests.)

It looks like I don't see an appropriate test here.  The reason is, while
the intermittent failures can be reliably reproduced, they're not caused by
this ioctl but its prerequisite -- ie, needing the file open rw, and that
causing EXTXBSY on exec is expected and correct.

So what else could be tested?  Not general operation of FIDEDUPERANGE -- it
already has adequate tests.

As for this very change, ie, being able to dedupe with O_RDONLY:
1. it's in vfs rather than individual fs drivers, thus is unlikely to
   regress or fail to account for bugs in a new driver
2. the code to open the file lives in xfs_io in xfsprogs rather than
   fstests, thus changing it would need careful coordination between
   the two
On the other hand, once this commit gets merged, it'd be trivial to change
xfsprogs to do:
   open(..., (kernel version >= 4.9)?O_RDONLY:O_RDWR);
which would make all existing tests also guard against regressions in the
positive permissions case.


Meow!
-- 
A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, 1kg
raspberries, 0.4kg sugar; put into a big jar for 1 month.  Filter out and
throw away the fruits (can dump them into a cake, etc), let the drink age
at least 3-6 months.