From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CBE3C48BD5 for ; Tue, 25 Jun 2019 20:37:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C89B6208CA for ; Tue, 25 Jun 2019 20:37:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=dilger-ca.20150623.gappssmtp.com header.i=@dilger-ca.20150623.gappssmtp.com header.b="i0tlux+8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726761AbfFYUhn (ORCPT ); Tue, 25 Jun 2019 16:37:43 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:43818 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726393AbfFYUhn (ORCPT ); Tue, 25 Jun 2019 16:37:43 -0400 Received: by mail-pl1-f195.google.com with SMTP id cl9so67179plb.10 for ; Tue, 25 Jun 2019 13:37:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dilger-ca.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=k9wVBI3MNSxJVQhODLuSRbOf+SmT1l1K5RRF5+DdhGM=; b=i0tlux+8FNEu0ugkEvUUlD4zKy+jo4LmPTngoA6r4KZwHDBk4l5v9aHPUQEnX49/5g z/5lU03hiGUesQ1zP/lPDO/M9fU515Y8oNEl0EKjwdC7dNyZmZQEQEJzGU548pSrAizw AlBCGdOUNg8gVK9FeesIiFWJzJ6YbgT5nrsBvzAUmh99yf7q8hQlgwIm8HPdOmToZugA nEmrM6blVwgyo7dN5eFPje1f1HwAtA+5XwodCP1ntkD5mvR/FwjSqB5AJn7YMTtfEeor 5bhYLcubsCaGOlgF0onarHD40ER7JyKcO4a/eslTTHQKCN3GB1Tra4WgBV7T6KYa0chE ps9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=k9wVBI3MNSxJVQhODLuSRbOf+SmT1l1K5RRF5+DdhGM=; b=bxSHaqrsbgsJ5UMAPcd9k5/DBM/nBt+rJZHQoKmTmgSNtiVQY+p+EmPfhglZWEubFX WO/Y5fw0mL9ppYX5l9yLBtEctYiOFcEzWDlVpR7d8IR5TG9CF8wUbt//T/1Uh5XaGcGV ECBH7ZY4UwgsuxGUcAPJVu3HIJI1FKnhaJQvydWdS6rwrYyG9Fm90PaCwrqifcMlE11c PhGb8Nia+CldKhuYoznCjkg+C45LVBZJ21vUzKN2gCG56ly8G1ZTM7jNM4oaYOJTGAxW HGTpLmqAcDVKBPh1BlQ6tKknZgmvRzmavS3lTtknf9/YIbdXvbI+dRp0Sp8hF3zKYnuG iNLw== X-Gm-Message-State: APjAAAVwkUC1iWl3DTXWFdGSMafUiVRaDkiC2p7DIp7j/JfWVxgprEQI DeReDTafpjp2sI6KbnYDNMIlxA== X-Google-Smtp-Source: APXvYqxrr/uL0yeWv0l0AFEkJ0fiuFxZszwvIRMBTgsPNJXwasc7ZXW/q9+Il/kiADkCo486i0NA9w== X-Received: by 2002:a17:902:f216:: with SMTP id gn22mr690564plb.118.1561495062448; Tue, 25 Jun 2019 13:37:42 -0700 (PDT) Received: from cabot.adilger.ext (S0106a84e3fe4b223.cg.shawcable.net. [70.77.216.213]) by smtp.gmail.com with ESMTPSA id m4sm4145961pff.108.2019.06.25.13.37.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Jun 2019 13:37:41 -0700 (PDT) From: Andreas Dilger Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_D22B91A1-39DB-42F5-937D-A1034700DAE0"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [PATCH v4 0/7] vfs: make immutable files actually immutable Date: Tue, 25 Jun 2019 14:37:37 -0600 In-Reply-To: <20190625180326.GC2230847@magnolia> Cc: Christoph Hellwig , matthew.garrett@nebula.com, yuchao0@huawei.com, Theodore Ts'o , ard.biesheuvel@linaro.org, Josef Bacik , Chris Mason , Alexander Viro , Jan Kara , dsterba@suse.com, Jaegeuk Kim , jk@ozlabs.org, reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, Linux List Kernel Mailing , linux-f2fs-devel@lists.sourceforge.net, linux-xfs , linux-mm , linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel , Ext4 Developers List , linux-btrfs To: "Darrick J. Wong" References: <156116141046.1664939.11424021489724835645.stgit@magnolia> <20190625103631.GB30156@infradead.org> <20190625180326.GC2230847@magnolia> X-Mailer: Apple Mail (2.3273) Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Archived-At: List-Archive: List-Post: --Apple-Mail=_D22B91A1-39DB-42F5-937D-A1034700DAE0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Jun 25, 2019, at 12:03 PM, Darrick J. Wong = wrote: >=20 > On Tue, Jun 25, 2019 at 03:36:31AM -0700, Christoph Hellwig wrote: >> On Fri, Jun 21, 2019 at 04:56:50PM -0700, Darrick J. Wong wrote: >>> Hi all, >>>=20 >>> The chattr(1) manpage has this to say about the immutable bit that >>> system administrators can set on files: >>>=20 >>> "A file with the 'i' attribute cannot be modified: it cannot be = deleted >>> or renamed, no link can be created to this file, most of the file's >>> metadata can not be modified, and the file can not be opened in = write >>> mode." >>>=20 >>> Given the clause about how the file 'cannot be modified', it is >>> surprising that programs holding writable file descriptors can = continue >>> to write to and truncate files after the immutable flag has been = set, >>> but they cannot call other things such as utimes, fallocate, unlink, >>> link, setxattr, or reflink. >>=20 >> I still think living code beats documentation. And as far as I can >> tell the immutable bit never behaved as documented or implemented >> in this series on Linux, and it originated on Linux. >=20 > The behavior has never been consistent -- since the beginning you can > keep write()ing to a fd after the file becomes immutable, but you = can't > ftruncate() it. I would really like to make the behavior consistent. > Since the authors of nearly every new system call and ioctl since the > late 1990s have interpreted S_IMMUTABLE to mean "immutable takes = effect > everywhere immediately" I resolved the inconsistency in favor of that > interpretation. >=20 > I asked Ted what he thought that that userspace having the ability to > continue writing to an immutable file, and he thought it was an > implementation bug that had been there for 25 years. Even he thought > that immutable should take effect immediately everywhere. >=20 >> If you want hard cut off style immutable flag it should really be a >> new API, but I don't really see the point. It isn't like the usual >> workload is to set the flag on a file actively in use. >=20 > FWIW Ted also thought that since it's rare for admins to set +i on a > file actively in use we could just change it without forcing everyone > onto a new api. On the flip side, it is possible to continue to write to an open fd after removing the write permission, and this is a problem we've hit in the real world with NFS export, so real applications do this. It may be the same case with immutable files, where an application sets the immutable flag immediately after creation, but continues to write until it closes the file, so that the file can't be modified by other processes, and there isn't a risk that the file is missing the immutable flag if the writing process dies before setting it at the end. Cheers, Andreas --Apple-Mail=_D22B91A1-39DB-42F5-937D-A1034700DAE0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCAAdFiEEDb73u6ZejP5ZMprvcqXauRfMH+AFAl0ShhEACgkQcqXauRfM H+CbrRAAps35LK3poNlahSXPmgZ5tD+3nAlaeG8JU1XTggnEeHdAHY7wdK713thT OumdwU7nj1s+0ngxeUxPU/ZVWyuL2LjugpWEfw8lf0N/16hoTIUPBAe7kXce3jb+ eg72QT36y1srscGQ/95rv/DPfelxzC7WiVYV7ZHIIF2Cq31B34cZ7GF0zpi6oZSH RKioHBOX1Qez1CksvAevhtSGf9e0dF1hNx7gyoVFnGb5V72P7WGGQqWSW4nSJvMe xhzkT0wLU28MioHsIcnqwnZJdvCb66Z1FGvAwsNItELe2tch4JzZjVR5sbq/g0+Q CpDZk350WiKaFzo9m1TO2Eiiog2vS1bqO+hZuwf7jPqcfIa6Tu9BdCx9U/bKp/rN sEtDj+p4qnjTCX2ggozPxye92wzhbF2o25jjoofBh9x9ShQ3GAc/gaTxcR9fpuWJ UmMwXwKMVXP/kvBaclrbz/zxaeo3ga7z3mFGgzxU6we9M5x1Lo+ppFxRpEPMIVkW LUEIQ4emE6yqzOWLWH6iPnxly9Jtzye3jsiq6s7RPPUGHn1/SCdhVZG130vKEpkC IcSmmJGlhPcI8wJ5/gwhAoxm9yLa+t0oH/Y6HUoNc722A3sCVRV5JWoHuK9MKBDK IPKKud+iKoNON0zr28k4iNyK1XAO+7yAqjfBAmdm0grbW/nItxg= =YBbV -----END PGP SIGNATURE----- --Apple-Mail=_D22B91A1-39DB-42F5-937D-A1034700DAE0--