* [PATCH] fs: make generic_block_fiemap sig-tolerant @ 2014-10-17 13:24 Dmitry Monakhov 2014-12-02 14:43 ` [PATCH] fs: make generic_block_fiemap sig-tolerant PING Dmitry Monakhov 0 siblings, 1 reply; 7+ messages in thread From: Dmitry Monakhov @ 2014-10-17 13:24 UTC (permalink / raw) To: linux-kernel; +Cc: Dmitry Monakhov __generic_block_fiemap may spin very long time for large sparse files. Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> --- fs/ioctl.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/fs/ioctl.c b/fs/ioctl.c index 8ac3fad..6fbeb68 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode, past_eof = true; } cond_resched(); + if (fatal_signal_pending(current)) { + ret = -EINTR; + break; + } + } while (1); /* If ret is 1 then we just hit the end of the extent array */ -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING... 2014-10-17 13:24 [PATCH] fs: make generic_block_fiemap sig-tolerant Dmitry Monakhov @ 2014-12-02 14:43 ` Dmitry Monakhov 2014-12-10 13:49 ` [PATCH] fs: make generic_block_fiemap sig-tolerant PING2 Dmitry Monakhov 0 siblings, 1 reply; 7+ messages in thread From: Dmitry Monakhov @ 2014-12-02 14:43 UTC (permalink / raw) To: linux-kernel; +Cc: Andrew Morton [-- Attachment #1: Type: text/plain, Size: 964 bytes --] Andrew can you please get this patch. IMHO it is simple and clean. BTW: W/o patch unprivileged may abuse system resources simply by spawning wast number of unkilable busyloops (works on ext2/ext3): truncate --size 1T test for ((i=0;i<1024;i++)) do filefrag test > /dev/null & done > __generic_block_fiemap may spin very long time for large sparse files. > > Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> > --- > fs/ioctl.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/fs/ioctl.c b/fs/ioctl.c > index 8ac3fad..6fbeb68 100644 > --- a/fs/ioctl.c > +++ b/fs/ioctl.c > @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode, > past_eof = true; > } > cond_resched(); > + if (fatal_signal_pending(current)) { > + ret = -EINTR; > + break; > + } > + > } while (1); > > /* If ret is 1 then we just hit the end of the extent array */ > -- > 1.7.1 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 472 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2... 2014-12-02 14:43 ` [PATCH] fs: make generic_block_fiemap sig-tolerant PING Dmitry Monakhov @ 2014-12-10 13:49 ` Dmitry Monakhov 2014-12-18 23:12 ` Andrew Morton 0 siblings, 1 reply; 7+ messages in thread From: Dmitry Monakhov @ 2014-12-10 13:49 UTC (permalink / raw) To: linux-kernel; +Cc: Andrew Morton, ext4 development, Theodore Ts'o, Al Viro [-- Attachment #1: Type: text/plain, Size: 1106 bytes --] Hello. Someone please take care of this patch. W/o that patch unprivileged user may abuse system resources simply by spawning wast number of unkilable busyloops (works on ext2/ext3): truncate --size 1T test for ((i=0;i<1024;i++)) do filefrag test > /dev/null & done Dmitry Monakhov <dmonakhov@openvz.org> writes: > Andrew can you please get this patch. IMHO it is simple and clean. > BTW: > >> __generic_block_fiemap may spin very long time for large sparse files. >> >> Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> >> --- >> fs/ioctl.c | 5 +++++ >> 1 files changed, 5 insertions(+), 0 deletions(-) >> >> diff --git a/fs/ioctl.c b/fs/ioctl.c >> index 8ac3fad..6fbeb68 100644 >> --- a/fs/ioctl.c >> +++ b/fs/ioctl.c >> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode, >> past_eof = true; >> } >> cond_resched(); >> + if (fatal_signal_pending(current)) { >> + ret = -EINTR; >> + break; >> + } >> + >> } while (1); >> >> /* If ret is 1 then we just hit the end of the extent array */ >> -- >> 1.7.1 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 472 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2... 2014-12-10 13:49 ` [PATCH] fs: make generic_block_fiemap sig-tolerant PING2 Dmitry Monakhov @ 2014-12-18 23:12 ` Andrew Morton 2014-12-19 9:13 ` Dmitry Monakhov 0 siblings, 1 reply; 7+ messages in thread From: Andrew Morton @ 2014-12-18 23:12 UTC (permalink / raw) To: Dmitry Monakhov Cc: linux-kernel, ext4 development, Theodore Ts'o, Al Viro, Michael Kerrisk On Wed, 10 Dec 2014 16:49:18 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote: > > Hello. Someone please take care of this patch. > > W/o that patch unprivileged user may abuse system resources simply by spawning > wast number of unkilable busyloops (works on ext2/ext3): > > truncate --size 1T test > for ((i=0;i<1024;i++)) > do > filefrag test > /dev/null & > done > > >> --- a/fs/ioctl.c > >> +++ b/fs/ioctl.c > >> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode, > >> past_eof = true; > >> } > >> cond_resched(); > >> + if (fatal_signal_pending(current)) { > >> + ret = -EINTR; > >> + break; > >> + } > >> + > >> } while (1); > >> Is FIEMAP documented anywhere (manpage)? If so, that will need an update. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2... 2014-12-18 23:12 ` Andrew Morton @ 2014-12-19 9:13 ` Dmitry Monakhov 2014-12-19 21:33 ` Andrew Morton 0 siblings, 1 reply; 7+ messages in thread From: Dmitry Monakhov @ 2014-12-19 9:13 UTC (permalink / raw) To: Andrew Morton Cc: linux-kernel, ext4 development, Theodore Ts'o, Al Viro, Michael Kerrisk [-- Attachment #1.1: Type: text/plain, Size: 1052 bytes --] Andrew Morton <akpm@linux-foundation.org> writes: > On Wed, 10 Dec 2014 16:49:18 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote: > >> >> Hello. Someone please take care of this patch. >> >> W/o that patch unprivileged user may abuse system resources simply by spawning >> wast number of unkilable busyloops (works on ext2/ext3): >> >> truncate --size 1T test >> for ((i=0;i<1024;i++)) >> do >> filefrag test > /dev/null & >> done >> >> >> --- a/fs/ioctl.c >> >> +++ b/fs/ioctl.c >> >> @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode, >> >> past_eof = true; >> >> } >> >> cond_resched(); >> >> + if (fatal_signal_pending(current)) { >> >> + ret = -EINTR; >> >> + break; >> >> + } >> >> + >> >> } while (1); >> >> > > Is FIEMAP documented anywhere (manpage)? If so, that will need an > update. Yes you right. I just thought that it is assumed by default. The only place I know is Documentation/filesystems/fiemap.txt Please fold patch attached to original one. [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 472 bytes --] [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-doc-fimemap-update-signal-behaviour.patch --] [-- Type: text/x-diff, Size: 936 bytes --] >From f7af425b2ac920065491a478b4f4359f422b3453 Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov <dmonakhov@openvz.org> Date: Fri, 19 Dec 2014 13:11:29 +0400 Subject: [PATCH] doc: fimemap update signal behaviour Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> --- Documentation/filesystems/fiemap.txt | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/Documentation/filesystems/fiemap.txt b/Documentation/filesystems/fiemap.txt index 1b805a0..f6d9c99 100644 --- a/Documentation/filesystems/fiemap.txt +++ b/Documentation/filesystems/fiemap.txt @@ -196,7 +196,8 @@ struct fiemap_extent_info { }; It is intended that the file system should not need to access any of this -structure directly. +structure directly. Filesystem handlers should be tolerant to signals and return +EINTR once fatal signal received. Flag checking should be done at the beginning of the ->fiemap callback via the -- 1.7.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2... 2014-12-19 9:13 ` Dmitry Monakhov @ 2014-12-19 21:33 ` Andrew Morton 2014-12-19 23:38 ` Andreas Dilger 0 siblings, 1 reply; 7+ messages in thread From: Andrew Morton @ 2014-12-19 21:33 UTC (permalink / raw) To: Dmitry Monakhov Cc: linux-kernel, ext4 development, Theodore Ts'o, Al Viro, Michael Kerrisk On Fri, 19 Dec 2014 12:13:50 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote: > --- a/Documentation/filesystems/fiemap.txt > +++ b/Documentation/filesystems/fiemap.txt > @@ -196,7 +196,8 @@ struct fiemap_extent_info { > }; > > It is intended that the file system should not need to access any of this > -structure directly. > +structure directly. Filesystem handlers should be tolerant to signals and return > +EINTR once fatal signal received. Thanks. I was concerned about userspace effects and back-compatibility issues, because I'd misread fatal_signal_pending() as signal_pending(). Because it uses fatal_signal_pending(), the effects of this change should be indiscernible to userspace, yes? I'm now wondering if the above doc update is unneeded and incorrect. Is it likely that the fs handler (fiemap_fill_next_extent) will ever consume a large amount of time? If not then we can leave the logic in __generic_block_fiemap() and not bother callees. The fix only addresses filesystems which use generic_block_fiemap(). Presumably ocfs2, btrfs, nilfs2, lustre and xfs remain vulnerable to the problem you identified? ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] fs: make generic_block_fiemap sig-tolerant PING2... 2014-12-19 21:33 ` Andrew Morton @ 2014-12-19 23:38 ` Andreas Dilger 0 siblings, 0 replies; 7+ messages in thread From: Andreas Dilger @ 2014-12-19 23:38 UTC (permalink / raw) To: Andrew Morton Cc: Dmitry Monakhov, linux-kernel, ext4 development, Theodore Ts'o, Al Viro, Michael Kerrisk On Dec 19, 2014, at 2:33 PM, Andrew Morton <akpm@linux-foundation.org> wrote: > > On Fri, 19 Dec 2014 12:13:50 +0300 Dmitry Monakhov <dmonakhov@openvz.org> wrote: > >> --- a/Documentation/filesystems/fiemap.txt >> +++ b/Documentation/filesystems/fiemap.txt >> @@ -196,7 +196,8 @@ struct fiemap_extent_info { >> }; >> >> It is intended that the file system should not need to access any of this >> -structure directly. >> +structure directly. Filesystem handlers should be tolerant to signals and return >> +EINTR once fatal signal received. > > Thanks. I was concerned about userspace effects and back-compatibility > issues, because I'd misread fatal_signal_pending() as signal_pending(). > > Because it uses fatal_signal_pending(), the effects of this change > should be indiscernible to userspace, yes? > > I'm now wondering if the above doc update is unneeded and incorrect. > Is it likely that the fs handler (fiemap_fill_next_extent) will ever > consume a large amount of time? If not then we can leave the logic in > __generic_block_fiemap() and not bother callees. > > > > The fix only addresses filesystems which use generic_block_fiemap(). > Presumably ocfs2, btrfs, nilfs2, lustre and xfs remain vulnerable to > the problem you identified? I don't think they are - those filesystems generate the FIEMAP mapping by walking the extent tree directly, while the "compat" code for block based filesystems are (or were) essentially walking every possible block offset to see if there was anything mapped at that position. Cheers, Andreas ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-12-19 23:39 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-10-17 13:24 [PATCH] fs: make generic_block_fiemap sig-tolerant Dmitry Monakhov 2014-12-02 14:43 ` [PATCH] fs: make generic_block_fiemap sig-tolerant PING Dmitry Monakhov 2014-12-10 13:49 ` [PATCH] fs: make generic_block_fiemap sig-tolerant PING2 Dmitry Monakhov 2014-12-18 23:12 ` Andrew Morton 2014-12-19 9:13 ` Dmitry Monakhov 2014-12-19 21:33 ` Andrew Morton 2014-12-19 23:38 ` Andreas Dilger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).