xfs
[Top] [All Lists]

Re: [RFC] add FIEMAP ioctl to efficiently map file allocation

To: David Chinner <dgc@xxxxxxx>
Subject: Re: [RFC] add FIEMAP ioctl to efficiently map file allocation
From: Anton Altaparmakov <aia21@xxxxxxxxx>
Date: Wed, 2 May 2007 09:16:04 +0100
Cc: linux-ext4@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, xfs@xxxxxxxxxxx, hch@xxxxxxxxxxxxx
In-reply-to: <20070502000654.GK77450368@melbourne.sgi.com>
References: <20070412110550.GM5967@schatzie.adilger.int> <20070416112252.GJ48531920@melbourne.sgi.com> <20070419002139.GK5967@schatzie.adilger.int> <20070419015426.GM48531920@melbourne.sgi.com> <20070430224401.GX5967@schatzie.adilger.int> <20070501042254.GD77450368@melbourne.sgi.com> <1FA8E92B-954D-4624-A089-80D4AA7399FD@cam.ac.uk> <20070502000654.GK77450368@melbourne.sgi.com>
Sender: xfs-bounce@xxxxxxxxxxx
On 2 May 2007, at 01:06, David Chinner wrote:
On Tue, May 01, 2007 at 07:37:20PM +0100, Anton Altaparmakov wrote:
On 1 May 2007, at 05:22, David Chinner wrote:
On Mon, Apr 30, 2007 at 04:44:01PM -0600, Andreas Dilger wrote:
 The FIBMAP ioctl is for privileged users
 only, and I wonder if FIEMAP should be the same, or at least
disallow
 mapping files that the user can't access especially with
FLAG_SYNC and/or
 FLAG_HSM_READ.

I see little reason for restricting FI[BE]MAP to privileged users - anyone should be able to determine if files they have permission to access are fragmented.

Allowing anyone to run FI[BE]MAP creates potential for DOS-ing the machine. Perhaps for non-privileged users FIEMAP has to be read- only? As soon as any of the FLAG_* flags come into play you make it privileged. For example fancy any user being able to fill up your file system by calling FIEMAP with FLAG_HSM_READ on all files recursively?

By that reasoning, users should not be allowed to recall any files without root privileges. HSMs don't work that way, though - any user is allowed to recall any files they have permission to access either by manual command or by trying to read the file daata.

If that runs the filesytem out of space, then the HSM either hasn't
been configured properly or it's failed to manage the space
correctly. Either way, that's not the fault of the user for
recalling their own files.

Hence allowing FIEMAP to be executed by the user does not open up
any DOS conditions that don't already exist in normal HSM-managed
filesystem.

Sorry, it was not a great example. But the point still stands that there are/may be created flags that you do not want to allow everyone to use.


I completely agree with Andreas that those can simply return -EPERM and the rest can be allowed through.

Best regards,

        Anton
--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer, http://www.linux-ntfs.org/



<Prev in Thread] Current Thread [Next in Thread>