[PATCH v4 6/7] xfs: check that eofblocks ioctl caller can write matched inodes
Dwight Engen
dwight.engen at oracle.com
Mon Jul 22 11:00:07 CDT 2013
On Fri, 19 Jul 2013 16:02:21 +1000
Dave Chinner <david at fromorbit.com> wrote:
[...]
> > diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
> > index d873ab9e..728283a 100644
> > --- a/fs/xfs/xfs_icache.c
> > +++ b/fs/xfs/xfs_icache.c
> > @@ -1247,6 +1247,10 @@ xfs_inode_free_eofblocks(
> > if (!xfs_inode_match_id(ip, eofb))
> > return 0;
> >
> > + if (eofb->eof_flags & XFS_EOF_FLAGS_PERM_CHECK &&
> > + inode_permission(VFS_I(ip), MAY_WRITE))
> > + return 0;
>
> This assumes we are walking fully instantiated VFS inodes. That's
> not necessarily true - we may be walking inodes that have already
> been dropped from the VFS and are waiting for background reclaim to
Hi Dave, in looking at this a bit I don't see how they can be dropped
from the VFS since they are igrab()ed in the flow:
xfs_icache_free_eofblocks
xfs_inode_ag_iterator_tag
xfs_inode_ag_walk
xfs_inode_ag_walk_grab
igrab
and I don't see a way for xfs_inode_free_eofblocks() to be called other
than the ag_walk flow.
If there is a way to get into xfs_inode_free_eofblocks where we can't
use VFS_I(ip) then it will be a problem for the new code in
xfs_inode_match_id() as well.
More information about the xfs
mailing list