Re: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE
From: Jeff Layton <jlayton@kernel.org>
Date: 2021-08-20 12:55:04
Also in:
linux-api, linux-fsdevel, linux-mm, lkml
Possibly related (same subject, not in this thread)
- 2021-09-01 · Re: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE · David Hildenbrand <hidden>
- 2021-08-27 · Re: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE · Eric W. Biederman <hidden>
- 2021-08-27 · Re: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE · Christian Brauner <hidden>
- 2021-08-27 · RE: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE · David Laight <hidden>
- 2021-08-26 · Re: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE · Eric W. Biederman <hidden>
On Thu, 2021-08-19 at 10:33 -0400, J. Bruce Fields wrote:
On Thu, Aug 19, 2021 at 08:56:52AM -0500, Eric W. Biederman wrote:quoted
bfields@fieldses.org (J. Bruce Fields) writes:quoted
On Fri, Aug 13, 2021 at 05:49:19PM -0700, Andy Lutomirski wrote:quoted
I’ll bite. How about we attack this in the opposite direction: remove the deny write mechanism entirely.For what it's worth, Windows has open flags that allow denying read or write opens. They also made their way into the NFSv4 protocol, but knfsd enforces them only against other NFSv4 clients. Last I checked, Samba attempted to emulate them using flock (and there's a comment to that effect on the flock syscall in fs/locks.c). I don't know what Wine does. Pavel Shilovsky posted flags adding O_DENY* flags years ago: https://lwn.net/Articles/581005/ I keep thinking I should look back at those some day but will probably never get to it. I've no idea how Windows applications use them, though I'm told it's common.I don't know in any detail. I just have this memory of not being able to open or do anything with a file on windows while any application has it open. We limit mandatory locks to filesystems that have the proper mount flag and files that are sgid but are not executable. Reusing that limit we could probably allow such a behavior in Linux without causing chaos.I'm pretty confused about how we're using the term "mandatory locking". The locks you're thinking of are basically ordinary posix byte-range locks which we attempt to enforce as mandatory under certain conditions (e.g. in fs/read_write.c:rw_verify_area). That means we have to check them on ordinary reads and writes, which is a pain in the butt. (And we don't manage to do it correctly--the code just checks for the existence of a conflicting lock before performing IO, ignoring the obvious time-of-check/time-of-use race.)
Yeah, the locks we're talking about are the locks described in:
Documentation/filesystems/mandatory-locking.rst
They've always been racy. You have to mount the fs with '-o mand' and
set a special mode on the file (setgid bit set, with group execute bit
cleared). It's a crazypants interface.
This has nothing to do with Windows share locks which from what I understand are whole-file locks that are only enforced against opens.
Yep. Those are different. Confusingly, there is also LOCK_MAND|LOCK_READ|LOCK_WRITE for flock(), which are purported to be for emulating Windows share modes. They aren't really mandatory though.
--b.quoted
Without being very strict about which files can participate I can just imagine someone hiding their presence by not allowing other applications the ability to write to utmp or a log file. In the windows world where everything evolved with those kinds of restrictions it is probably fine (although super annoying). Eric
-- Jeff Layton [off-list ref]