Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753427AbbBCHwk (ORCPT <rfc822;w@1wt.eu>);
	Tue, 3 Feb 2015 02:52:40 -0500
Received: from h1446028.stratoserver.net ([85.214.92.142]:33672 "EHLO
	mail.ahsoftware.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750998AbbBCHwi (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 3 Feb 2015 02:52:38 -0500
Message-ID: <54D07E40.2060509@ahsoftware.de>
Date: Tue, 03 Feb 2015 08:52:32 +0100
From: Alexander Holler <holler@ahsoftware.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Al Viro <viro@ZenIV.linux.org.uk>
CC: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/5] WIP: Add syscall unlinkat_s (currently x86* only)
References: <1422896713-25367-1-git-send-email-holler@ahsoftware.de> <1422896713-25367-2-git-send-email-holler@ahsoftware.de> <20150203060542.GZ29656@ZenIV.linux.org.uk>
In-Reply-To: <20150203060542.GZ29656@ZenIV.linux.org.uk>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2092
Lines: 49

Am 03.02.2015 um 07:05 schrieb Al Viro:
> On Mon, Feb 02, 2015 at 06:05:09PM +0100, Alexander Holler wrote:
>> +	if (inode) {
>> +		// TODO:
>> +		// if (inode is file and 's' flag is set)
>> +		// 	secure = true;
>> +		if (!secure)
>> +			iput(inode);	/* truncate the inode here */
>> +		else {
>> +			struct super_block *sb = inode->i_sb;
>> +			if (sb->s_op->set_secure_delete)
>> +				sb->s_op->set_secure_delete(sb, true);
>> +			// TODO: We should fail if secure isn't supported,
>> +			// look up how that's possible here.
>> +			iput(inode);	/* truncate the inode here */
>> +			// TODO: check if sb is still valid after the inode is gone
>> +			sync_filesystem(sb);
>> +			if (sb->s_op->set_secure_delete)
>> +				sb->s_op->set_secure_delete(sb, false);
>> +		}
>
> Charming.  Now, what exactly happens if two such syscalls overlap in time?
> Moroever, what makes you equate unlink() with inode removal?  What happens
> if you race e.g. with stat(2) on the same thing?  Or if there's an opened
> file over that sucker, for that matter?

Sorry, but I first had to make breakfast after I've got angry about the 
usual arrogance of most Linux kernel maintainers.

I've already answered the first question.

Now to the second. That still might be a problem. But that's why this is 
a RFC, why there is a WIP (Work In Progress) before the patch, why I've 
written I've never looked at those sources before, why I've written they 
are imperfect and why I've written I have not spend much time on these 
patches. I've posted them to show how I think the problem might be 
solved. These patches evolved out of desperation that otherwise users 
have to wait another 30 years until they will be offered a way to really 
delete files.

If the removal is somehow scheduled then, of course, the secure flag has 
to be scheduled too.

Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/