Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp990808rdd;
        Wed, 10 Jan 2024 05:43:40 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEeJdpgy4c1sytnhReVfgxXLHn78atQUw2RRhlHMk+/yWe2GuKmuikEwlgnXk+zYCMpnKK1
X-Received: by 2002:a05:6871:2082:b0:204:334:3337 with SMTP id ry2-20020a056871208200b0020403343337mr665001oab.50.1704894219974;
        Wed, 10 Jan 2024 05:43:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704894219; cv=none;
        d=google.com; s=arc-20160816;
        b=oIbjiYc78tldzz8gFY430iRHPTEOQrqEvV+cDmQXEUIoeMVZHG9OERiMiqEnRQRVV3
         NcwAXz9hgX7b4jFsWEIz+jWCY6AtGi46cFcivdfD4a0eXlKrypXVoxjadpB3sq6obre/
         xifhoi4l9CKPSnlLzGT0dsJhqJDEI0vdHtyFreg5Thrjri14l0mtMsedIWLY4/UGXndw
         +IM+Yw8ujeMLycXuBTfa6QQxnA//6rIVdiHrTUDbyBcAF5k6bIqp18+q38q8VOfsjoU4
         6CiPDHW32s36hZA45zW/ph7DtKs2GoZADRhfpI/sP5UcsNgs8Buca5YG0XfmMx4NfGXo
         YuGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=XxoWcecCZExIIFdN0xtey41fgRaKWC8kWgC6rhb/9dY=;
        fh=YH0PdEzVo1ZlavtWzYIRxIhwpWgIYYBSY2b9i/2TaTQ=;
        b=l3DpFBkakp/AeS8hJ5D1jpQSfJs2RSkPtiADP+OkdWRhEdwVE8NV4vKLJVL5apLGrQ
         X45UJDhF5NlHqKUjGaf7wMIluDvfZSrntmh2BHM9QbnEDi7rKARFd1LT68bMNr4/AbsE
         lH8ZE+7lcDYFEgPKzcykodq8LCJSmDFzScZnUEhHg/BOTIVawjQb110ZgHKZJSkWJmra
         NsHQhY3HNF9nwd/h6abSqMDlkWWPAw3n2PjKHdoliT9fBzaR0TpMn95CTLnsnCnxc4Wh
         774Oc67zSpqnWhLDOhjOESgYyMX8ny/E7yOb6h+aw+MqGNNDvTWxzRl7RIaJ+PTAIebw
         yXxg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@szeredi.hu header.s=google header.b=FvtbhynD;
       spf=pass (google.com: domain of linux-kernel+bounces-22262-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22262-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu
Return-Path: <linux-kernel+bounces-22262-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id 6-20020a630e46000000b005cdbf27fdd1si3749982pgo.684.2024.01.10.05.43.39
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 10 Jan 2024 05:43:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-22262-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@szeredi.hu header.s=google header.b=FvtbhynD;
       spf=pass (google.com: domain of linux-kernel+bounces-22262-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22262-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9DD6328A4B0
	for <linux.lists.archive@gmail.com>; Wed, 10 Jan 2024 13:43:26 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id EA868495CE;
	Wed, 10 Jan 2024 13:43:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=szeredi.hu header.i=@szeredi.hu header.b="FvtbhynD"
Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 450A6495CC
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 13:43:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=szeredi.hu
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=szeredi.hu
Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-a28ee72913aso892425566b.1
        for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 05:43:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google; t=1704894195; x=1705498995; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=XxoWcecCZExIIFdN0xtey41fgRaKWC8kWgC6rhb/9dY=;
        b=FvtbhynDeAZzJAeE4FygbcENptRvCzftVGzuSnYU/AjtGyK/P9cyVoIloJPB0H/Dqa
         PP+8LsVlwLDDm0zpHfYB+LYdsUSTa4dvyN3afb0VdXyLTGTvnHy9P1is2hIQBqNF1p1G
         /zX0/KkjbFxq3fdpq/GovpQAUIBmCxQY3nIyA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704894195; x=1705498995;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=XxoWcecCZExIIFdN0xtey41fgRaKWC8kWgC6rhb/9dY=;
        b=tvt11lJex0WJx8WluHQBLK2AKDopcDK3OEGuRqEW/2c5tzo/xc6G6hAra8WBNp09ca
         CAMIsr7drON3BhP0myTjf9LLKJZ0QmUMCC48gbVGLBl5vON6ZRyXLeqQRegfwBsCxHph
         Vh/mpsMwWYuWqL9gfsmCrshCAoeNPIdO2Dy/okBuxpF7b8G+kR/wIUPlx6yno1x6oj3H
         KMXvzMBeCoXNX29aqQTsq7DK5QZJHtdYQLJ/62zvB31M55TOdFBYP6oCGrPPYmAvf8zh
         M3JP6c3z+br1YUp8XphWY4HsJk2KXtAoThQw7wt3nNh95JeTudHyWfoXPrPerQ7FcpOG
         5P6Q==
X-Gm-Message-State: AOJu0YxN526QiDPUuG8pLIFbvbtiUsAWoblxykkv2wrRfSDgXipJ35O/
	2edFCGAUYio4hYH7/H28qoq8ESwLYKWsR1CDXT8q88oC8fjCIa12Bo/L/SLn
X-Received: by 2002:a17:906:fa85:b0:a2c:dfa:4f6 with SMTP id
 lt5-20020a170906fa8500b00a2c0dfa04f6mr92733ejb.16.1704894195507; Wed, 10 Jan
 2024 05:43:15 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz> <9b5cd13bc9e9c570978ec25b25ba5e4081b3d56b.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
In-Reply-To: <9b5cd13bc9e9c570978ec25b25ba5e4081b3d56b.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Wed, 10 Jan 2024 14:43:04 +0100
Message-ID: <CAJfpegugS1y4Lwznju+qD2K-kBEctxU5ABCnaE2eOGhtFFZUYg@mail.gmail.com>
Subject: Re: [PATCH v2 09/11] fuse: file: limit splice_read to virtiofs
To: =?UTF-8?Q?Ahelenia_Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>, 
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org, 
	Vivek Goyal <vgoyal@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, linux-kernel@vger.kernel.org, 
	virtualization@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 21 Dec 2023 at 04:09, Ahelenia Ziemia=C5=84ska
<nabijaczleweli@nabijaczleweli.xyz> wrote:
>
> Potentially-blocking splice_reads are allowed for normal filesystems
> like NFS because they're blessed by root.
>
> FUSE is commonly used suid-root, and allows anyone to trivially create
> a file that, when spliced from, will just sleep forever with the pipe
> lock held.
>
> The only way IPC to the fusing process could be avoided is if
> !(ff->open_flags & FOPEN_DIRECT_IO) and the range was already cached
> and we weren't past the end. Just refuse it.

How is this not going to cause regressions out there?

We need to find an alternative to refusing splice, since this is not
going to fly, IMO.

Thanks,
Miklos