Badari Pulavarty <[EMAIL PROTECTED]> wrote: > > On Wed, 2005-03-09 at 11:53, Andrew Morton wrote: > > Suparna Bhattacharya <[EMAIL PROTECTED]> wrote: > > > > > > > Solaris, which does forcedirectio as a mount option, actually > > > > will do buffered I/O on the trailing part. Consider it like a bounce > > > > buffer. That way they don't DMA the trailing data and succeed the I/O. > > > > The I/O returns actual bytes till EOF, just like read(2) is supposed > > > to. > > > > Either this or a fully DMA'd number 4 is really what we should > > > > do. If security can only be solved via a bounce buffer, who cares? If > > > > the user created themselves a non-aligned file to open O_DIRECT, that's > > > > their problem if the last part-sector is negligably slower. > > > > > > If writes/truncates take care of zeroing out the rest of the sector > > > on disk, might we still be OK without having to do the bounce buffer > > > thing ? > > > > We can probably rely on the rest of the sector outside i_size being zeroed > > anyway. Because if it contains non-zero gunk then the fs already has a > > problem, and the user can get at that gunk with an expanding truncate and > > mmap() anyway. > > > > Rest of the sector or rest of the block ?
The filesystem-sized block (1<<i_blkbits) which straddles i_size should have zeroes outside i_size. There's one situation where it might not be zeroed out, and that's when the final page is mapped MAP_SHARED and the application modifies that page outside i_size while writeout is actually in flight. We can't do much about that. > Are you implying that, we > already do this, so there is no problem reading beyond EOF to user > buffer ? Or we need to zero out the userbuffer beyond EOF ? It should be acceptable to assume that the final (1<<i_blkbits) block of the file contains zeroes outside i_size. And if it doesn't contain those zeroes, well, applications are able to read that data already. Although I wouldn't count that as a security hole: that data is something which an application wrote there while writing the file, rather than being left-over uncontrolled stuff. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
