On 12/17/2012 09:13 AM, Maxim V. Patlasov wrote:Hi,...
12/15/2012 12:16 AM, Brian Foster ÐÐÑÐÑ:On 12/14/2012 10:21 AM, Maxim V. Patlasov wrote:Conversely, what about the extra error handling bits infuse_do_setattr() performs extra checks that fuse_do_truncate() needn't.+fuse_do_truncate() looks fairly close to fuse_do_setattr(). Is there any
reason we couldn't make fuse_do_setattr() non-static, change the dentry
parameter to an inode and use that?
Some of them are harmless, some not: fuse_allow_task() may return 0 if
task credentials changed. E.g. super-user successfully opened a file,
then setuid(other_user_uid), then write(2) to the file. write(2) doesn't
check uid, but fuse_do_truncate() - via fuse_allow_task() - does.
fuse_do_setattr() that do not appear in fuse_do_truncate() (i.e., the
inode mode check, the change attributes call, updating the inode size,
etc.)? It seems like we would want some of that code here.
fuse_setattr() is the only caller of fuse_do_setattr(), so why not embed
some of the initial checks (such as fuse_allow_task()) there? I suppose
we could pull out some of the error handling checks there as well if
they are considered harmful to this post-write error truncate situation.
FWIW, I just tested a quick change that pulls up the fuse_allow_task()
check (via instrumenting a write error) and it seems to work as
expected. I can forward a patch if interested...