>FYI, here is a chunk of our conversation - I just realized that most of it
>was private with AV and Linus so it is reasonable that you didn't see it.
Thanks for mailing me this. Well, I would have actually preferred to
take part in this discussion when it first took place, rather than
learning about it more than a month later. But hey, better late then
never.
>---------- Forwarded message ----------
>Date: Sun, 6 Aug 2000 22:45:44 -0400 (EDT)
>From: Alexander Viro <aviro@redhat.com>
>To: Linus Torvalds <torvalds@transmeta.com>
>Cc: Tigran Aivazian <tigran@veritas.com>, Alexander Viro <aviro@redhat.com>
>Subject: Re: bug in blkdev <-> VFS interaction. (oops) (fwd)
>
>On Sun, 6 Aug 2000, Linus Torvalds wrote:
>
>> So this is why I suggested moving the blkdev_get() into read_super(): at
>> that point root mounting actually has enough information to create a
>> "good" fake inode (ie it has the superblock pointer that we are going to
>> mount on).
>>
>> Yes, it will still be a fake inode, it will just be slightly less fake,
>> and now the fake inode is restricted to only happen at root mount time.
>
>Linus, I think that the real cure is different. Ask yourself "WTF does
>floppy_open() call permission() at all?". Look at the code:
>
> /* Allow ioctls if we have write-permissions even if read-only open */
> if ((filp->f_mode & 2) || (permission(inode,2) == 0))
> filp->f_mode |= IOCTL_MODE_BIT;
>
>It is obviously bogus: if the program wants to do them - let it open device
>for write. Then the check in question will happen where it belongs.
Well, if you (A. Viro) would have bothered to ASK, I could have told
you the reason for this test right away: you cannot open a
write-protected floppy disk for writing, however you might still want
to issue ioctls that need "privileged" access to it. With your patch,
there is no way of reading an XDF disk if it is write protected.
Moreover, on a normal open, the floppy driver attempts a test read to
do format autodetecting. Obviously, this is unappropriate for certain
operations, such as formatting a disk, hence you need a way to open
for neither read/write but still have the appropriate permission
check.
>In other words, let's remove the dungpile instead of trying to build a bridge
>over it.
Oh, thanks so much for your kind words. Why are you so quick to assume
that your fellow developers do "obviously bogus" stuff, rather than
just ASKING them why they wrote a certain piece of code? My e-mail
address was not exactly hard to find, was it?
Ok, now let's move on to some constructive problem solving: wouldn't
it be possible to tag the fake inode in a certain way, so as to make
it clear that it is indeed a fake inode? That way, I could do sth like
the following:
if ((filp->f_mode & 2) ||
(!IS_FAKE(inode) &&(permission(inode,2) == 0)))
filp->f_mode |= IOCTL_MODE_BIT;
>From your other mail, I understand that these fake inodes only happen
for mounting the root filesystem: in that situation, you don't need to
perform ioctls anyways, so no problem forgetting the IOCTL_MODE_BIT
for this situation.
> Cheers,
> Al
>
>
Alain
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 21:00:12 EST