On Thu, Dec 07, 2017 at 08:39:37PM +0800, Al Viro wrote: > On Thu, Dec 07, 2017 at 10:46:22AM +0800, 穆阿浩(姜弋) wrote: > > This issue is found when creating /dev/sdtest with flags (O_CREAT | > > O_DIRECT). The file still can be retrieved even after system reports > > failure (-EINVAL) for it. Reporting error on creating the file is > > correct behaviour because either devtmpfs or tmpfs doesn't support > > O_DIRECT for regular file. However, it's incorrect that the file is > > still existing. The cause is the newly allocated dentry and inode > > aren't released on failure in do_last(). > > > # rm /dev/sdtest > > # dd if=/dev/urandom of=/dev/sdtest bs=4k count=1 oflag=direct > > <-EINVAL is returned> > > # ls /dev/sdtest > > <File is still existing> > > > > This fixes the issue by releasing the dentry, thus the inode on failure > > in do_last(). With this applied, the file (/dev/sdtest) isn't seen > > in this scenario. > > > + if (error && (*opened & FILE_OPENED)) > > + dput(path.dentry); > > NAK. For one thing, it's racy as hell even on tmpfs - plain open() > from another process would've succeeded in that window. For another, > it's outright exploitable on filesystems where dentry tree does not > contain all the existing directory tree (anything disk-based, for > starters). Al, thanks for your reply. Another approach would be passing the flag O_DIRECT to struct inode_operations::create(). The specific filesystem rejects to create the inode if O_DIRECT isn't supported there. I can send patches for review if you think it's reasonable. Cheers, Gavin
