On Wed, Jan 10, 2024 at 02:43:04PM +0100, Miklos Szeredi wrote: > On Thu, 21 Dec 2023 at 04:09, Ahelenia Ziemiańska > <nabijaczleweli@xxxxxxxxxxxxxxxxxx> wrote: > > Potentially-blocking splice_reads are allowed for normal filesystems > > like NFS because they're blessed by root. > > > > FUSE is commonly used suid-root, and allows anyone to trivially create > > a file that, when spliced from, will just sleep forever with the pipe > > lock held. > > > > The only way IPC to the fusing process could be avoided is if > > !(ff->open_flags & FOPEN_DIRECT_IO) and the range was already cached > > and we weren't past the end. Just refuse it. > How is this not going to cause regressions out there? In "[PATCH v2 14/11] fuse: allow splicing to trusted mounts only" splicing is re-enabled for mounts made by the real root. > We need to find an alternative to refusing splice, since this is not > going to fly, IMO. The alternative is to not hold the lock. See the references in the cover letter for why this wasn't done. IMO a potential slight perf hit flies more than a total exclusion on the pipe.
Attachment:
signature.asc
Description: PGP signature
