[RFC PATCH] fs: obtain the inode generation number from vfs directly
Theodore Ts'o
tytso at mit.edu
Wed Aug 28 03:44:38 UTC 2024
On Tue, Aug 27, 2024 at 10:11:48AM -0700, Darrick J. Wong wrote:
>
> But in seriousness, the usual four filesystems return i_generation.
> That is changed every time an inumber gets reused so that anyone with an
> old file handle cannot accidentally open the wrong file. In theory one
> could use GETVERSION to construct file handles (if you do, UHLHAND!)
> instead of using name_to_handle_at, which is why it's dangerous to
> implement GETVERSION for everyone without checking if i_generation makes
> sense.
I believe the primary use case for {FS,EXT4}_IOC_GETVERSION was for
userspace NFS servers to construt file handles.
For file systems that don't store persistent i_generation numbers, I
think it would be absolutely wrong that FS_IOC_GETVERSION to return
zero, or some nonsense random number. The right thing to do would be
to have it return an ENOTTY error if somene tries to call
FS_IOC_GETVERSION on a vfat file system. Otherwise this could lead to
potential user data loss/corruption for users of userspace nfs servers.
- Ted
More information about the Linux-security-module-archive
mailing list