Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 756309

Summary: extN: new file created even if open(2) returned -EPERM
Product: Red Hat Enterprise Linux 5 Reporter: Eryu Guan <eguan>
Component: kernelAssignee: Eric Sandeen <esandeen>
Status: CLOSED ERRATA QA Contact: Petr Beňas <pbenas>
Severity: low Docs Contact:
Priority: unspecified    
Version: 5.8CC: dchinner, esandeen, huazhang, lczerner, pbenas, pstehlik, rwheeler, zab
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-2.6.18-362.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 749117 Environment:
Last Closed: 2013-10-01 00:19:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 749117    
Bug Blocks:    

Description Eryu Guan 2011-11-23 08:32:43 UTC 
clone to track this issue on rhel5 kernel

+++ This bug was initially created as a clone of Bug #749117 +++

Description of problem:
In an append only dir, a open(2) call without O_RDONLY and O_APPEND will return -EPERM, but after the call new file is created.

Version-Release number of selected component (if applicable):
kernel-2.6.32-211.el6

How reproducible:
100%

Steps to Reproduce:
1. mkdir /mnt/ext4/append-only
2. chattr +a /mnt/ext4/append-only
3. ./test /mnt/ext4/append-only/testfile (touch /mnt/ext4/append-only/testfile will also work, but touch won't return error, you have to strace touch and search for open, it returns -EPERM)

# cat test.c
#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <errno.h>

int main(int argc, char *argv[])
{
        int fd;
        fd = open(argv[1], O_RDWR|O_CREAT, 0666);
        if (fd == -1)
                perror("open failed");
        exit(errno);
}
  
Actual results:
[root@fstest xfstests]# mkdir -p /mnt/ext4/append-only
[root@fstest xfstests]# chattr +a /mnt/ext4/append-only
[root@fstest xfstests]# lsattr /mnt/ext4/
--------------- /mnt/ext4/lost+found
-----a-------e- /mnt/ext4/append-only
[root@fstest xfstests]# ./test /mnt/ext4/append-only/testfile
open failed: Operation not permitted
[root@fstest xfstests]# ls -l /mnt/ext4/append-only/testfile
-rw-r--r--. 1 root root 0 Oct 26 16:07 /mnt/ext4/append-only/testfile
[root@fstest xfstests]# lsattr /mnt/ext4/append-only/testfile
-----a-------e- /mnt/ext4/append-only/testfile

Expected results:
open(2) return success or new file is not created at all

Additional info:
xfs will create new file with no problem
btrfs will fail too

Not sure if it's really a bug, but some kind of inconsistent

--- Additional comment from pm-rhel on 2011-10-26 04:52:49 EDT ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from eguan on 2011-10-26 05:02:26 EDT ---

I found this by xfstests 079

Running test 079
#! /bin/bash
# FS QA Test No. 079
#
# Run the t_immutable test program for immutable/append-only files.
#
#-----------------------------------------------------------------------
# Copyright (c) 2000-2003 Silicon Graphics, Inc.  All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
FSTYP         -- ext4   
PLATFORM      -- Linux/x86_64 fstest 2.6.32-212.el6.x86_64
MKFS_OPTIONS  -- -b 4096 /dev/sda6
MOUNT_OPTIONS -- -o acl,user_xattr -o context=system_u:object_r:nfs_t:s0 /dev/sda6 /mnt/testarea/scratch

079 1s ... - output mismatch (see 079.out.bad)
--- 079.out     2011-10-20 19:11:39.000000000 +0800
+++ 079.out.bad 2011-10-26 15:13:05.160835493 +0800
@@ -1,7 +1,11 @@
 QA output created by 079
 *** starting up
+open(/mnt/testarea/scratch/079/append-only.d/newfile-0, O_RDWR|O_CREAT, 0666) failed: Operation not permitted
+open(/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0, O_RDWR|O_CREAT, 0666) failed: Operation not permitted
+chmod(/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0, 0700) failed: Operation not permitted
+chown(/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0, 1, 1) failed: Operation not permitted
 testing immutable...PASS.
-testing append-only...PASS.
-testing immutable as non-root...PASS.
-testing append-only as non-root...PASS.
+testing append-only...FAILED! (4 tests failed)
 *** cleaning up
+rm: cannot remove `/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0': Operation not permitted
+rm: cannot remove `/mnt/testarea/scratch/079/append-only.d/newfile-0': Operation not permitted

After some digging, it's because newly created file on extN inherits inode flags from parent directory(ext4_new_inode()), so new inode created in append-only directory has S_APPEND flag set, may_open() called by __open_namei_create checks that flag then returns -EPERM, but at that time the new inode is already created.

It seems xfs inode doesn't inherit APPEND flag from its parent dir, so xfs can pass 079

We can make extN the same behaviour as xfs(don't inherit APPEND flag), or add checking for APPEND in extN_new_inode before really allocating new inode?

--- Additional comment from rwheeler on 2011-10-28 01:31:35 EDT ---

This would be an upstream discussion I think.

--- Additional comment from eguan on 2011-10-29 21:33:19 EDT ---

Seems upstream prefers masking out append and immutable bits from EXTN_FL_INHERITED

http://permalink.gmane.org/gmane.comp.file-systems.ext4/27277
Comment 1 RHEL Program Management 2012-10-30 06:13:52 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 2 Eric Sandeen 2013-04-29 16:43:03 UTC 
commit 1cd9f0976aa4606db8d6e3dc3edd0aca8019372a
Author: Theodore Ts'o <tytso>
Date:   Wed Aug 31 11:54:51 2011 -0400

    ext2,ext3,ext4: don't inherit APPEND_FL or IMMUTABLE_FL for new inodes
    
    This doesn't make much sense, and it exposes a bug in the kernel where
    attempts to create a new file in an append-only directory using
    O_CREAT will fail (but still leave a zero-length file).  This was
    discovered when xfstests #79 was generalized so it could run on all
    file systems.
    
    Signed-off-by: "Theodore Ts'o" <tytso>
    Cc:stable
Comment 3 RHEL Program Management 2013-04-29 16:58:40 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 7 Phillip Lougher 2013-06-24 14:37:00 UTC 
Patch(es) available in kernel-2.6.18-362.el5
You can download this test kernel (or newer) from http://people.redhat.com/plougher/el5/
Detailed testing feedback is always welcomed.
If you require guidance regarding testing, please ask the bug assignee.
Comment 9 Petr Beňas 2013-07-18 08:06:22 UTC 
Reproduced in 2.6.18-361.el5 and verified in 2.6.18-362.el5.
Comment 11 errata-xmlrpc 2013-10-01 00:19:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1348.html