Bug 756309 - extN: new file created even if open(2) returned -EPERM
Summary: extN: new file created even if open(2) returned -EPERM
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.8
Hardware: All
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Eric Sandeen
QA Contact: Petr Beňas
URL:
Whiteboard:
Depends On: 749117
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-23 08:32 UTC by Eryu Guan
Modified: 2015-01-04 23:01 UTC (History)
8 users (show)

Fixed In Version: kernel-2.6.18-362.el5
Doc Type: Bug Fix
Doc Text:
Clone Of: 749117
Environment:
Last Closed: 2013-10-01 00:19:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1348 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 5 kernel update 2013-10-01 00:41:39 UTC

Description Eryu Guan 2011-11-23 08:32:43 UTC 
clone to track this issue on rhel5 kernel

+++ This bug was initially created as a clone of Bug #749117 +++

Description of problem:
In an append only dir, a open(2) call without O_RDONLY and O_APPEND will return -EPERM, but after the call new file is created.

Version-Release number of selected component (if applicable):
kernel-2.6.32-211.el6

How reproducible:
100%

Steps to Reproduce:
1. mkdir /mnt/ext4/append-only
2. chattr +a /mnt/ext4/append-only
3. ./test /mnt/ext4/append-only/testfile (touch /mnt/ext4/append-only/testfile will also work, but touch won't return error, you have to strace touch and search for open, it returns -EPERM)

# cat test.c
#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <errno.h>

int main(int argc, char *argv[])
{
        int fd;
        fd = open(argv[1], O_RDWR|O_CREAT, 0666);
        if (fd == -1)
                perror("open failed");
        exit(errno);
}
  
Actual results:
[root@fstest xfstests]# mkdir -p /mnt/ext4/append-only
[root@fstest xfstests]# chattr +a /mnt/ext4/append-only
[root@fstest xfstests]# lsattr /mnt/ext4/
--------------- /mnt/ext4/lost+found
-----a-------e- /mnt/ext4/append-only
[root@fstest xfstests]# ./test /mnt/ext4/append-only/testfile
open failed: Operation not permitted
[root@fstest xfstests]# ls -l /mnt/ext4/append-only/testfile
-rw-r--r--. 1 root root 0 Oct 26 16:07 /mnt/ext4/append-only/testfile
[root@fstest xfstests]# lsattr /mnt/ext4/append-only/testfile
-----a-------e- /mnt/ext4/append-only/testfile

Expected results:
open(2) return success or new file is not created at all

Additional info:
xfs will create new file with no problem
btrfs will fail too

Not sure if it's really a bug, but some kind of inconsistent

--- Additional comment from pm-rhel on 2011-10-26 04:52:49 EDT ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from eguan on 2011-10-26 05:02:26 EDT ---

I found this by xfstests 079

Running test 079
#! /bin/bash
# FS QA Test No. 079
#
# Run the t_immutable test program for immutable/append-only files.
#
#-----------------------------------------------------------------------
# Copyright (c) 2000-2003 Silicon Graphics, Inc.  All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
FSTYP         -- ext4   
PLATFORM      -- Linux/x86_64 fstest 2.6.32-212.el6.x86_64
MKFS_OPTIONS  -- -b 4096 /dev/sda6
MOUNT_OPTIONS -- -o acl,user_xattr -o context=system_u:object_r:nfs_t:s0 /dev/sda6 /mnt/testarea/scratch

079 1s ... - output mismatch (see 079.out.bad)
--- 079.out     2011-10-20 19:11:39.000000000 +0800
+++ 079.out.bad 2011-10-26 15:13:05.160835493 +0800
@@ -1,7 +1,11 @@
 QA output created by 079
 *** starting up
+open(/mnt/testarea/scratch/079/append-only.d/newfile-0, O_RDWR|O_CREAT, 0666) failed: Operation not permitted
+open(/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0, O_RDWR|O_CREAT, 0666) failed: Operation not permitted
+chmod(/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0, 0700) failed: Operation not permitted
+chown(/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0, 1, 1) failed: Operation not permitted
 testing immutable...PASS.
-testing append-only...PASS.
-testing immutable as non-root...PASS.
-testing append-only as non-root...PASS.
+testing append-only...FAILED! (4 tests failed)
 *** cleaning up
+rm: cannot remove `/mnt/testarea/scratch/079/append-only.d/newdir-0/newfile-0': Operation not permitted
+rm: cannot remove `/mnt/testarea/scratch/079/append-only.d/newfile-0': Operation not permitted

After some digging, it's because newly created file on extN inherits inode flags from parent directory(ext4_new_inode()), so new inode created in append-only directory has S_APPEND flag set, may_open() called by __open_namei_create checks that flag then returns -EPERM, but at that time the new inode is already created.

It seems xfs inode doesn't inherit APPEND flag from its parent dir, so xfs can pass 079

We can make extN the same behaviour as xfs(don't inherit APPEND flag), or add checking for APPEND in extN_new_inode before really allocating new inode?

--- Additional comment from rwheeler on 2011-10-28 01:31:35 EDT ---

This would be an upstream discussion I think.

--- Additional comment from eguan on 2011-10-29 21:33:19 EDT ---

Seems upstream prefers masking out append and immutable bits from EXTN_FL_INHERITED

http://permalink.gmane.org/gmane.comp.file-systems.ext4/27277
Comment 1 RHEL Program Management 2012-10-30 06:13:52 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 2 Eric Sandeen 2013-04-29 16:43:03 UTC 
commit 1cd9f0976aa4606db8d6e3dc3edd0aca8019372a
Author: Theodore Ts'o <tytso>
Date:   Wed Aug 31 11:54:51 2011 -0400

    ext2,ext3,ext4: don't inherit APPEND_FL or IMMUTABLE_FL for new inodes
    
    This doesn't make much sense, and it exposes a bug in the kernel where
    attempts to create a new file in an append-only directory using
    O_CREAT will fail (but still leave a zero-length file).  This was
    discovered when xfstests #79 was generalized so it could run on all
    file systems.
    
    Signed-off-by: "Theodore Ts'o" <tytso>
    Cc:stable
Comment 3 RHEL Program Management 2013-04-29 16:58:40 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 7 Phillip Lougher 2013-06-24 14:37:00 UTC 
Patch(es) available in kernel-2.6.18-362.el5
You can download this test kernel (or newer) from http://people.redhat.com/plougher/el5/
Detailed testing feedback is always welcomed.
If you require guidance regarding testing, please ask the bug assignee.
Comment 9 Petr Beňas 2013-07-18 08:06:22 UTC 
Reproduced in 2.6.18-361.el5 and verified in 2.6.18-362.el5.
Comment 11 errata-xmlrpc 2013-10-01 00:19:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1348.html
Note You need to log in before you can comment on or make changes to this bug.