On 2018/4/13 9:04, Jaegeuk Kim wrote:
> On 04/10, Chao Yu wrote:
>> Hi Jaegeuk,
>> On 2018/4/8 16:13, Chao Yu wrote:
>>> f2fs doesn't allow abuse on atomic write class interface, so except
>>> limiting in-mem pages' total memory usage capacity, we need to limit
>>> start-commit time as well, otherwise we may run into infinite loop
>>> during foreground GC because target blocks in victim segment are
>>> belong to atomic opened file for long time.
>>> Now, we will check the condition with f2fs_balance_fs_bg in
>>> background threads, once if user doesn't commit data exceeding 30
>>> seconds, we will drop all cached data, so I expect it can keep our
>>> system running safely to prevent Dos attack.
>> Is it worth to add this patch to avoid abuse on atomic write interface by
> Hmm, hope to see a real problem first in this case.
I think this can be a more critical security leak instead of a potential issue
which we can wait for someone reporting that can be too late.
For example, user can simply write a huge file whose data spread in all f2fs
segments, once user open that file as atomic, foreground GC will suffer
deadloop, causing denying any further service of f2fs.