lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOQ4uxgffafdqTYYjy4tsXFMQxN5zeKfXcC3G93SGaEOnqpZMQ@mail.gmail.com> Date: Fri, 13 Aug 2021 20:25:34 +0300 From: Amir Goldstein <amir73il@...il.com> To: Jan Kara <jack@...e.cz> Cc: Gabriel Krisman Bertazi <krisman@...labora.com>, Jan Kara <jack@...e.com>, "Darrick J. Wong" <djwong@...nel.org>, Theodore Tso <tytso@....edu>, Dave Chinner <david@...morbit.com>, David Howells <dhowells@...hat.com>, Khazhismel Kumykov <khazhy@...gle.com>, linux-fsdevel <linux-fsdevel@...r.kernel.org>, Ext4 <linux-ext4@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, kernel@...labora.com Subject: Re: [PATCH v5 14/23] fanotify: Encode invalid file handler when no inode is provided On Fri, Aug 13, 2021 at 3:09 PM Jan Kara <jack@...e.cz> wrote: > > On Thu 12-08-21 18:17:10, Amir Goldstein wrote: > > On Thu, Aug 12, 2021 at 5:20 PM Jan Kara <jack@...e.cz> wrote: > > > > > > On Wed 11-08-21 17:12:05, Gabriel Krisman Bertazi wrote: > > > > Jan Kara <jack@...e.cz> writes: > > > > >> @@ -376,14 +371,24 @@ static int fanotify_encode_fh(struct fanotify_fh *fh, struct inode *inode, > > > > >> fh->flags |= FANOTIFY_FH_FLAG_EXT_BUF; > > > > >> } > > > > >> > > > > >> - dwords = fh_len >> 2; > > > > >> - type = exportfs_encode_inode_fh(inode, buf, &dwords, NULL); > > > > >> - err = -EINVAL; > > > > >> - if (!type || type == FILEID_INVALID || fh_len != dwords << 2) > > > > >> - goto out_err; > > > > >> - > > > > >> - fh->type = type; > > > > >> - fh->len = fh_len; > > > > >> + if (inode) { > > > > >> + dwords = fh_len >> 2; > > > > >> + type = exportfs_encode_inode_fh(inode, buf, &dwords, NULL); > > > > >> + err = -EINVAL; > > > > >> + if (!type || type == FILEID_INVALID || fh_len != dwords << 2) > > > > >> + goto out_err; > > > > >> + fh->type = type; > > > > >> + fh->len = fh_len; > > > > >> + } else { > > > > >> + /* > > > > >> + * Invalid FHs are used on FAN_FS_ERROR for errors not > > > > >> + * linked to any inode. Caller needs to guarantee the fh > > > > >> + * has at least FANOTIFY_NULL_FH_LEN bytes of space. > > > > >> + */ > > > > >> + fh->type = FILEID_INVALID; > > > > >> + fh->len = FANOTIFY_NULL_FH_LEN; > > > > >> + memset(buf, 0, FANOTIFY_NULL_FH_LEN); > > > > >> + } > > > > > > > > > > Maybe it will become clearer later during the series but why do you set > > > > > fh->len to FANOTIFY_NULL_FH_LEN and not 0? > > > > > > > > Jan, > > > > > > > > That is how we encode a NULL file handle (i.e. superblock error). Amir > > > > suggested it would be an invalid FILEID_INVALID, with a zeroed handle of > > > > size 8. I will improve the comment on the next iteration. > > > > > > Thanks for info. Then I have a question for Amir I guess :) Amir, what's > > > the advantage of zeroed handle of size 8 instead of just 0 length file > > > handle? > > > > With current code, zero fh->len means we are not reporting an FID info > > record (e.g. due to encode error), see copy_info_records_to_user(). > > > > This is because fh->len plays a dual role for indicating the length of the > > file handle and the existence of FID info. > > I see, thanks for info. > > > I figured that keeping a positive length for the special NULL_FH is an > > easy way to workaround this ambiguity and keep the code simpler. > > We don't really need to pay any cost for keeping the 8 bytes zero buffer. > > There are two separate questions: > 1) How do we internally propagate the information that we don't have > file_handle to report but we do want fsid reported. > 2) What do we report to userspace in file_handle. > > For 2) I think we should report fsid + FILEID_INVALID, 0-length filehandle. > Currently the non-zero lenght FILEID_INVALID filehandle was propagating to > userspace and IMO that's confusing. Agree. That was implemented in v6. > For 1), whatever is the simplest to > propagate the information "we want only fsid reported" internally is fine > by me. > Ok. I think it would be fair (based on v6 patches) to call the fh->len = 4 option "simple". But following my "simple" suggestion as is, v6 has a side effect of adding 4 bytes of zero padding after the event fid info record. Can you please confirm that this side effect is fine by you as well. It wouldn't be too hard to special case FILEID_INVALID and also truncate those 4 bytes of zero padding, but I really don't think it is worth the effort. Thanks, Amir.
Powered by blists - more mailing lists