lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1207178398.20254.19.camel@heimdal.trondhjem.org>
Date:	Wed, 02 Apr 2008 19:19:58 -0400
From:	Trond Myklebust <trond.myklebust@....uio.no>
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	Miklos Szeredi <miklos@...redi.hu>, akpm@...ux-foundation.org,
	dave@...ux.vnet.ibm.com, ezk@...sunysb.edu,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [patch 01/10] vfs: add path_create() and path_mknod()


On Wed, 2008-04-02 at 23:36 +0100, Al Viro wrote:
> On Wed, Apr 02, 2008 at 06:21:30PM -0400, Trond Myklebust wrote:
> > On Wed, 2008-04-02 at 22:48 +0100, Al Viro wrote:
> > > I disagree.  First of all, clear separation between operations on
> > > _filesystem_, which should all be namespace-agnostic and things
> > > that depend on vfsmount is a Good Thing(tm).  Think of that as
> > > of separation between server (superblock and everything related
> > > to it, starting with dentry tree) and clients; mixing those is a
> > > bloody bad idea.
> > 
> > Speaking of which: is there any reason why we can't get rid of the
> > vfsmount reference in struct file?
> > 
> > Most file operations, don't involve namespace traversal at all: aside
> > from fchdir(), and the *at() functions (all of which take file
> > descriptors, not pointers to struct file) the only function of that
> > vfsmount reference appears to be to prevent the superblock from going
> > away.
> 
> Huh?  Are you proposing to move that to descriptor table, of all things?
> Not to mention SCM_RIGHTS datagrams and hell knows what else...

I'm just suggesting splitting out the namespace-specific part of struct
file into a separate structure that would be private to the VFS.
Something like

struct file_descriptor {
	struct file *file;
	struct vfsmount *mnt;
	atomic_t refcount;
};

and then having the 'struct file' hold a reference to the superblock
instead of holding a reference to the vfsmount.

Why would that be problematic for SCM_RIGHTS? We don't allow people to
send arbitrary references to 'struct file' using SCM_RIGHTS now; they
have to send descriptors.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ