lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 05 Apr 2012 16:44:47 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	hch@...radead.org
Subject: Re: [PATCH 5/6] vfs: reorganize do_lookup

Al Viro <viro@...IV.linux.org.uk> writes:

> On Tue, Apr 03, 2012 at 10:13:18AM +0200, Miklos Szeredi wrote:
>
>> The do_last() reorganization in the atomic-open series needs to be split
>> up, I realize.  Do you have any other high level comments about that
>> series?
>
> Yes.
> 	a) Please, pull removal of open-from-d_revalidate() as far in front
> of the queue as possible, *along* *with* -EOPENSTALE stuff.  Without the
> latter the former is simply broken - we might have hit -ESTALE before and
> LOOKUP_REVAL might have already been set, so just failing ->open() with
> ESTALE may end up not repeating it.
> 	TBH, had that thing been in front of the queue, I would've put
> it into the last pull request; that particular idiocy (NFS4 doing open
> from all methods involved, except for ->open()) had been a serious source
> of annoyance for a long time.  It really needs killing...

Will post updated series in a minute.

>
> 	b) opendata is simply bogus.  You need to pass caller-allocated
> struct file in any case, right?  So why not use it to pass what you
> need to pass?  We want to be able to tell "it's a symlink, here's the
> vfsmount/dentry, now sod off and handle it yourself"?

My concern is about the visibility of a half cooked file pointer to the
filesystem.  The compiler won't notice anything wrong with the
following, neither will casual testing, but it will go boom at
inopportune times:

foo_atomic_open(..., struct file *filp, ...)
{
	/* ... */

        if (unlikely error)
		goto cleanup;

	filp = finish_open(filp, dentry, NULL);

	/* ... */

	if (some other error)
		goto cleanup;

	return filp;

cleanup:
	fput(filp);
        return ERR_PTR(error);
}


Thanks,
Miklos

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ