| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 May 2016 22:51:02 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: Djalal Harouni <tixxdz@...il.com>, Chris Mason <clm@...com>,
tytso@....edu, Serge Hallyn <serge.hallyn@...onical.com>,
Josh Triplett <josh@...htriplett.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Andy Lutomirski <luto@...nel.org>,
Seth Forshee <seth.forshee@...onical.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Dongsu Park <dongsu@...ocode.com>,
David Herrmann <dh.herrmann@...glemail.com>,
Miklos Szeredi <mszeredi@...hat.com>,
Alban Crequy <alban.crequy@...il.com>
Subject: Re: [PATCH 1/1] shiftfs: uid/gid shifting bind mount
On Wed, 2016-06-01 at 03:40 +0100, Al Viro wrote:
> On Tue, May 31, 2016 at 08:31:33PM -0400, James Bottomley wrote:
>
>
> > +static struct dentry *shiftfs_lookup(struct inode *dir, struct
> > dentry *dentry,
> > + unsigned int flags)
> > +{
> > + struct dentry *real = dir->i_private, *new;
> > + struct inode *reali = real->d_inode, *newi;
> > + const struct cred *oldcred, *newcred;
> > +
> > + /* note: violation of usual fs rules here: dentries are
> > never
> > + * added with d_add. This is because we want no dentry
> > cache
> > + * for shiftfs. All lookups proceed through the dentry
> > cache
> > + * of the underlying filesystem, meaning we always see any
> > + * changes in the underlying */
> > +
> > + inode_lock(reali);
> > + oldcred = shiftfs_new_creds(&newcred, dentry->d_sb);
> > + new = lookup_one_len(dentry->d_name.name, real, dentry
> > ->d_name.len);
> > + shiftfs_old_creds(oldcred, &newcred);
> > + inode_unlock(reali);
> > +
> > + if (IS_ERR(new))
> > + return new;
> > +
> > + dentry->d_fsdata = new;
> > +
> > + if (!new->d_inode)
> > + return NULL;
> > +
> > + newi = shiftfs_new_inode(dentry->d_sb, new->d_inode
> > ->i_mode, new);
> > + if (!newi) {
> > + dput(new);
> > + return ERR_PTR(-ENOMEM);
> > + }
> > +
> > + d_splice_alias(newi, dentry);
> > +
> > + return NULL;
>
> This is utter crap. First of all, d_splice_alias() *WILL* hash them,
> so you get all the coherency problems, in spades. Moreover, if you
> did manage to avoid hashing, you would get something absolutely
> unusable.
> * no mounting of anything on top of that thing
> * performance shot to hell
> and that's just for starters. I hadn't looked into the locking and
> semantics issues - those would really depends upon how you would
> achieve that "no dentry cache" thing; again, right now that's *not*
> what your code is doing.
Yes, sorry, after the new BUG_ON in the d_invalidate() code I didn't
have much choice but to run two sets of dentry hashes; I'm afraid I
just forgot to remove the comment (I did remove the blurb about the
single dentry cache from the changelog). I'll remove it (the comment)
in the next go around.
> PS: and then there's the choice of name. I mean, just try to say it
> over the phone several times in a row...
But I did that especially for you, Al ...
James
Powered by blists - more mailing lists