lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2017 17:51:18 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: James Bottomley <James.Bottomley@...senPartnership.com> Cc: Djalal Harouni <tixxdz@...il.com>, Chris Mason <clm@...com>, Theodore Tso <tytso@....edu>, Josh Triplett <josh@...htriplett.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Andy Lutomirski <luto@...nel.org>, Seth Forshee <seth.forshee@...onical.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Dongsu Park <dongsu@...ocode.com>, David Herrmann <dh.herrmann@...glemail.com>, Miklos Szeredi <mszeredi@...hat.com>, Alban Crequy <alban.crequy@...il.com>, "Serge E. Hallyn" <serge@...lyn.com>, Phil Estes <estesp@...il.com> Subject: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount On Fri, Feb 17, 2017 at 09:24:40AM -0800, James Bottomley wrote: > > What happens when somebody comes along and creates the damn thing on > > the underlying fs? _Not_ via your code, that is - using the > > underlying fs mounted elsewhere. > > Point taken. This, I think fixes the dcache revalidation issue. No, it doesn't. Consider a local filesystem. Those do not have any ->d_revalidate() - the kernel bloody well knows what happens to directories. If e.g. a previously absent file gets created, it's been done by the kernel itself and dentry has been made positive; if a previously existing file has been removed, dentry has either become negative or, if it had been pinned (e.g. file was opened at the time, or your code had been holding a reference to it, etc.) it will be unhashed so that new lookups won't find it, etc. No need to revalidate anything. Now, consider your code. You've done a lookup in the underlying fs. It has, at the time, come negative, so you have your (negative) dentry pointing to that on the underlying fs. If somebody comes and does e.g. mkdir() via your fs, it will call vfs_mkdir() on the underlying sucker, hopefully turning it positive and associate a new in-core inode with your previously negative dentry. But what happens if mkdir is done via underlying fs, or via another instance of yours over the same tree? Underlying dentry goes positive; yours is still negative. The underlying fs either doesn't have ->d_revalidate() or, if there is one it says that the underlying dentry is valid, thank you very much, no need to invalidate anything. In other words, your patch does nothing for object getting created.
Powered by blists - more mailing lists