lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2017 15:27:49 -0500 From: Vivek Goyal <vgoyal@...hat.com> To: Al Viro <viro@...IV.linux.org.uk> Cc: James Bottomley <James.Bottomley@...senPartnership.com>, Djalal Harouni <tixxdz@...il.com>, Chris Mason <clm@...com>, Theodore Tso <tytso@....edu>, Josh Triplett <josh@...htriplett.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Andy Lutomirski <luto@...nel.org>, Seth Forshee <seth.forshee@...onical.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Dongsu Park <dongsu@...ocode.com>, David Herrmann <dh.herrmann@...glemail.com>, Miklos Szeredi <mszeredi@...hat.com>, Alban Crequy <alban.crequy@...il.com>, "Serge E. Hallyn" <serge@...lyn.com>, Phil Estes <estesp@...il.com> Subject: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount On Fri, Feb 17, 2017 at 05:51:18PM +0000, Al Viro wrote: > On Fri, Feb 17, 2017 at 09:24:40AM -0800, James Bottomley wrote: > > > > What happens when somebody comes along and creates the damn thing on > > > the underlying fs? _Not_ via your code, that is - using the > > > underlying fs mounted elsewhere. > > > > Point taken. This, I think fixes the dcache revalidation issue. > > No, it doesn't. Consider a local filesystem. Those do not have any > ->d_revalidate() - the kernel bloody well knows what happens to > directories. If e.g. a previously absent file gets created, it's > been done by the kernel itself and dentry has been made positive; if > a previously existing file has been removed, dentry has either become > negative or, if it had been pinned (e.g. file was opened at the time, > or your code had been holding a reference to it, etc.) it will be unhashed > so that new lookups won't find it, etc. No need to revalidate anything. > > Now, consider your code. You've done a lookup in the underlying fs. > It has, at the time, come negative, so you have your (negative) dentry > pointing to that on the underlying fs. If somebody comes and does > e.g. mkdir() via your fs, it will call vfs_mkdir() on the underlying > sucker, hopefully turning it positive and associate a new in-core inode > with your previously negative dentry. But what happens if mkdir is done > via underlying fs, or via another instance of yours over the same tree? > Underlying dentry goes positive; yours is still negative. The underlying > fs either doesn't have ->d_revalidate() or, if there is one it says that > the underlying dentry is valid, thank you very much, no need to invalidate > anything. > > In other words, your patch does nothing for object getting created. I thought assumption here is that underlying subtree is not changed outside of shiftfs. IIUC, overlayfs has the same assumption. Two shiftfs instances writing to same dir will be a problem though. Vivek
Powered by blists - more mailing lists