lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jul 2019 14:25:53 +0100 From: Al Viro <viro@...iv.linux.org.uk> To: Aleksa Sarai <cyphar@...har.com> Cc: Jeff Layton <jlayton@...nel.org>, "J. Bruce Fields" <bfields@...ldses.org>, Arnd Bergmann <arnd@...db.de>, David Howells <dhowells@...hat.com>, Shuah Khan <shuah@...nel.org>, Shuah Khan <skhan@...uxfoundation.org>, Christian Brauner <christian@...uner.io>, David Drysdale <drysdale@...gle.com>, Andy Lutomirski <luto@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Eric Biederman <ebiederm@...ssion.com>, Andrew Morton <akpm@...ux-foundation.org>, Alexei Starovoitov <ast@...nel.org>, Kees Cook <keescook@...omium.org>, Jann Horn <jannh@...gle.com>, Tycho Andersen <tycho@...ho.ws>, Chanho Min <chanho.min@....com>, Oleg Nesterov <oleg@...hat.com>, Aleksa Sarai <asarai@...e.de>, containers@...ts.linux-foundation.org, linux-alpha@...r.kernel.org, linux-api@...r.kernel.org, linux-arch@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-fsdevel@...r.kernel.org, linux-ia64@...r.kernel.org, linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org, linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org, linux-sh@...r.kernel.org, linux-xtensa@...ux-xtensa.org, sparclinux@...r.kernel.org Subject: Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags On Fri, Jul 12, 2019 at 01:55:52PM +0100, Al Viro wrote: > On Fri, Jul 12, 2019 at 01:39:24PM +0100, Al Viro wrote: > > On Fri, Jul 12, 2019 at 08:57:45PM +1000, Aleksa Sarai wrote: > > > > > > > @@ -2350,9 +2400,11 @@ static const char *path_init(struct nameidata *nd, unsigned flags) > > > > > s = ERR_PTR(error); > > > > > return s; > > > > > } > > > > > - error = dirfd_path_init(nd); > > > > > - if (unlikely(error)) > > > > > - return ERR_PTR(error); > > > > > + if (likely(!nd->path.mnt)) { > > > > > > > > Is that a weird way of saying "if we hadn't already called dirfd_path_init()"? > > > > > > Yes. I did it to be more consistent with the other "have we got the > > > root" checks elsewhere. Is there another way you'd prefer I do it? > > > > "Have we got the root" checks are inevitable evil; here you are making the > > control flow in a single function hard to follow. > > > > I *think* what you are doing is > > absolute pathname, no LOOKUP_BENEATH: > > set_root > > error = nd_jump_root(nd) > > else > > error = dirfd_path_init(nd) > > return unlikely(error) ? ERR_PTR(error) : s; > > which should be a lot easier to follow (not to mention shorter), but I might > > be missing something in all of that. > > PS: if that's what's going on, I would be tempted to turn the entire > path_init() part into this: > if (flags & LOOKUP_BENEATH) > while (*s == '/') > s++; > in the very beginning (plus the handling of nd_jump_root() prototype > change, but that belongs with nd_jump_root() change itself, obviously). > Again, I might be missing something here... Argh... I am, at that - you have setting path->root (and grabbing it) in LOOKUP_BENEATH cases and you do it after dirfd_path_init(). So how about if (flags & LOOKUP_BENEATH) while (*s == '/') s++; before the whole thing and if (*s == '/') { /* can happen only without LOOKUP_BENEATH */ set_root(nd); error = nd_jump_root(nd); if (unlikely(error)) return ERR_PTR(error); } else if (nd->dfd == AT_FDCWD) { if (flags & LOOKUP_RCU) { struct fs_struct *fs = current->fs; unsigned seq; do { seq = read_seqcount_begin(&fs->seq); nd->path = fs->pwd; nd->inode = nd->path.dentry->d_inode; nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); } while (read_seqcount_retry(&fs->seq, seq)); } else { get_fs_pwd(current->fs, &nd->path); nd->inode = nd->path.dentry->d_inode; } } else { /* Caller must check execute permissions on the starting path component */ struct fd f = fdget_raw(nd->dfd); struct dentry *dentry; if (!f.file) return ERR_PTR(-EBADF); dentry = f.file->f_path.dentry; if (*s && unlikely(!d_can_lookup(dentry))) { fdput(f); return ERR_PTR(-ENOTDIR); } nd->path = f.file->f_path; if (flags & LOOKUP_RCU) { nd->inode = nd->path.dentry->d_inode; nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); } else { path_get(&nd->path); nd->inode = nd->path.dentry->d_inode; } fdput(f); } if (flags & LOOKUP_BENEATH) { nd->root = nd->path; if (!(flags & LOOKUP_RCU)) path_get(&nd->root); else nd->root_seq = nd->seq; } return s; replacing the part in the end? Makes for much smaller change; it might very well still make sense to add dirfd_path_init() as a separate cleanup (perhaps with the *s == '/' case included), though.
Powered by blists - more mailing lists