| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191012041541.milbmfbjpj5bcl5a@yavin.dot.cyphar.com>
Date: Sat, 12 Oct 2019 15:15:41 +1100
From: Aleksa Sarai <cyphar@...har.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Al Viro <viro@...iv.linux.org.uk>,
Jeff Layton <jlayton@...nel.org>,
"J. Bruce Fields" <bfields@...ldses.org>,
Arnd Bergmann <arnd@...db.de>,
David Howells <dhowells@...hat.com>,
Shuah Khan <shuah@...nel.org>,
Shuah Khan <skhan@...uxfoundation.org>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Eric Biederman <ebiederm@...ssion.com>,
Andy Lutomirski <luto@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexei Starovoitov <ast@...nel.org>,
Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>, Tycho Andersen <tycho@...ho.ws>,
David Drysdale <drysdale@...gle.com>,
Chanho Min <chanho.min@....com>,
Oleg Nesterov <oleg@...hat.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Christian Brauner <christian@...uner.io>,
Aleksa Sarai <asarai@...e.de>,
Linux Containers <containers@...ts.linux-foundation.org>,
alpha <linux-alpha@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
GNU C Library <libc-alpha@...rceware.org>,
linux-arch <linux-arch@...r.kernel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
linux-ia64@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
linux-m68k <linux-m68k@...ts.linux-m68k.org>,
linux-mips@...r.kernel.org, linux-parisc@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org,
linux-s390 <linux-s390@...r.kernel.org>,
Linux-sh list <linux-sh@...r.kernel.org>,
linux-xtensa@...ux-xtensa.org, sparclinux@...r.kernel.org
Subject: Re: [PATCH v14 2/6] namei: LOOKUP_IN_ROOT: chroot-like path
resolution
On 2019-10-12, Aleksa Sarai <cyphar@...har.com> wrote:
> On 2019-10-10, Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> > On Wed, Oct 9, 2019 at 10:42 PM Aleksa Sarai <cyphar@...har.com> wrote:
> > >
> > > --- a/fs/namei.c
> > > +++ b/fs/namei.c
> > > @@ -2277,6 +2277,11 @@ static const char *path_init(struct nameidata *nd, unsigned flags)
> > >
> > > nd->m_seq = read_seqbegin(&mount_lock);
> > >
> > > + /* LOOKUP_IN_ROOT treats absolute paths as being relative-to-dirfd. */
> > > + if (flags & LOOKUP_IN_ROOT)
> > > + while (*s == '/')
> > > + s++;
> > > +
> > > /* Figure out the starting path and root (if needed). */
> > > if (*s == '/') {
> > > error = nd_jump_root(nd);
> >
> > Hmm. Wouldn't this make more sense all inside the if (*s =- '/') test?
> > That way if would be where we check for "should we start at the root",
> > which seems to make more sense conceptually.
>
> I don't really agree (though I do think that both options are pretty
> ugly). Doing it before the block makes it clear that absolute paths are
> just treated relative-to-dirfd -- doing it inside the block makes it
> look more like "/" is a special-case for nd_jump_root(). And while that
Sorry, I meant "special-case for LOOKUP_IN_ROOT".
> is somewhat true, this is just a side-effect of making the code more
> clean -- my earlier versions reworked the dirfd handling to always grab
> nd->root first if LOOKUP_IS_SCOPED. I switched to this method based on
> Al's review.
>
> In fairness, I do agree that the lonely while loop looks ugly.
And with the old way I did it (where we grabbed nd->root first) the
semantics were slightly more clear -- stripping leading "/"s doesn't
really look as "clearly obvious" as grabbing nd->root beforehand and
treating "/"s normally. But the code was also needlessly more complex.
> > That test for '/' currently has a "} else if (..)", but that's
> > pointless since it ends with a "return" anyway. So the "else" logic is
> > just noise.
>
> This depends on the fact that LOOKUP_BENEATH always triggers -EXDEV for
> nd_jump_root() -- if we ever add another "scoped lookup" flag then the
> logic will have to be further reworked.
>
> (It should be noted that the new version doesn't always end with a
> "return", but you could change it to act that way given the above
> assumption.)
>
> > And if you get rid of the unnecessary else, moving the LOOKUP_IN_ROOT
> > inside the if-statement works fine.
> >
> > So this could be something like
> >
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -2194,11 +2196,19 @@ static const char *path_init(struct
> > nameidata *nd, unsigned flags)
> >
> > nd->m_seq = read_seqbegin(&mount_lock);
> > if (*s == '/') {
> > - set_root(nd);
> > - if (likely(!nd_jump_root(nd)))
> > - return s;
> > - return ERR_PTR(-ECHILD);
> > - } else if (nd->dfd == AT_FDCWD) {
> > + /* LOOKUP_IN_ROOT treats absolute paths as being
> > relative-to-dirfd. */
> > + if (!(flags & LOOKUP_IN_ROOT)) {
> > + set_root(nd);
> > + if (likely(!nd_jump_root(nd)))
> > + return s;
> > + return ERR_PTR(-ECHILD);
> > + }
> > +
> > + /* Skip initial '/' for LOOKUP_IN_ROOT */
> > + do { s++; } while (*s == '/');
> > + }
> > +
> > + if (nd->dfd == AT_FDCWD) {
> > if (flags & LOOKUP_RCU) {
> > struct fs_struct *fs = current->fs;
> > unsigned seq;
> >
> > instead. The patch ends up slightly bigger (due to the re-indentation)
> > but now it handles all the "start at root" in the same place. Doesn't
> > that make sense?
>
> It is correct (though I'd need to clean it up a bit to handle
> nd_jump_root() correctly), and if you really would like me to change it
> I will -- but I just don't agree that it's cleaner.
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists