| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Mar 2024 02:35:15 +0000 From: Al Viro <viro@...iv.linux.org.uk> To: Jeff Layton <jlayton@...nel.org> Cc: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>, Christian Brauner <brauner@...nel.org>, ntfs3@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH RFC] ntfs3: remove atomic_open On Mon, Mar 18, 2024 at 02:28:50PM -0400, Jeff Layton wrote: > atomic_open is an optional VFS operation, and is primarily for network > filesystems. NFS (for instance) can just send an open call for the last > path component rather than doing a lookup and then having to follow that > up with an open when it doesn't have a dentry in cache. > > ntfs3 is a local filesystem however, and its atomic_open just does a > typical lookup + open, but in a convoluted way. atomic_open will also > make directory leases more difficult to implement on the filesystem. FWIW, I'm not sure they are actually doing it correctly, but in any case - there's no reason whatsoever for implementing that sucker on a local filesystem. Kill it. > - inode = ntfs_create_inode(file_mnt_idmap(file), dir, dentry, uni, > - mode, 0, NULL, 0, fnd); > - err = IS_ERR(inode) ? PTR_ERR(inode) : > - finish_open(file, dentry, ntfs_file_open); .. incidentally, this ntfs_create_inode() thing should not have the calling conventions it has. It does create inode, all right - and attaches it to dentry. Then it proceeds to return the pointer to that new inode, with dentry->d_inode being the only thing that keeps it alive. That would be defendable (we are holding a reference to dentry and nobody else could turn it negative under us), but... look at the callers. 4 out of 5 are of the same form: inode = ntfs_create_inode(....); return IS_ERR(inode) ? PTR_ERR(inode) : 0; The fifth one is the crap above and there we *also* never look at the return value downstream of that IS_ERR(inode) ? PTR_ERR(inode) : ...; Which is to say, all callers of that thing don't give a damn about the pointer per se - they only want to know if it's ERR_PTR(-E...) or not and if it is, what error had been wrapped into that ERR_PTR(). Simply make it return 0 or -E... - if some future caller really wants a reference to struct inode that had been created, they can bloody well pick it from dentry->d_inode. In any case, this caller should simply die - ->atomic_open() instance does not buy *anything* here. Acked-by: Al Viro <viro@...iv.linux.org.uk>
Powered by blists - more mailing lists