lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240322023515.GK538574@ZenIV>
Date: Fri, 22 Mar 2024 02:35:15 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Jeff Layton <jlayton@...nel.org>
Cc: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>,
	Christian Brauner <brauner@...nel.org>, ntfs3@...ts.linux.dev,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH RFC] ntfs3: remove atomic_open

On Mon, Mar 18, 2024 at 02:28:50PM -0400, Jeff Layton wrote:
> atomic_open is an optional VFS operation, and is primarily for network
> filesystems. NFS (for instance) can just send an open call for the last
> path component rather than doing a lookup and then having to follow that
> up with an open when it doesn't have a dentry in cache.
> 
> ntfs3 is a local filesystem however, and its atomic_open just does a
> typical lookup + open, but in a convoluted way. atomic_open will also
> make directory leases more difficult to implement on the filesystem.

FWIW, I'm not sure they are actually doing it correctly, but in any
case - there's no reason whatsoever for implementing that sucker on
a local filesystem.  Kill it.

> -	inode = ntfs_create_inode(file_mnt_idmap(file), dir, dentry, uni,
> -				  mode, 0, NULL, 0, fnd);
> -	err = IS_ERR(inode) ? PTR_ERR(inode) :
> -			      finish_open(file, dentry, ntfs_file_open);

.. incidentally, this ntfs_create_inode() thing should not have the
calling conventions it has.

It does create inode, all right - and attaches it to dentry.  Then it
proceeds to return the pointer to that new inode, with dentry->d_inode
being the only thing that keeps it alive.  That would be defendable
(we are holding a reference to dentry and nobody else could turn
it negative under us), but... look at the callers.

4 out of 5 are of the same form:
	inode = ntfs_create_inode(....);
	return IS_ERR(inode) ? PTR_ERR(inode) : 0;

The fifth one is the crap above and there we *also* never look at the
return value downstream of that IS_ERR(inode) ? PTR_ERR(inode) : ...;

Which is to say, all callers of that thing don't give a damn about
the pointer per se - they only want to know if it's ERR_PTR(-E...)
or not and if it is, what error had been wrapped into that ERR_PTR().

Simply make it return 0 or -E... - if some future caller really
wants a reference to struct inode that had been created, they can
bloody well pick it from dentry->d_inode.

In any case, this caller should simply die - ->atomic_open() instance
does not buy *anything* here.

Acked-by: Al Viro <viro@...iv.linux.org.uk>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ