lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <171816094008.14261.10304380583720747013@noble.neil.brown.name>
Date: Wed, 12 Jun 2024 12:55:40 +1000
From: "NeilBrown" <neilb@...e.de>
To: "Al Viro" <viro@...iv.linux.org.uk>
Cc: "Christian Brauner" <brauner@...nel.org>, "Jan Kara" <jack@...e.cz>,
 "Amir Goldstein" <amir73il@...il.com>, "James Clark" <james.clark@....com>,
 ltp@...ts.linux.it, linux-nfs@...r.kernel.org,
 "LKML" <linux-kernel@...r.kernel.org>, linux-fsdevel@...r.kernel.org
Subject:
 Re: [PATCH] VFS: generate FS_CREATE before FS_OPEN when ->atomic_open used.

On Wed, 12 Jun 2024, Al Viro wrote:
> On Wed, Jun 12, 2024 at 12:05:11PM +1000, NeilBrown wrote:
> 
> > For finish_open() there are three cases:
> >  - finish_open is used in ->atomic_open handlers.  For these we add a
> >    call to fsnotify_open() in do_open() if FMODE_OPENED is set - which
> >    means do_dentry_open() has been called. This happens after fsnotify_create().
> 
> 	Hummm....  There's a bit of behaviour change; in case we fail in
> may_open(), we used to get fsnotify_open()+fsnotify_close() and with that
> patch we's get fsnotify_close() alone.

True.  Presumably we could fix that by doing
diff --git a/fs/namei.c b/fs/namei.c
index 37fb0a8aa09a..6fd04c9046fa 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3645,6 +3645,8 @@ static int do_open(struct nameidata *nd,
 			return error;
 		do_truncate = true;
 	}
+	if (file->f_mode & FMODE_OPENED)
+		fsnotify_open(file);
 	error = may_open(idmap, &nd->path, acc_mode, open_flag);
 	if (!error && !(file->f_mode & FMODE_OPENED))
 		error = vfs_open(&nd->path, file);
@@ -3702,6 +3704,7 @@ int vfs_tmpfile(struct mnt_idmap *idmap,
 	dput(child);
 	if (error)
 		return error;
+	fsnotify_open(file);
 	/* Don't check for other permissions, the inode was just created */
 	error = may_open(idmap, &file->f_path, 0, file->f_flags);
 	if (error)

instead, but it seems a little weird sending an OPEN notification if
may_open() fails.

> 
> 	IF we don't care about that, we might as well take fsnotify_open()
> out of vfs_open() and, for do_open()/do_tmpfile()/do_o_path(), into
> path_openat() itself.  I mean, having
>         if (likely(!error)) {
>                 if (likely(file->f_mode & FMODE_OPENED)) {
> 			fsnotify_open(file);
>                         return file;
> 		}
> in there would be a lot easier to follow...  It would lose fsnotify_open()
> in a few more failure exits, but if we don't give a damn about having it
> paired with fsnotify_close()...
> 

Should we have fsnotify_open() set a new ->f_mode flag, and
fsnotify_close() abort if it isn't set (and clear it if it is)?
Then we would be guaranteed a balance - which does seem like a good
idea.

Thanks,
NeilBrown

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ