| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <173890403265.22054.8267826472424760232@noble.neil.brown.name> Date: Fri, 07 Feb 2025 15:53:52 +1100 From: "NeilBrown" <neilb@...e.de> To: "Kent Overstreet" <kent.overstreet@...ux.dev> Cc: "Christian Brauner" <brauner@...nel.org>, "Alexander Viro" <viro@...iv.linux.org.uk>, "Jan Kara" <jack@...e.cz>, "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, "Danilo Krummrich" <dakr@...nel.org>, "Trond Myklebust" <trondmy@...nel.org>, "Anna Schumaker" <anna@...nel.org>, "Namjae Jeon" <linkinjeon@...nel.org>, "Steve French" <sfrench@...ba.org>, "Sergey Senozhatsky" <senozhatsky@...omium.org>, "Tom Talpey" <tom@...pey.com>, "Paul Moore" <paul@...l-moore.com>, "Eric Paris" <eparis@...hat.com>, linux-kernel@...r.kernel.org, linux-bcachefs@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org, audit@...r.kernel.org Subject: Re: [PATCH 1/2] VFS: change kern_path_locked() and user_path_locked_at() to never return negative dentry On Fri, 07 Feb 2025, Kent Overstreet wrote: > On Fri, Feb 07, 2025 at 02:36:47PM +1100, NeilBrown wrote: > > No callers of kern_path_locked() or user_path_locked_at() want a > > negative dentry. So change them to return -ENOENT instead. This > > simplifies callers. > > > > This results in a subtle change to bcachefs in that an ioctl will now > > return -ENOENT in preference to -EXDEV. I believe this restores the > > behaviour to what it was prior to > > I'm not following how the code change matches the commit message? Maybe it doesn't. Let me checked. Two of the possible error returns from bch2_ioctl_subvolume_destroy(), which implements the BCH_IOCTL_SUBVOLUME_DESTROY ioctl, are -ENOENT and -EXDEV. -ENOENT is returned if the path named in arg.dst_ptr cannot be found. -EXDEV is returned if the filesystem on which that path exists is not the one that the ioctl is called on. If the target filesystem is "/foo" and the path given is "/bar/baz" and /bar exists but /bar/baz does not, then user_path_locked_at or user_path_at will return a negative dentry corresponding to the (non-existent) name "baz" in /bar. In this case the dentry exists so the filesystem on which it was found can be tested, but the dentry is negative. So both -ENOENT and -EXDEV are credible return values. - before bbe6a7c899e7 the -EXDEV is tested immediately after the call to user_path_att() so there is no chance that ENOENT will be returned. I cannot actually find where ENOENT could be returned ... but that doesn't really matter now. - after that patch .... again the -EXDEV test comes first. That isn't what I remember. I must have misread it. - after my patch user_path_locked_at() will return -ENOENT if the whole name cannot be found. So now you get -ENOENT instead of -EXDEV. So with my patch, ENOENT always wins, and it was never like that before. Thanks for challenging me! Do you think there could be a problem with changing the error returned in this circumstance? i.e. if you try to destroy a subvolume with a non-existant name on a different filesystem could getting -ENOENT instead of -EXDEV be noticed? Thanks, NeilBrown
Powered by blists - more mailing lists