| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7mxksfnkamzqromejfknfsat6cah4taggprj3wxdoputvvwc7f@qnjsm36bsrex> Date: Fri, 7 Feb 2025 01:13:01 -0500 From: Kent Overstreet <kent.overstreet@...ux.dev> To: NeilBrown <neilb@...e.de> Cc: Christian Brauner <brauner@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Jan Kara <jack@...e.cz>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, Danilo Krummrich <dakr@...nel.org>, Trond Myklebust <trondmy@...nel.org>, Anna Schumaker <anna@...nel.org>, Namjae Jeon <linkinjeon@...nel.org>, Steve French <sfrench@...ba.org>, Sergey Senozhatsky <senozhatsky@...omium.org>, Tom Talpey <tom@...pey.com>, Paul Moore <paul@...l-moore.com>, Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org, linux-bcachefs@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org, audit@...r.kernel.org Subject: Re: [PATCH 1/2] VFS: change kern_path_locked() and user_path_locked_at() to never return negative dentry On Fri, Feb 07, 2025 at 03:53:52PM +1100, NeilBrown wrote: > On Fri, 07 Feb 2025, Kent Overstreet wrote: > > On Fri, Feb 07, 2025 at 02:36:47PM +1100, NeilBrown wrote: > > > No callers of kern_path_locked() or user_path_locked_at() want a > > > negative dentry. So change them to return -ENOENT instead. This > > > simplifies callers. > > > > > > This results in a subtle change to bcachefs in that an ioctl will now > > > return -ENOENT in preference to -EXDEV. I believe this restores the > > > behaviour to what it was prior to > > > > I'm not following how the code change matches the commit message? > > Maybe it doesn't. Let me checked. > > Two of the possible error returns from bch2_ioctl_subvolume_destroy(), > which implements the BCH_IOCTL_SUBVOLUME_DESTROY ioctl, are -ENOENT and > -EXDEV. > > -ENOENT is returned if the path named in arg.dst_ptr cannot be found. > -EXDEV is returned if the filesystem on which that path exists is not > the one that the ioctl is called on. > > If the target filesystem is "/foo" and the path given is "/bar/baz" and > /bar exists but /bar/baz does not, then user_path_locked_at or > user_path_at will return a negative dentry corresponding to the > (non-existent) name "baz" in /bar. > > In this case the dentry exists so the filesystem on which it was found > can be tested, but the dentry is negative. So both -ENOENT and -EXDEV > are credible return values. > > > - before bbe6a7c899e7 the -EXDEV is tested immediately after the call > to user_path_att() so there is no chance that ENOENT will be returned. > I cannot actually find where ENOENT could be returned ... but that > doesn't really matter now. > > - after that patch .... again the -EXDEV test comes first. That isn't > what I remember. I must have misread it. > > - after my patch user_path_locked_at() will return -ENOENT if the whole > name cannot be found. So now you get -ENOENT instead of -EXDEV. > > So with my patch, ENOENT always wins, and it was never like that before. > Thanks for challenging me! How do you always manage to be unfailingly polite? :) > > Do you think there could be a problem with changing the error returned > in this circumstance? i.e. if you try to destroy a subvolume with a > non-existant name on a different filesystem could getting -ENOENT > instead of -EXDEV be noticed? -EXDEV is the standard error code for "we're crossing a filesystem boundary and we can't or aren't supposed to be", so no, let's not change that.
Powered by blists - more mailing lists